From 0affc11d30f5977564d17d91631442b30b11955c Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Thu, 11 Jul 2024 13:44:52 -0500 Subject: [PATCH 01/20] Changes for system-probe on GKE Autopilot --- charts/datadog/templates/NOTES.txt | 18 ------------------ .../_container-host-release-volumemounts.yaml | 3 --- .../templates/_container-system-probe.yaml | 4 +++- charts/datadog/templates/_helpers.tpl | 4 +--- charts/datadog/templates/daemonset.yaml | 3 +++ 5 files changed, 7 insertions(+), 25 deletions(-) diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index e3575c2cf..e4391ac7a 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -281,14 +281,6 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes * The serviceAccountName must be "datadog-agent". * All ConfigMap names mounted must be hardcode. -{{- if eq (include "system-probe-feature" .) "true" }} - -##################################################################### -#### WARNING: System Probe is not supported on GKE Autopilot #### -##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} - -{{- end }} {{- if and .Values.providers.gke.cos .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} ################################################################################# @@ -346,16 +338,6 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} -{{- if .Values.datadog.networkMonitoring.enabled }} - -####################################################################################### -#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### -####################################################################################### - -{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} - -{{- end }} - {{- end }} {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..1ac65d0a1 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,8 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} {{- if eq (include "should-enable-system-probe" .) "true" }} -- name: os-release-file - mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} - readOnly: true {{- else if not .Values.providers.gke.autopilot}} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index c891a30d1..8725e99fa 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.systemProbe.securityContext "targetSystem" .Values.targetSystem "seccomp" .Values.datadog.systemProbe.seccomp "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} - command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] + command: ["system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] {{- if .Values.agents.containers.systemProbe.ports }} ports: {{ toYaml .Values.agents.containers.systemProbe.ports | indent 2 }} @@ -30,9 +30,11 @@ resources: {{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} volumeMounts: + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 78d6298f9..67446284e 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -317,7 +317,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -913,5 +913,3 @@ Create RBACs for custom resources false {{- end -}} {{- end -}} - - diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 15c75d96b..d0ff0f75d 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -62,6 +62,9 @@ spec: {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} + {{- if .Values.providers.gke.autopilot }} + autopilot.gke.io/no-connect: "false" + {{- end }} {{- if .Values.agents.podAnnotations }} {{ tpl (toYaml .Values.agents.podAnnotations) . | indent 8 }} {{- end }} From 64f9b2f6cc9ee39bd2ed5b40b16c7dfc5b9615aa Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Tue, 16 Jul 2024 13:37:36 -0400 Subject: [PATCH 02/20] Fix os-release mounts --- .../templates/_container-host-release-volumemounts.yaml | 3 +++ charts/datadog/templates/_daemonset-volumes-linux.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 1ac65d0a1..7e3ad1ac4 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,5 +1,8 @@ {{- define "linux-container-host-release-volumemounts" -}} {{- if eq (include "should-enable-system-probe" .) "true" }} +- name: os-release-file + mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} + readOnly: true {{- else if not .Values.providers.gke.autopilot}} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 92b48ad2b..fb770f3e6 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -9,7 +9,7 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- if (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file From 83c3f9e9031ce8b59a6714c5bb993f54238e4095 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Tue, 16 Jul 2024 15:35:25 -0400 Subject: [PATCH 03/20] Update version and changelog --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 4f9e16d6d..72f92a5de 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.69.0 + +* Enable `system-probe` container on GKE Autopilot + ## 3.68.0 * Set default `Agent` and `Cluster-Agent` version to `7.55.1`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 86d99a5c3..7971a81fc 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.68.0 +version: 3.69.0 appVersion: "7" description: Datadog Agent keywords: From 9e2d995d096fdd4bf108ca6a8bc2de2e9f3f805a Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Wed, 17 Jul 2024 13:20:52 -0400 Subject: [PATCH 04/20] Update README --- charts/datadog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0bd9916de..fd37e184e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.68.0](https://img.shields.io/badge/Version-3.68.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.69.0](https://img.shields.io/badge/Version-3.69.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). From 2bbe0fb1ce863d3bfa3f8283922f1ad210e73923 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Wed, 4 Sep 2024 10:42:27 -0500 Subject: [PATCH 05/20] Bump chart to 3.71 --- charts/datadog/CHANGELOG.md | 2 +- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 79b9acd77..24bd7388f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,6 +1,6 @@ # Datadog changelog -## 3.70.8 +## 3.71.0 * Enable `system-probe` container on GKE Autopilot diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 38f7a9c44..ffcab874d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.8 +version: 3.71.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index f4f503c58..ead53c400 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.8](https://img.shields.io/badge/Version-3.70.8-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.0](https://img.shields.io/badge/Version-3.71.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). From b746a4e0d5bd8f851a1163f20ea198ede4d969fb Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 30 Jan 2025 11:44:30 -0500 Subject: [PATCH 06/20] Minor fixes for WorkloadAllowlist (#1677) * fix helpers and unallowed annotations * fixes * fixes * update baselines --- charts/datadog/CHANGELOG.md | 1652 ++++++++--------- charts/datadog/Chart.yaml | 14 +- charts/datadog/templates/NOTES.txt | 10 + .../_container-host-release-volumemounts.yaml | 6 +- charts/datadog/templates/_helpers.tpl | 10 +- charts/datadog/templates/daemonset.yaml | 6 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 6 +- .../baseline/gdc_daemonset_default.yaml | 9 +- .../gdc_daemonset_logs_collection.yaml | 9 +- test/datadog/baseline/other_default.yaml | 88 +- 14 files changed, 932 insertions(+), 914 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index a7ff47685..db39f8d55 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -14,198 +14,198 @@ ## 3.88.2 -* Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. +- Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. ## 3.88.1 -* Disable SBOM monitoring features for GKE Autopilot, as they are not supported +- Disable SBOM monitoring features for GKE Autopilot, as they are not supported ## 3.88.0 -* Set default `Agent` and `Cluster-Agent` version to `7.61.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.61.0`. ## 3.87.2 -* Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. +- Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. ## 3.87.1 -* Add the ability to set the image tag to use for the APM Injector. +- Add the ability to set the image tag to use for the APM Injector. ## 3.87.0 -* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. +- Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. ## 3.86.0 -* Add `delete` permission for `datadog-webhook` Admission Registration RBACs. +- Add `delete` permission for `datadog-webhook` Admission Registration RBACs. ## 3.85.0 -* Add `datadog.discovery.enabled` configuration to control service-discovery. +- Add `datadog.discovery.enabled` configuration to control service-discovery. ## 3.84.4 -* Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. +- Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. ## 3.84.3 -* Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. +- Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. ## 3.84.2 -* Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. -* Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. +- Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. +- Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. ## 3.84.1 -* Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet +- Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet ## 3.84.0 -* Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. +- Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. ## 3.83.1 -* Add /sys/fs/bpf to system-probe volume mounts +- Add /sys/fs/bpf to system-probe volume mounts ## 3.83.0 -* Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). -* Added the configuration value `datadog.disableDefaultOsReleasePaths` to disable mounting the default "os-release" file paths from the host filesystem (e.g., `/etc/redhat-release`, `/etc/fedora-release`, etc.). Note that this change does not affect the `datadog.osReleasePath` option. To avoid mounting the `/etc/os-release` host path, set the `datadog.osReleasePath` configuration value to an empty string. This option should be used when the underlying OS does not have these files (e.g., Talos OS). -* Add `providers.talos.enabled` to simplify agent deployment configuration on Talos OS. +- Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +- Added the configuration value `datadog.disableDefaultOsReleasePaths` to disable mounting the default "os-release" file paths from the host filesystem (e.g., `/etc/redhat-release`, `/etc/fedora-release`, etc.). Note that this change does not affect the `datadog.osReleasePath` option. To avoid mounting the `/etc/os-release` host path, set the `datadog.osReleasePath` configuration value to an empty string. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +- Add `providers.talos.enabled` to simplify agent deployment configuration on Talos OS. ## 3.82.0 -* Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. +- Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. ## 3.81.2 -* Fix ci values.yaml files name to be taken into account by the ci job. +- Fix ci values.yaml files name to be taken into account by the ci job. ## 3.81.1 -* Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 +- Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 ## 3.81.0 -* Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. +- Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. ## 3.80.0 -* Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. +- Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. ## 3.79.1 -* Document how to use `datadog.envDict` option with the `--set` helm's flag. +- Document how to use `datadog.envDict` option with the `--set` helm's flag. ## 3.79.0 -* Add Logs Collection support for Google GKE on GDC +- Add Logs Collection support for Google GKE on GDC ## 3.78.0 -* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.59.0`. ## 3.77.3 -* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. +- Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. ## 3.77.2 -* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. +- Add the ability to include Security Contexts at the container level for Cluster Checks Runners. ## 3.77.1 -* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. +- Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. ## 3.77.0 -* Add experimental support for overlayfs direct scan for SBOMs +- Add experimental support for overlayfs direct scan for SBOMs ## 3.76.3 -* Add `podisruptionbudgets` RBAC to the Cluster Agent. +- Add `podisruptionbudgets` RBAC to the Cluster Agent. ## 3.76.2 -* Fix warning message displayed when installing/upgrading the Agent with OTel collector. -* Add preview message in values.yaml file. +- Fix warning message displayed when installing/upgrading the Agent with OTel collector. +- Add preview message in values.yaml file. ## 3.76.1 -* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. +- Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. ## 3.76.0 -* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. +- Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. ## 3.75.0 -* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.58.0`. ## 3.74.6 -* Fix error message for when System Probe is enabled on GKE Autopilot +- Fix error message for when System Probe is enabled on GKE Autopilot ## 3.74.5 -* Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. +- Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. ## 3.74.4 -* Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. +- Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. ## 3.74.3 -* Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. +- Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. ## 3.74.2 -* Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). +- Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). ## 3.74.1 -* Pass components env variables to the cluster checks runner deployment pod spec. +- Pass components env variables to the cluster checks runner deployment pod spec. ## 3.74.0 -* Simplify OTel Agent OOTB pipelines: - * Remove `traces/otlp` pipeline from the default OTel Agent config - * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. +- Simplify OTel Agent OOTB pipelines: + - Remove `traces/otlp` pipeline from the default OTel Agent config + - Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. ## 3.73.3 -* Fix a few typos on OTel Agent configs. +- Fix a few typos on OTel Agent configs. ## 3.73.2 -* Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. +- Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. ## 3.73.1 -* Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. +- Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. ## 3.73.0 -* Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. +- Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. ## 3.72.1 -* Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. +- Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. ## 3.72.0 -* Set default `Agent` and `Cluster-Agent` version to `7.57.2`. +- Set default `Agent` and `Cluster-Agent` version to `7.57.2`. ## 3.71.2 -* Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger -* Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger +- Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger +- Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger ## 3.71.1 -* Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 +- Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 ## 3.71.0 @@ -213,281 +213,281 @@ ## 3.70.7 -* Set default `Agent` and `Cluster-Agent` version to `7.56.2`. +- Set default `Agent` and `Cluster-Agent` version to `7.56.2`. ## 3.70.6 -* Add private beta note for OTel Collector. +- Add private beta note for OTel Collector. ## 3.70.5 -* Set default `Agent` and `Cluster-Agent` version to `7.56.1`. +- Set default `Agent` and `Cluster-Agent` version to `7.56.1`. ## 3.70.4 -* Improve support for `processAgent.runInCoreAgent` feature. +- Improve support for `processAgent.runInCoreAgent` feature. ## 3.70.3 -* Update `fips.image.tag` to `1.1.4` +- Update `fips.image.tag` to `1.1.4` ## 3.70.2 -* Add admission controller port to cilium network policy for the cluster agent +- Add admission controller port to cilium network policy for the cluster agent ## 3.70.1 -* Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value +- Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value ## 3.70.0 -* Set default `Agent` and `Cluster-Agent` version to `7.56.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.56.0`. ## 3.69.3 -* Update `datadog-crds` dependency to `1.7.2`. +- Update `datadog-crds` dependency to `1.7.2`. ## 3.69.2 -* Allow activation of autoscaling. +- Allow activation of autoscaling. ## 3.69.1 -* Set default `Agent` and `Cluster-Agent` version to `7.55.2`. +- Set default `Agent` and `Cluster-Agent` version to `7.55.2`. ## 3.69.0 -* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. +- Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. ## 3.68.2 -* Fix datadog.containerLifecycle.enabled conditional statement to accept false value +- Fix datadog.containerLifecycle.enabled conditional statement to accept false value ## 3.68.1 -* Add automatic detection for enablement of process agent container. +- Add automatic detection for enablement of process agent container. ## 3.68.0 -* Set default `Agent` and `Cluster-Agent` version to `7.55.1`. +- Set default `Agent` and `Cluster-Agent` version to `7.55.1`. ## 3.67.5 -* Add support for `processAgent.runInCoreAgent` as an experimental feature. +- Add support for `processAgent.runInCoreAgent` as an experimental feature. ## 3.67.4 -* Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. +- Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. ## 3.67.3 -* Make sure that disabling CSPM host benchmarks is propagated to the agent. +- Make sure that disabling CSPM host benchmarks is propagated to the agent. ## 3.67.2 -* Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions +- Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions ## 3.67.1 -* Update `fips.image.tag` to `1.1.3` +- Update `fips.image.tag` to `1.1.3` ## 3.67.0 -* Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. +- Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. ## 3.66.1 -* Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. +- Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. ## 3.66.0 -* Set default `Agent` and `Cluster-Agent` version to `7.54.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.54.0`. ## 3.65.3 -* Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. +- Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. ## 3.65.2 -* Do not enable live process collection by default when language detection is enabled for `APM SSI`. +- Do not enable live process collection by default when language detection is enabled for `APM SSI`. ## 3.65.1 -* Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. +- Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. ## 3.65.0 -* Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). +- Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). ## 3.64.1 -* Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). +- Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). ## 3.64.0 -* Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default +- Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default ## 3.63.0 -* Set kubelet core check to be enabled by default +- Set kubelet core check to be enabled by default ## 3.62.1 -* Update `fips.image.tag` to `1.1.2` +- Update `fips.image.tag` to `1.1.2` ## 3.62.0 -* Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default +- Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default ## 3.61.0 -* Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used - Note: this requires agent/cluster agent version 7.53.0+ +- Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used + Note: this requires agent/cluster agent version 7.53.0+ ## 3.60.0 -* Set default `Agent` and `Cluster-Agent` version to `7.53.0` +- Set default `Agent` and `Cluster-Agent` version to `7.53.0` ## 3.59.7 -* Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry -* No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, - that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. +- Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry +- No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, + that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. ## 3.59.6 -* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. +- Add configuration option datadog.apm.instrumentation.skipKPITelemetry. ## 3.59.5 -* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. +- Set default `Agent` and `Cluster-Agent` version to `7.52.1`. ## 3.59.4 -* Add language detection enable option for `APM` instrumentation. +- Add language detection enable option for `APM` instrumentation. ## 3.59.3 -* Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. +- Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. ## 3.59.2 -* Disable language detection reporting by default in Cluster Agent with Agent 7.52+. +- Disable language detection reporting by default in Cluster Agent with Agent 7.52+. ## 3.59.1 -* Add support for configuring Agent sidecar injection using Admission Controller. +- Add support for configuring Agent sidecar injection using Admission Controller. ## 3.59.0 -* Set default `Agent` and `Cluster-Agent` version to `7.52.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.52.0`. ## 3.58.1 -* Fix typo in PodSecurityPolicy warning note. +- Fix typo in PodSecurityPolicy warning note. ## 3.58.0 -* Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: -* `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. -* `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. -* `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. +- Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: +- `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. +- `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. +- `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. ## 3.57.3 -* Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. +- Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. ## 3.57.2 -* Add `networkpolicies` default permission for the cluster agent. +- Add `networkpolicies` default permission for the cluster agent. ## 3.57.1 -* Allow configuring CWS security profile based auto suppression feature and enable it by default. +- Allow configuring CWS security profile based auto suppression feature and enable it by default. ## 3.57.0 -* Set default `Agent` and `Cluster-Agent` version to `7.51.0`. +- Set default `Agent` and `Cluster-Agent` version to `7.51.0`. ## 3.56.0 -* Allow templating of `datadog.clusterName`. +- Allow templating of `datadog.clusterName`. ## 3.55.0 -* Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. +- Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. ## 3.54.2 -* Set `DD_APM_ENABLED` value in the core agent container to properly report its value. +- Set `DD_APM_ENABLED` value in the core agent container to properly report its value. ## 3.54.1 -* Migrate from `kubeval` to `kubeconform` for ci chart validation. +- Migrate from `kubeval` to `kubeconform` for ci chart validation. ## 3.53.3 -* Update `fips.image.tag` to `1.1.1` +- Update `fips.image.tag` to `1.1.1` ## 3.53.2 -* Exclude agent pod from labels injection from the admission controller. +- Exclude agent pod from labels injection from the admission controller. ## 3.53.1 -* Update `fips.image.tag` to `1.1.0` +- Update `fips.image.tag` to `1.1.0` ## 3.53.0 -* Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. +- Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. ## 3.52.0 -* Allow configuring CWS security profile features and enable drift events by default +- Allow configuring CWS security profile features and enable drift events by default ## 3.51.2 -* Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. +- Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. ## 3.51.1 -* Parametrize the name of kpi-telemetry-configmap. +- Parametrize the name of kpi-telemetry-configmap. ## 3.51.0 -* Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. +- Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. ## 3.50.5 -* Add option to use containerd snapshotter to generate SBOMs. +- Add option to use containerd snapshotter to generate SBOMs. ## 3.50.4 -* Mount host files for proper OS detection in SBOMs. +- Mount host files for proper OS detection in SBOMs. ## 3.50.3 -* Set default `Agent` and `Cluster-Agent` version to `7.50.3`. +- Set default `Agent` and `Cluster-Agent` version to `7.50.3`. ## 3.50.2 -* Support automatic registry selection based on `datadog.site` on GKE Autopilot. +- Support automatic registry selection based on `datadog.site` on GKE Autopilot. ## 3.50.1 -* Set default `Agent` and `Cluster-Agent` version to `7.50.2`. +- Set default `Agent` and `Cluster-Agent` version to `7.50.2`. ## 3.50.0 -* Set default `Agent` and `Cluster-Agent` version to `7.50.1`. +- Set default `Agent` and `Cluster-Agent` version to `7.50.1`. ## 3.49.9 -* Update `fips.image.tag` to `1.0.1` +- Update `fips.image.tag` to `1.0.1` ## 3.49.8 -* Mount host package manager database when host SBOM is enabled. +- Mount host package manager database when host SBOM is enabled. ## 3.49.7 @@ -499,1195 +499,1195 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.49.5 -* Fix registry selection with GKE Autopilot until new registries are allowed. +- Fix registry selection with GKE Autopilot until new registries are allowed. ## 3.49.4 -* Exclude a namespace with Datadog resources from APM Single Step Instrumentation +- Exclude a namespace with Datadog resources from APM Single Step Instrumentation ## 3.49.3 -* Fix NOTES warning for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +- Fix NOTES warning for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.2 -* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +- Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.1 -* Update `fips.image.tag` to `1.0.0` +- Update `fips.image.tag` to `1.0.0` ## 3.49.0 -* Beta: Add `datadog.apm.instrumentation` section to configure APM Single Step Instrumentation +- Beta: Add `datadog.apm.instrumentation` section to configure APM Single Step Instrumentation ## 3.48.0 -* Set default `Agent` and `Cluster-Agent` version to `7.49.1`. +- Set default `Agent` and `Cluster-Agent` version to `7.49.1`. ## 3.47.2 -* Fix CI following enabling container image collection by default. +- Fix CI following enabling container image collection by default. ## 3.47.1 -* Fix `registry` being ignored even if set. +- Fix `registry` being ignored even if set. ## 3.47.0 -* `registry` is now set automatically adapted based on `datadog.site` value. Still default to `gcr.io/datadoghq` if not set. +- `registry` is now set automatically adapted based on `datadog.site` value. Still default to `gcr.io/datadoghq` if not set. ## 3.46.0 -* Enable container image collection by default. +- Enable container image collection by default. ## 3.45.0 -* Separate values for `DD_CONTAINER_INCLUDE` and `DD_CONTAINER_EXCLUDE` in `Agent` and `Cluster-Agent` - Note: this requires agent/cluster agent version 7.50.0+ +- Separate values for `DD_CONTAINER_INCLUDE` and `DD_CONTAINER_EXCLUDE` in `Agent` and `Cluster-Agent` + Note: this requires agent/cluster agent version 7.50.0+ ## 3.44.1 -* Fix local agent Kubernetes service to include APM traceport +- Fix local agent Kubernetes service to include APM traceport ## 3.44.0 -* Remove buggy `chmod` directive in the init container of the cluster agent. +- Remove buggy `chmod` directive in the init container of the cluster agent. ## 3.43.2 -* Remove line break in helpers tpl file that prevents the chart from rendering in older Helm versions. +- Remove line break in helpers tpl file that prevents the chart from rendering in older Helm versions. ## 3.43.1 -* Fix docstring typos and remove unneeded lines. +- Fix docstring typos and remove unneeded lines. ## 3.43.0 -* Default `Agent` and `Cluster-Agent` to `7.49.0` version. +- Default `Agent` and `Cluster-Agent` to `7.49.0` version. ## 3.42.1 -* Bump FIPS proxy OpenSSL version to 3.0.12 +- Bump FIPS proxy OpenSSL version to 3.0.12 ## 3.42.0 -* Allow enabling SBOM collection for host and container images. +- Allow enabling SBOM collection for host and container images. ## 3.41.0 -* Enable container lifecycle events collection by default. +- Enable container lifecycle events collection by default. ## 3.40.4 -* Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService` +- Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService` ## 3.40.3 -* Default `Agent` and `Cluster-Agent` to `7.48.1` version. +- Default `Agent` and `Cluster-Agent` to `7.48.1` version. ## 3.40.2 -* Gate `PodSecurityPolicy` RBAC for k8s versions which no longer support this deprecated API. +- Gate `PodSecurityPolicy` RBAC for k8s versions which no longer support this deprecated API. ## 3.40.1 -* Add support for initContainer volume mounts +- Add support for initContainer volume mounts ## 3.40.0 -* Default `Agent` and `Cluster-Agent` to `7.48.0` version. +- Default `Agent` and `Cluster-Agent` to `7.48.0` version. ## 3.39.3 -* Omit cluster check and leader election in orchestrator check configuration if custom resources are provided +- Omit cluster check and leader election in orchestrator check configuration if custom resources are provided ## 3.39.2 -* Support custom resources and custom resource definitions collection in orchestrator explorer +- Support custom resources and custom resource definitions collection in orchestrator explorer ## 3.39.1 -* Add `kubeStateMetricsCore.collectConfigMaps` config field to the Agent +- Add `kubeStateMetricsCore.collectConfigMaps` config field to the Agent ## 3.39.0 -* Add a new parameter `datadog.leaderElectionResource` to select which resource lock to use in the leader election. Can be `leases(s)` in agent 7.47+, `configmap(s)`, or empty for auto detection. +- Add a new parameter `datadog.leaderElectionResource` to select which resource lock to use in the leader election. Can be `leases(s)` in agent 7.47+, `configmap(s)`, or empty for auto detection. ## 3.38.4 -* Add `orchestrator_explorer.enabled` for the Agent +- Add `orchestrator_explorer.enabled` for the Agent ## 3.38.3 -* Update `fips.image.tag` to `0.6.0` +- Update `fips.image.tag` to `0.6.0` ## 3.38.2 -* Skip references to PodSecurityPolicy where the support of this API has been dropped. +- Skip references to PodSecurityPolicy where the support of this API has been dropped. ## 3.38.1 -* Enable Remote Config by default on the host agent only +- Enable Remote Config by default on the host agent only ## 3.38.0 -* Default `Agent` and `Cluster-Agent` to `7.47.1` version. +- Default `Agent` and `Cluster-Agent` to `7.47.1` version. ## 3.37.1 -* Temporarily revert enabling Remote Config by default +- Temporarily revert enabling Remote Config by default ## 3.37.0 -* Rename `datadog.securityAgent.compliance.xccdf.enabled` parameter to `datadog.securityAgent.compliance.host_benchmarks.enabled`. +- Rename `datadog.securityAgent.compliance.xccdf.enabled` parameter to `datadog.securityAgent.compliance.host_benchmarks.enabled`. ## 3.36.4 -* Disable Remote Config on the cluster checks runner +- Disable Remote Config on the cluster checks runner ## 3.36.3 -* Mount `/etc/passwd` in process agent only if `datadog.processAgent.processCollection` or `datadog.processAgent.processDiscovery` is enabled. +- Mount `/etc/passwd` in process agent only if `datadog.processAgent.processCollection` or `datadog.processAgent.processDiscovery` is enabled. ## 3.36.2 -* Update `fips.image.tag` to `0.5.5` which upgrades HAProxy to 2.4.24 and zlib to 1.3 +- Update `fips.image.tag` to `0.5.5` which upgrades HAProxy to 2.4.24 and zlib to 1.3 ## 3.36.1 -* Add option to enable CWS security profiles (runtime anomaly detection) +- Add option to enable CWS security profiles (runtime anomaly detection) ## 3.36.0 -* Enable Remote Config by default +- Enable Remote Config by default ## 3.35.2 -* Fix Agent Service Account Name used in `RoleBinding` for Secret Backend permissions when in GKE Autopliot +- Fix Agent Service Account Name used in `RoleBinding` for Secret Backend permissions when in GKE Autopliot ## 3.35.1 -* Add permissions to curl `/metrics/slis` to agent cluster role. +- Add permissions to curl `/metrics/slis` to agent cluster role. ## 3.35.0 -* Default `Agent` and `Cluster-Agent` to `7.47.0` version. +- Default `Agent` and `Cluster-Agent` to `7.47.0` version. ## 3.34.3 -* Fix extra empty line in helmchecks, issue [#953](https://github.com/DataDog/helm-charts/issues/953). +- Fix extra empty line in helmchecks, issue [#953](https://github.com/DataDog/helm-charts/issues/953). ## 3.34.2 -* Add containerPort 8000/TCP to `cluster-agent` deployment for Admission Controller. +- Add containerPort 8000/TCP to `cluster-agent` deployment for Admission Controller. ## 3.34.1 -* Fix `clusterAgent.admissionController.webhookName` RBAC to avoid restricting `create` by resource name. +- Fix `clusterAgent.admissionController.webhookName` RBAC to avoid restricting `create` by resource name. ## 3.34.0 -* Introduced a new parameter `clusterAgent.admissionController.webhookName` for selecting the name of the mutating webhook. -* Narrowed the admission controller's RBAC scope in the cluster agent to only include a single resourceName, specifically `clusterAgent.admissionController.webhookName`. +- Introduced a new parameter `clusterAgent.admissionController.webhookName` for selecting the name of the mutating webhook. +- Narrowed the admission controller's RBAC scope in the cluster agent to only include a single resourceName, specifically `clusterAgent.admissionController.webhookName`. ## 3.33.10 -* Avoid creating the `DD_PROVIDER_KIND` environment variable twice for containers. +- Avoid creating the `DD_PROVIDER_KIND` environment variable twice for containers. ## 3.33.9 -* Add `fips.customFipsConfig` parameter to allow configuring FIPS proxy sidecar `datadog-fips-proxy.cfg` using a ConfigMap. +- Add `fips.customFipsConfig` parameter to allow configuring FIPS proxy sidecar `datadog-fips-proxy.cfg` using a ConfigMap. ## 3.33.8 -* Remove `mountPropagation` for `/etc/os-release` files. +- Remove `mountPropagation` for `/etc/os-release` files. ## 3.33.7 -* Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config +- Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config ## 3.33.6 -* Ensure the core agent is aware that CSPM is enabled (for inventories purposes). +- Ensure the core agent is aware that CSPM is enabled (for inventories purposes). ## 3.33.5 -* Daemonset includes `logdatadog` volume when rendered for `targetSystem: "windows"` +- Daemonset includes `logdatadog` volume when rendered for `targetSystem: "windows"` ## 3.33.4 -* Update `fips.image.tag` to `0.5.4` increasing the health checks interval from 2 to 10 seconds in the FIPS compliant side car container +- Update `fips.image.tag` to `0.5.4` increasing the health checks interval from 2 to 10 seconds in the FIPS compliant side car container ## 3.33.3 -* Remove `datadog.dataStreamsMonitoring.enabled` parameter. +- Remove `datadog.dataStreamsMonitoring.enabled` parameter. ## 3.33.2 -* Add emptyDir and volumeMounts for Agent log files in Windows containers to fix log file access +- Add emptyDir and volumeMounts for Agent log files in Windows containers to fix log file access # 3.33.0 -* Default `Agent` and `Cluster-Agent` to `7.46.0` version. +- Default `Agent` and `Cluster-Agent` to `7.46.0` version. ## 3.32.8 -* Always set the Remote Configuration environment variable +- Always set the Remote Configuration environment variable ## 3.32.7 -* Update the cluster agent network policy to allow telemetry submission. +- Update the cluster agent network policy to allow telemetry submission. ## 3.32.6 -* Fix cluster agent pod failing to start when securityContext is set. +- Fix cluster agent pod failing to start when securityContext is set. ## 3.32.5 -* Fix comment for datadog.kubernetesEvents.collectedEventTypes in values.yaml. +- Fix comment for datadog.kubernetesEvents.collectedEventTypes in values.yaml. ## 3.32.4 -* Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp. +- Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp. ## 3.32.3 -* Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`. +- Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`. ## 3.32.2 -* Set the `priority` field of the OpenShift’s SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC. +- Set the `priority` field of the OpenShift’s SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC. ## 3.32.1 -* Add AP1 Site Comment at `value.yaml`. -* Fix CVE in the FIPS compliant side car container +- Add AP1 Site Comment at `value.yaml`. +- Fix CVE in the FIPS compliant side car container ## 3.32.0 -* Add a new preferred parameter to enable Remote Configuration on both the agent and the cluster agent. +- Add a new preferred parameter to enable Remote Configuration on both the agent and the cluster agent. ## 3.31.0 -* Default `Agent` and `Cluster-Agent` to `7.45.0` version. +- Default `Agent` and `Cluster-Agent` to `7.45.0` version. ## 3.30.10 -* Updated pointerdir mountPath for Windows deployments. +- Updated pointerdir mountPath for Windows deployments. ## 3.30.9 -* Pass its pod name to the cluster-agent. This is used by cluster agent 7.46+ to make leader election work when using host network. +- Pass its pod name to the cluster-agent. This is used by cluster agent 7.46+ to make leader election work when using host network. ## 3.30.8 -* Update `fips.image.tag` to `0.5.2` version +- Update `fips.image.tag` to `0.5.2` version ## 3.30.7 -* Fix Windows support of `agents.customAgentConfig` to avoid bind mount of a file. +- Fix Windows support of `agents.customAgentConfig` to avoid bind mount of a file. ## 3.30.6 -* Adds `datadog.kubeStateMetricsCore.collectApiServicesMetrics` (`false` by default) to collect apiservices metrics in Kube State Metrics Core. - Note: APIServices metrics collection requires Cluster Agent 7.45.0+. +- Adds `datadog.kubeStateMetricsCore.collectApiServicesMetrics` (`false` by default) to collect apiservices metrics in Kube State Metrics Core. + Note: APIServices metrics collection requires Cluster Agent 7.45.0+. ## 3.30.5 -* Add `list` and `watch` permissions of `apiservices` resources for the `kubernetes_state_core` check. +- Add `list` and `watch` permissions of `apiservices` resources for the `kubernetes_state_core` check. ## 3.30.4 -* Remove USM private beta comments. +- Remove USM private beta comments. ## 3.30.3 -* Remove resourceName field from `create` permission of `leases` in `cluster-agent-rbac`. +- Remove resourceName field from `create` permission of `leases` in `cluster-agent-rbac`. ## 3.30.2 -* Add `get`, `create`, `update` permissions of `leases` to `cluster-agent-rbac`. +- Add `get`, `create`, `update` permissions of `leases` to `cluster-agent-rbac`. ## 3.30.1 -* Remove guidance that users must manually convert tag syntax for `labelsAsTags` +- Remove guidance that users must manually convert tag syntax for `labelsAsTags` ## 3.30.0 -* Add `datadog.dataStreamsMonitoring.enabled` parameter to enable Data Stream Monitoring. +- Add `datadog.dataStreamsMonitoring.enabled` parameter to enable Data Stream Monitoring. ## 3.29.3 -* Add `inotify_add_watch`, `inotify_init`, `inotify_init1`, and `inotify_rm_watch` to the default seccomp profile of system-probe. +- Add `inotify_add_watch`, `inotify_init`, `inotify_init1`, and `inotify_rm_watch` to the default seccomp profile of system-probe. ## 3.29.2 -* Default `Agent` and `Cluster-Agent` to `7.44.1` version. +- Default `Agent` and `Cluster-Agent` to `7.44.1` version. ## 3.29.1 -* Add `customresourcedefinitions` option to enable CRD metrics collection in KSM Core. +- Add `customresourcedefinitions` option to enable CRD metrics collection in KSM Core. ## 3.29.0 -* Add `datadog.securityAgent.compliance.xccdf.enabled` parameter to enable XCCDF feature in CSPM. +- Add `datadog.securityAgent.compliance.xccdf.enabled` parameter to enable XCCDF feature in CSPM. ## 3.28.1 -* Add `memfd_create` syscall to seccomp profile for system-probe. +- Add `memfd_create` syscall to seccomp profile for system-probe. ## 3.28.0 -* Adding support to use a FIPS compliant side car container in the Datadog Cluster Agent, the Datadog Agent, and the Datadog Cluster Check Runners pods. +- Adding support to use a FIPS compliant side car container in the Datadog Cluster Agent, the Datadog Agent, and the Datadog Cluster Check Runners pods. ## 3.27.0 -* Default `Agent` and `Cluster-Agent` to `7.44.0` version. +- Default `Agent` and `Cluster-Agent` to `7.44.0` version. ## 3.26.2 -* Adds statx syscall to seccomp for system-probe +- Adds statx syscall to seccomp for system-probe ## 3.26.1 -* Add support for `topologySpreadConstraints` in pod templates +- Add support for `topologySpreadConstraints` in pod templates ## 3.26.0 -* Default `Agent` and `Cluster-Agent` to `7.43.2` version. +- Default `Agent` and `Cluster-Agent` to `7.43.2` version. ## 3.25.5 -* Adds securityContext and resource annotations for initContainers in cluster agent +- Adds securityContext and resource annotations for initContainers in cluster agent ## 3.25.4 -* Add `list` and `watch` permissions of `customresourcedefinitions` to `kube-state-metrics-core-rbac`. +- Add `list` and `watch` permissions of `customresourcedefinitions` to `kube-state-metrics-core-rbac`. ## 3.25.3 -* Remote Config is now enabled even if the Cluster Agent is disabled. +- Remote Config is now enabled even if the Cluster Agent is disabled. ## 3.25.2 -* Fix a bug with `datadog.remoteConfiguration.enabled` where Remote Config was only enabled for the main agent container but not other containers such as the trace-agent. +- Fix a bug with `datadog.remoteConfiguration.enabled` where Remote Config was only enabled for the main agent container but not other containers such as the trace-agent. ## 3.25.1 -* Fix CI to unblock release of charts +- Fix CI to unblock release of charts ## 3.25.0 -* Automatically collect Security Profiles when CWS is enabled. +- Automatically collect Security Profiles when CWS is enabled. ## 3.24.0 -* Move `kube-state-metrics` default image registry from k8s.gcr.io to registry.k8s.io. +- Move `kube-state-metrics` default image registry from k8s.gcr.io to registry.k8s.io. ## 3.23.0 -* Injects additional environment variables in the Cluster Agent -* Add `clusterAgent.rbac.flareAdditionalPermissions` parameter to enable user Helm values retrieval in DCA flare (`true` by default) +- Injects additional environment variables in the Cluster Agent +- Add `clusterAgent.rbac.flareAdditionalPermissions` parameter to enable user Helm values retrieval in DCA flare (`true` by default) ## 3.22.0 -* Auto-configure `clusterAgent.admissionController.configMode` based on `datadog.apm.socketEnabled|portEnabled`. +- Auto-configure `clusterAgent.admissionController.configMode` based on `datadog.apm.socketEnabled|portEnabled`. ## 3.21.0 -* Add `datadog.remoteConfiguration.enabled` parameter to enable remote configuration. +- Add `datadog.remoteConfiguration.enabled` parameter to enable remote configuration. ## 3.20.3 -* Fix command script in linux init container to prevent blocking deployment in GKE Autopilot on Rapid release channel. -* Only mount DogStatsD socket in non-Autopilot environments. +- Fix command script in linux init container to prevent blocking deployment in GKE Autopilot on Rapid release channel. +- Only mount DogStatsD socket in non-Autopilot environments. ## 3.20.2 -* Fix R/W volume mounts for CRI on Windows +- Fix R/W volume mounts for CRI on Windows ## 3.20.1 -* Fix command args in linux init container to prevent blocking deployment in GKE Autopilot. +- Fix command args in linux init container to prevent blocking deployment in GKE Autopilot. ## 3.20.0 -* Enable CWS network detections by default. +- Enable CWS network detections by default. ## 3.19.2 -* Fix R/W volume mounts in init containers on Windows +- Fix R/W volume mounts in init containers on Windows ## 3.19.1 -* Mount emptyDir volumes in `/etc/datadog-agent` and `/tmp` to allow the cluster-agent to write files in those - locations with read-only root filesystem. +- Mount emptyDir volumes in `/etc/datadog-agent` and `/tmp` to allow the cluster-agent to write files in those + locations with read-only root filesystem. ## 3.19.0 -* Declare `readOnly` in volumeMounts. +- Declare `readOnly` in volumeMounts. ## 3.18.0 -* Default `Agent` and `Cluster-Agent` image tags to `7.43.1`. +- Default `Agent` and `Cluster-Agent` image tags to `7.43.1`. ## 3.17.1 -* Fix Cilium egress rules to kube-apiserver entities. +- Fix Cilium egress rules to kube-apiserver entities. ## 3.17.0 -* Add the following configurations which allow environment variables to be defined in a dictionary: - * `agents.containers.agent.envDict` - * `agents.containers.processAgent.envDict` - * `agents.containers.securityAgent.envDict` - * `agents.containers.systemProbe.envDict` - * `agents.containers.traceAgent.envDict` - * `clusterAgent.envDict` - * `clusterChecksRunner.envDict` - * `datadog.envDict` +- Add the following configurations which allow environment variables to be defined in a dictionary: + - `agents.containers.agent.envDict` + - `agents.containers.processAgent.envDict` + - `agents.containers.securityAgent.envDict` + - `agents.containers.systemProbe.envDict` + - `agents.containers.traceAgent.envDict` + - `clusterAgent.envDict` + - `clusterChecksRunner.envDict` + - `datadog.envDict` ## 3.16.2 -* Mount an emptyDir volume in `/opt/datadog-agent/run` to allow the cluster-agent to write files in that location - with read-only root filesystem. +- Mount an emptyDir volume in `/opt/datadog-agent/run` to allow the cluster-agent to write files in that location + with read-only root filesystem. ## 3.16.1 -* Fix `cluster-agent` deployment to allow the cluster-agent to write file in `/var/log/datadog` when it runs with - read-only root filesystem. +- Fix `cluster-agent` deployment to allow the cluster-agent to write file in `/var/log/datadog` when it runs with + read-only root filesystem. ## 3.16.0 -* Add new checksum to cluster agent deployment base on all cluster-agent configmap configuration. +- Add new checksum to cluster agent deployment base on all cluster-agent configmap configuration. ## 3.15.0 -* Beta: Enable remote configuration if `clusterAgent.admissionController.remoteInstrumentation` is enabled. +- Beta: Enable remote configuration if `clusterAgent.admissionController.remoteInstrumentation` is enabled. ## 3.14.0 -* Make the root filesystem of the cluster agent container read only by default +- Make the root filesystem of the cluster agent container read only by default ## 3.13.0 -* Beta: Support APM library injection with Remote Configuration. +- Beta: Support APM library injection with Remote Configuration. ## 3.12.0 -* Add `automountServiceAccountToken` option to configure automatic mounting of ServiceAccount's API credentials +- Add `automountServiceAccountToken` option to configure automatic mounting of ServiceAccount's API credentials ## 3.11.0 -* Default `Agent` and `Cluster-Agent` image tags to `7.43.0`. +- Default `Agent` and `Cluster-Agent` image tags to `7.43.0`. ## 3.10.9 -* Default `Agent` and `Cluster-Agent` image tags to `7.42.2`. +- Default `Agent` and `Cluster-Agent` image tags to `7.42.2`. ## 3.10.8 -* Fix `cluster-agent` SCC, remove duplicate `users` field. +- Fix `cluster-agent` SCC, remove duplicate `users` field. ## 3.10.7 -* Default `Agent` and `Cluster-Agent` image tags to `7.42.1`. +- Default `Agent` and `Cluster-Agent` image tags to `7.42.1`. ## 3.10.6 -* Includes the imagePullPolicy key for the seccomp-setup container template +- Includes the imagePullPolicy key for the seccomp-setup container template ## 3.10.5 -* Only expose the shared volume for the auth-token in non autopilot environments. +- Only expose the shared volume for the auth-token in non autopilot environments. ## 3.10.4 -* Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env` +- Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env` ## 3.10.3 -* Fix default `hostPid` value set to true on Windows. -* Fix auth token path value on Windows. +- Fix default `hostPid` value set to true on Windows. +- Fix auth token path value on Windows. ## 3.10.1 -* Fix: add missing `DAC_READ_SEARCH` capability in agent PSP and SCC (openshift) +- Fix: add missing `DAC_READ_SEARCH` capability in agent PSP and SCC (openshift) ## 3.10.0 -* Default `Agent` and `Cluster-Agent` image tags to `7.42.0`. +- Default `Agent` and `Cluster-Agent` image tags to `7.42.0`. ## 3.9.0 -* Set processDiscovery to be true by default +- Set processDiscovery to be true by default ## 3.8.1 -* Update docs for `datadog.otlp.receiver.protocols.grpc.endpoint` +- Update docs for `datadog.otlp.receiver.protocols.grpc.endpoint` ## 3.8.0 -* Add `providers.gke.cos` option to prevent `/usr/src` from being mounted on COS +- Add `providers.gke.cos` option to prevent `/usr/src` from being mounted on COS ## 3.7.3 -* Add support for Secret Annotations using `datadog.SecretAnnotations` helm value +- Add support for Secret Annotations using `datadog.SecretAnnotations` helm value ## 3.7.2 -* Rename dogstatsd port on the Agent Service to match the name of the dogstatsd port in the Agent pod (`dogstatsd -> dogstatsdport`). +- Rename dogstatsd port on the Agent Service to match the name of the dogstatsd port in the Agent pod (`dogstatsd -> dogstatsdport`). ## 3.7.1 -* Add required capability to system-probe in order to make the `auth_token` file readable. +- Add required capability to system-probe in order to make the `auth_token` file readable. ## 3.7.0 -* Add `datadog.kubernetesEvents.*` options to configure new Kubernetes unbundling events feature. - (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) -* Add `datadog.clusterTagger.*` options to configure the Kubernetes cluster-tagger feature. - (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) -* Create `components-common-env` to define shared environment variable between "agent" and "cluster-agent" containers, and refactor `containers-common-env`. +- Add `datadog.kubernetesEvents.*` options to configure new Kubernetes unbundling events feature. + (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) +- Add `datadog.clusterTagger.*` options to configure the Kubernetes cluster-tagger feature. + (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) +- Create `components-common-env` to define shared environment variable between "agent" and "cluster-agent" containers, and refactor `containers-common-env`. ## 3.6.9 -* Add `auth_token` to all the containers. +- Add `auth_token` to all the containers. ## 3.6.8 -* Add missing RBAC rules for collection of Vertical Pod Autoscaler resources in the Orchestrator Explorer. +- Add missing RBAC rules for collection of Vertical Pod Autoscaler resources in the Orchestrator Explorer. ## 3.6.7 -* Default `Agent` and `Cluster-Agent` image tags to `7.41.1`. +- Default `Agent` and `Cluster-Agent` image tags to `7.41.1`. ## 3.6.6 -* Fix missing volumeMount in `security-agent` container when `datadog.kubelet.hostCAPath` is provided. +- Fix missing volumeMount in `security-agent` container when `datadog.kubelet.hostCAPath` is provided. ## 3.6.5 -* Fix missing Cluster Agent configuration in `security-agent` if CSPM is not actived. +- Fix missing Cluster Agent configuration in `security-agent` if CSPM is not actived. ## 3.6.4 -* Change nesting for `providers.aks.enabled` parameter in Helm template. +- Change nesting for `providers.aks.enabled` parameter in Helm template. ## 3.6.3 -* Add `datadog.kubeStateMetricsCore.annotationsAsTags` that expose the `annotations_as_tags` parameter of the KSM core check. - This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above. +- Add `datadog.kubeStateMetricsCore.annotationsAsTags` that expose the `annotations_as_tags` parameter of the KSM core check. + This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above. # 3.6.2 -* Add CRDs to the cluster agent RBAC to be able to collect them using the Orchestrator Explorer. +- Add CRDs to the cluster agent RBAC to be able to collect them using the Orchestrator Explorer. ## 3.6.1 -* Add `providers.aks.enabled` parameter to activate specific configuration options for AKS. +- Add `providers.aks.enabled` parameter to activate specific configuration options for AKS. ## 3.6.0 -* Update "Agent" and "Cluster-Agent" versions to `7.41.0` by default. +- Update "Agent" and "Cluster-Agent" versions to `7.41.0` by default. ## 3.5.2 -* Fix API Key check in NOTES.txt following change of default value for `datadog.apiKey`. -* Fix failure if PSP activated in Kubernetes 1.25 (PSP have been removed). +- Fix API Key check in NOTES.txt following change of default value for `datadog.apiKey`. +- Fix failure if PSP activated in Kubernetes 1.25 (PSP have been removed). ## 3.5.1 -* Removing default value placeholder for the API Key in the values.yaml. +- Removing default value placeholder for the API Key in the values.yaml. ## 3.5.0 -* Remove runtime compilation-related config values `enableKernelHeaderDownload` and `enableRuntimeCompiler` in the system-probe. +- Remove runtime compilation-related config values `enableKernelHeaderDownload` and `enableRuntimeCompiler` in the system-probe. ## 3.4.0 -* Add `datadog.systemProbe.btfPath` for mounting user-provided BTF files (see datadog-agent PRs #13962 and #14096 for more context). +- Add `datadog.systemProbe.btfPath` for mounting user-provided BTF files (see datadog-agent PRs #13962 and #14096 for more context). ## 3.3.3 -* Add a warning note to alert users about suboptimal configuration of Cluster Checks Runner. +- Add a warning note to alert users about suboptimal configuration of Cluster Checks Runner. ## 3.3.2 -* Fix GKE Autopilot mounts in the `trace-agent` container and `hostPid` setting for the Agent pods +- Fix GKE Autopilot mounts in the `trace-agent` container and `hostPid` setting for the Agent pods ## 3.3.1 -* Remove `mountPropagation` for `*-release` files in `/etc`. It is not needed for individual files. +- Remove `mountPropagation` for `*-release` files in `/etc`. It is not needed for individual files. ## 3.3.0 -* Add datadog.hostPID option and deprecate datadog.dogstatsd.hostPID. +- Add datadog.hostPID option and deprecate datadog.dogstatsd.hostPID. ## 3.2.2 -* Mount `/host/proc` and `/host/sys/fs/cgroup` in trace-agent container for better support of container tagging +- Mount `/host/proc` and `/host/sys/fs/cgroup` in trace-agent container for better support of container tagging ## 3.2.1 -* Default "Agent" and "Cluster-Agent" image tag to `7.40.1`. +- Default "Agent" and "Cluster-Agent" image tag to `7.40.1`. ## 3.2.0 -* Default "Agent" and "Cluster-Agent" image tag to `7.40.0`. +- Default "Agent" and "Cluster-Agent" image tag to `7.40.0`. ## 3.1.11 -* Allow disabling use of the Host Port when enabling OTLP Ingest for Agent -* Add OTLP Ingest ports to Agent Service, to be used when Host Port is disabled +- Allow disabling use of the Host Port when enabling OTLP Ingest for Agent +- Add OTLP Ingest ports to Agent Service, to be used when Host Port is disabled ## 3.1.10 -* Default "Agent" and "Cluster-Agent" image tag to `7.39.2`. +- Default "Agent" and "Cluster-Agent" image tag to `7.39.2`. ## 3.1.9 -* Add `faccessat` to system-probe seccomp profile. +- Add `faccessat` to system-probe seccomp profile. ## 3.1.8 -* Add `clone3` and `rseq` to system-probe seccomp profile. +- Add `clone3` and `rseq` to system-probe seccomp profile. ## 3.1.7 -* Fix the configuration of the default seccomp profile for system-probe +- Fix the configuration of the default seccomp profile for system-probe ## 3.1.6 -* Fix usage of `generate-security-context` helper. +- Fix usage of `generate-security-context` helper. ## 3.1.5 -* Use `securityContext.seccompProfile` instead of annotations for system-probe on kubernetes 1.19+. +- Use `securityContext.seccompProfile` instead of annotations for system-probe on kubernetes 1.19+. ## 3.1.4 -* Default "Agent" and "Cluster-Agent" image tag to `7.39.1`. +- Default "Agent" and "Cluster-Agent" image tag to `7.39.1`. ## 3.1.3 -* Add `datadog.helmCheck.valuesAsTags` option to collect helm values and use them as tags. +- Add `datadog.helmCheck.valuesAsTags` option to collect helm values and use them as tags. ## 3.1.2 -* Add `datadog.securityAgent.runtime.activityDump.enabled` configuration to enable CWS activity dumps. +- Add `datadog.securityAgent.runtime.activityDump.enabled` configuration to enable CWS activity dumps. ## 3.1.1 -* Set default value for `datadog.systemProbe.enableKernelHeaderDownload` to `true` +- Set default value for `datadog.systemProbe.enableKernelHeaderDownload` to `true` ## 3.1.0 -* Default Agent image to `7.39.0`. -* Default Cluster-Agent image to `7.39.0`. Cluster-Agent versioning is now aligned with the Agent. +- Default Agent image to `7.39.0`. +- Default Cluster-Agent image to `7.39.0`. Cluster-Agent versioning is now aligned with the Agent. ## 3.0.4 -* Fix preventing mounting os-release in GKE autopilot for all containers. +- Fix preventing mounting os-release in GKE autopilot for all containers. ## 3.0.3 -* Add `faccessat2` to allowed actions in system-probe seccomp profile. +- Add `faccessat2` to allowed actions in system-probe seccomp profile. ## 3.0.2 -* Allow disabling kubeStateMetricsCore rbac creation. +- Allow disabling kubeStateMetricsCore rbac creation. ## 3.0.1 -* Add `datadog.systemProbe.enableDefaultKernelHeadersPaths` option that allows - to choose whether to mount the default kernel headers paths. +- Add `datadog.systemProbe.enableDefaultKernelHeadersPaths` option that allows + to choose whether to mount the default kernel headers paths. ## 3.0.0 -* Minimum version of the Agent supported is 7.36.0 and minimum version of the Cluster Agent supported is 1.20.0. -* Disable the legacy KSM check and enable the KSM core check by default. -* Drop support for Helm 2. +- Minimum version of the Agent supported is 7.36.0 and minimum version of the Cluster Agent supported is 1.20.0. +- Disable the legacy KSM check and enable the KSM core check by default. +- Drop support for Helm 2. ## 2.37.9 -* Add `DD_PROMETHEUS_SCRAPE_VERSION` to Cluster Agent to match Agent version +- Add `DD_PROMETHEUS_SCRAPE_VERSION` to Cluster Agent to match Agent version ## 2.37.8 -* Fix the volumeMount duplication in `system-probe` container if `datadog.osReleasePath` value - corresponds to one of the default os-release-paths automatically mounted. -* Add the option to disable the default os-release path mount linked to `system-probe` container. +- Fix the volumeMount duplication in `system-probe` container if `datadog.osReleasePath` value + corresponds to one of the default os-release-paths automatically mounted. +- Add the option to disable the default os-release path mount linked to `system-probe` container. ## 2.37.7 -* Fix Windows nodes deployment: do not mount `container-host-release-volumemounts` if - the `targetSystem` is "Windows". +- Fix Windows nodes deployment: do not mount `container-host-release-volumemounts` if + the `targetSystem` is "Windows". ## 2.37.6 -* Add `chmod` to allowed actions in system-probe seccomp profile +- Add `chmod` to allowed actions in system-probe seccomp profile ## 2.37.5 -* Mount host release files for proper host OS detection +- Mount host release files for proper host OS detection ## 2.37.4 -* Add `digest` as a configurable value for all datadog images used +- Add `digest` as a configurable value for all datadog images used ## 2.37.3 -* Update default agent image version tag to `7.38.2`. -* Rename view CI values.yaml files to be executed by the CI. +- Update default agent image version tag to `7.38.2`. +- Rename view CI values.yaml files to be executed by the CI. ## 2.37.2 -* Set traced_cgroups_count default value to 0 in the system-config file for CWS. +- Set traced_cgroups_count default value to 0 in the system-config file for CWS. ## 2.37.1 -* Default Datadog Agent image to `7.38.1`. +- Default Datadog Agent image to `7.38.1`. ## 2.37.0 -* Default Datadog Agent image to `7.38.0`. -* Default Datadog Cluster Agent image to `1.22.0`. +- Default Datadog Agent image to `7.38.0`. +- Default Datadog Cluster Agent image to `1.22.0`. ## 2.36.9 -* Add `/etc/dnf/vars` and `/etc/yum/vars` to the default package management directories mounted for kernel header downloading. +- Add `/etc/dnf/vars` and `/etc/yum/vars` to the default package management directories mounted for kernel header downloading. ## 2.36.8 -* Add `datadog.clusterName` on clusterCheckRunner pods +- Add `datadog.clusterName` on clusterCheckRunner pods ## 2.36.7 -* Add `priorityPreemptionPolicyValue` as a configurable value on the Agent charts +- Add `priorityPreemptionPolicyValue` as a configurable value on the Agent charts ## 2.36.6 -* Fix GKE Autopilot installation. The `process-agent` command must - use the `-config` argument to be compliant with the Datadog Agent's - GKE Autopilot security profile. +- Fix GKE Autopilot installation. The `process-agent` command must + use the `-config` argument to be compliant with the Datadog Agent's + GKE Autopilot security profile. ## 2.36.5 -* Use `regexFind` in favor of `mustRegexFind` to support helm2. +- Use `regexFind` in favor of `mustRegexFind` to support helm2. ## 2.36.4 -* Support `commonlabels` configuration to be able to add common labels on all resources created by the chart. +- Support `commonlabels` configuration to be able to add common labels on all resources created by the chart. ## 2.36.3 -* Fix usage of deprecated command flags in the process-agent. +- Fix usage of deprecated command flags in the process-agent. ## 2.36.2 -* Documentation updates to comments in some agent templates +- Documentation updates to comments in some agent templates ## 2.36.1 -* Add `datadog.otlp` section to configure OTLP ingest. +- Add `datadog.otlp` section to configure OTLP ingest. ## 2.36.0 -* Default Datadog Agent image to `7.37.1`. -* Default Datadog Cluster Agent image to `1.21.0`. +- Default Datadog Agent image to `7.37.1`. +- Default Datadog Cluster Agent image to `1.21.0`. ## 2.35.6 -* Fix `include` in clusterchecks deployment template. +- Fix `include` in clusterchecks deployment template. ## 2.35.5 -* Allow cross-DCA communication in DCA `NetworkPolicy` and `CiliumNetworkPolicy` +- Allow cross-DCA communication in DCA `NetworkPolicy` and `CiliumNetworkPolicy` ## 2.35.4 -* Fix comments in `values.yaml` to allow a seamless `helm-docs` update. +- Fix comments in `values.yaml` to allow a seamless `helm-docs` update. ## 2.35.3 -* Add `openat2` to system-probe seccomp profile to fix issues with opening files. +- Add `openat2` to system-probe seccomp profile to fix issues with opening files. ## 2.35.2 -* Update RBACs and the default check configuration to collect ingress metrics in Kube State Metrics Core. - Note: Ingress metrics collection requires Cluster Agent 1.21+. +- Update RBACs and the default check configuration to collect ingress metrics in Kube State Metrics Core. + Note: Ingress metrics collection requires Cluster Agent 1.21+. ## 2.35.1 -* Fix Cluster-Agent SCC creation on openshift 3.x. +- Fix Cluster-Agent SCC creation on openshift 3.x. ## 2.35.0 -* The Admission Controller is now enabled by default. +- The Admission Controller is now enabled by default. ## 2.34.6 -* Avoid the error `: error calling eq: incompatible types for comparison` that can happen in older helm versions. +- Avoid the error `: error calling eq: incompatible types for comparison` that can happen in older helm versions. ## 2.34.5 -* Add `datadog.securityAgent.runtime.fimEnabled` configuration to enable CWS File Integrity Monitoring. +- Add `datadog.securityAgent.runtime.fimEnabled` configuration to enable CWS File Integrity Monitoring. ## 2.34.4 -* Add `clusterAgent.admissionController.failurePolicy` configuration to set the failure policy for dynamic admission control +- Add `clusterAgent.admissionController.failurePolicy` configuration to set the failure policy for dynamic admission control ## 2.34.3 -* Introduce `clusterAgent.admissionController.configMode` (requires Cluster Agent `1.20+`). It allows choosing the kind of configuration to be injected ("hostip", "service", or "socket"). +- Introduce `clusterAgent.admissionController.configMode` (requires Cluster Agent `1.20+`). It allows choosing the kind of configuration to be injected ("hostip", "service", or "socket"). ## 2.34.2 -* Default Cluster Agent image to `1.20.0`. +- Default Cluster Agent image to `1.20.0`. ## 2.34.1 -* Add the `datadog.secretBackend.enableGlobalPermissions` value, which when set to `false`, does not allow Datadog agents to read all secrets in all clusters. Defaults to `true`. -* Add the `datadog.secretBackend.roles` value, which creates `Role` and `RoleBinding` for each namespace defined. Allows for opt-in read permissions for secrets in those namespaces. +- Add the `datadog.secretBackend.enableGlobalPermissions` value, which when set to `false`, does not allow Datadog agents to read all secrets in all clusters. Defaults to `true`. +- Add the `datadog.secretBackend.roles` value, which creates `Role` and `RoleBinding` for each namespace defined. Allows for opt-in read permissions for secrets in those namespaces. ## 2.34.0 -* Default Datadog Agent image to `7.36.1`. +- Default Datadog Agent image to `7.36.1`. ## 2.33.8 -* Add `datadog.securityAgent.runtime.network.enabled` configuration to enable CWS network events. +- Add `datadog.securityAgent.runtime.network.enabled` configuration to enable CWS network events. ## 2.33.7 -* Fix inaccurate documentation example for `datadog.kubeStateMetricsCore.labelsAsTags`. +- Fix inaccurate documentation example for `datadog.kubeStateMetricsCore.labelsAsTags`. ## 2.33.6 -* Add `renameat2` to system-probe seccomp profile to fix issues with renaming files. +- Add `renameat2` to system-probe seccomp profile to fix issues with renaming files. ## 2.33.5 -* Make the DCA leader election ConfigMap name depend on the Helm release name. (Requires DCA 1.21+) +- Make the DCA leader election ConfigMap name depend on the Helm release name. (Requires DCA 1.21+) ## 2.33.4 -* Improves help message when only `.datadog.containerInclude` is defined but no `.datadog.containerExclude` +- Improves help message when only `.datadog.containerInclude` is defined but no `.datadog.containerExclude` ## 2.33.3 -* Add enableKernelHeaderDownload configuration option to system-probe. +- Add enableKernelHeaderDownload configuration option to system-probe. ## 2.33.2 -* Add `revisionHistoryLimit` to set the number of old ReplicaSets in the Deployment. +- Add `revisionHistoryLimit` to set the number of old ReplicaSets in the Deployment. ## 2.33.1 -* Default Datadog Agent image to `7.35.2`. +- Default Datadog Agent image to `7.35.2`. ## 2.33.0 -***Warning:*** From this version onwards, on GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes namespace due to the following new constraints: +**_Warning:_** From this version onwards, on GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes namespace due to the following new constraints: -* On GKE Autopilot, hardcode the "Agent" DaemonSet serviceAccountName. -* On GKE Autopilot, hardcode the "Install Info" ConfigMap name. +- On GKE Autopilot, hardcode the "Agent" DaemonSet serviceAccountName. +- On GKE Autopilot, hardcode the "Install Info" ConfigMap name. ## 2.32.6 -* Add `verticalpodautoscalers` in `kubernetes_state_core.yaml.default` to enable collection in KSM Core by default +- Add `verticalpodautoscalers` in `kubernetes_state_core.yaml.default` to enable collection in KSM Core by default ## 2.32.5 -* Fix process detection, by adding `kill` syscall with signal `0` to system-probe seccomp profile. +- Fix process detection, by adding `kill` syscall with signal `0` to system-probe seccomp profile. ## 2.32.4 -* Update `cluster-agent` image to the latest stable version: `1.19.0` +- Update `cluster-agent` image to the latest stable version: `1.19.0` ## 2.32.3 -* Fix Go CPU profiling, by adding `setitimer` to system-probe seccomp profile. +- Fix Go CPU profiling, by adding `setitimer` to system-probe seccomp profile. ## 2.32.2 -* Fix scheduling of Helm check due to missing `helm.yaml` in Cluster Agent `confd`. +- Fix scheduling of Helm check due to missing `helm.yaml` in Cluster Agent `confd`. ## 2.32.1 -* Remove usage of `concat` to restore compatibility with Helm2. +- Remove usage of `concat` to restore compatibility with Helm2. ## 2.32.0 -* Default Datadog Agent image to `7.35.0`. +- Default Datadog Agent image to `7.35.0`. ## 2.31.1 -* Improves how securityContext are set depending on the `targetSystem` option (fix #590). +- Improves how securityContext are set depending on the `targetSystem` option (fix #590). ## 2.31.0 -* Add `datadog.prometheusScrape.version` parameter to choose the version of the openmetrics check that the Prometheus auto-discovery should instantiate by default. - It now defaults to `2`, which requires an agent 7.34+. - It can be explicitely set to `1` to restore the behaviour of previous versions. +- Add `datadog.prometheusScrape.version` parameter to choose the version of the openmetrics check that the Prometheus auto-discovery should instantiate by default. + It now defaults to `2`, which requires an agent 7.34+. + It can be explicitely set to `1` to restore the behaviour of previous versions. ## 2.30.21 -* Add `datadog.kubelet.podLogsPath` to customize hostPath mounted in to get Kubernetes PODs logs. +- Add `datadog.kubelet.podLogsPath` to customize hostPath mounted in to get Kubernetes PODs logs. ## 2.30.20 -* Update "agents are spinning up" message to point towards the new Events Explorer +- Update "agents are spinning up" message to point towards the new Events Explorer ## 2.30.19 -* Update documentation for enabling NPM. +- Update documentation for enabling NPM. ## 2.30.18 -* Enforce use of `root` user for the node agent. +- Enforce use of `root` user for the node agent. ## 2.30.17 -* Add `datadog.helmCheck.collectEvents` to enable event collection in the Helm check. +- Add `datadog.helmCheck.collectEvents` to enable event collection in the Helm check. ## 2.30.16 -* Default Datadog CRD chart to `0.4.7`. +- Default Datadog CRD chart to `0.4.7`. ## 2.30.15 -* Default Datadog Agent image to `7.34.0`. -* Default Datadog Cluster-Agent image to `1.18.0`. +- Default Datadog Agent image to `7.34.0`. +- Default Datadog Cluster-Agent image to `1.18.0`. ## 2.30.14 -* Default Datadog Agent image to `7.33.1`. +- Default Datadog Agent image to `7.33.1`. ## 2.30.13 -* Feat: Add `shareProcessNamespace` parameter. +- Feat: Add `shareProcessNamespace` parameter. ## 2.30.12 -* Add an option to remove the container runtime socket access. +- Add an option to remove the container runtime socket access. ## 2.30.11 -* Fix CiliumNetworkPolicy: Allow sending support flares. +- Fix CiliumNetworkPolicy: Allow sending support flares. ## 2.30.10 -* Fix scheduling of Helm check. It's no longer scheduled on a daemonset agent. +- Fix scheduling of Helm check. It's no longer scheduled on a daemonset agent. ## 2.30.9 -* Add RBAC rules for Roles, RoleBindings, ClusterRoles, ClusterRoleBindings and ServiceAccounts in order to collect them in the Orchestrator Explorer from the Cluster-agent. +- Add RBAC rules for Roles, RoleBindings, ClusterRoles, ClusterRoleBindings and ServiceAccounts in order to collect them in the Orchestrator Explorer from the Cluster-agent. ## 2.30.8 -* Add option to enable Helm Check (requires Agent 7.35.0+ and Cluster Agent 1.19.0+). +- Add option to enable Helm Check (requires Agent 7.35.0+ and Cluster Agent 1.19.0+). ## 2.30.7 -* Add ingress RBAC rules for the Cluster Agent to collect ingress resources in the Orchestrator Explorer. (Feature available starting Cluster Agent v1.19) +- Add ingress RBAC rules for the Cluster Agent to collect ingress resources in the Orchestrator Explorer. (Feature available starting Cluster Agent v1.19) ## 2.30.6 -* Fix syntax of agents.podAnnotations to be aligned with other podAnnotations setting. +- Fix syntax of agents.podAnnotations to be aligned with other podAnnotations setting. ## 2.30.5 -* Add a new note to recommand to the Cluster Agent in HA mode when the `admission-controller` or the `metrics provider` are enabled. +- Add a new note to recommand to the Cluster Agent in HA mode when the `admission-controller` or the `metrics provider` are enabled. ## 2.30.4 -* Add PV and PVC RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +- Add PV and PVC RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.30.3 -* Add `datadog.logs.autoMultiLineDetection` parameter to setup automatic multi-line log detection - See - This new option requires an agent 7.32+. +- Add `datadog.logs.autoMultiLineDetection` parameter to setup automatic multi-line log detection + See + This new option requires an agent 7.32+. ## 2.30.2 -* rename the APM port in the local traffic policy service from `apm` to `traceport` +- rename the APM port in the local traffic policy service from `apm` to `traceport` ## 2.30.1 -* clusterAgent.tolerations documented in values.yaml +- clusterAgent.tolerations documented in values.yaml ## 2.30.0 -* Default Datadog Agent image to `7.33.0`. -* Default Datadog Cluster-Agent image to `1.17.0`. +- Default Datadog Agent image to `7.33.0`. +- Default Datadog Cluster-Agent image to `1.17.0`. ## 2.29.0 -* Add `agents.podSecurity.allowedUnsafeSysctls` parameter +- Add `agents.podSecurity.allowedUnsafeSysctls` parameter ## 2.28.15 -* Remove unused configuration option from system_probe.yaml to address error message: `Unknown key in config file: runtime_security_config.debug` +- Remove unused configuration option from system_probe.yaml to address error message: `Unknown key in config file: runtime_security_config.debug` ## 2.28.14 -* Update cluster-agent's podAntiAffinity from required to preferred +- Update cluster-agent's podAntiAffinity from required to preferred ## 2.28.13 -* Do not declare the volumes for `/etc/*-release` if there is no `system-probe`. - Only the `system-probe` container mounts them. +- Do not declare the volumes for `/etc/*-release` if there is no `system-probe`. + Only the `system-probe` container mounts them. ## 2.28.12 -* Fix some typos in comments +- Fix some typos in comments ## 2.28.11 -* Fix deprecation warning in examples caused by the `datadog.apm.enabled` parameter +- Fix deprecation warning in examples caused by the `datadog.apm.enabled` parameter ## 2.28.10 -* Update confd examples for the mysql integration +- Update confd examples for the mysql integration ## 2.28.9 -* Fix Cluster-Agent SCC creation on openshift 3.x. : remove unset parameters. +- Fix Cluster-Agent SCC creation on openshift 3.x. : remove unset parameters. ## 2.28.8 -* Fix `PodDisruptionBudget` api version definition when using `helm template`. +- Fix `PodDisruptionBudget` api version definition when using `helm template`. ## 2.28.7 -* Fix environment variables to be quoted correct with a loop and `quote` instead of `toYaml`. +- Fix environment variables to be quoted correct with a loop and `quote` instead of `toYaml`. ## 2.28.6 -* Update `PodDisruptionBudget` api version to get rid of `policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget` warning. +- Update `PodDisruptionBudget` api version to get rid of `policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget` warning. ## 2.28.5 -* Default Datadog Agent image to `7.32.4`. +- Default Datadog Agent image to `7.32.4`. ## 2.28.4 -* Add a new configuration section `datadog.secretBackend`. -* Configuring `datadog.secretBackend.command="/readsecret_multiple_providers.sh"` will add the secret permissions required by the `/readsecret_multiple_providers.sh` helper. +- Add a new configuration section `datadog.secretBackend`. +- Configuring `datadog.secretBackend.command="/readsecret_multiple_providers.sh"` will add the secret permissions required by the `/readsecret_multiple_providers.sh` helper. ## 2.28.3 -* Update `agents.podSecurity.capabilities` to contain all `agents.containers.systemProbe.securityContext.capabilities`. +- Update `agents.podSecurity.capabilities` to contain all `agents.containers.systemProbe.securityContext.capabilities`. ## 2.28.2 -* Fix conflict between `clusterAgent.confd` and `clusterAgent.advancedConfd`: merge the 2 ConfigMaps. +- Fix conflict between `clusterAgent.confd` and `clusterAgent.advancedConfd`: merge the 2 ConfigMaps. ## 2.28.1 -* Fix `CAP_CHOWN` capability configuration for system-probe. +- Fix `CAP_CHOWN` capability configuration for system-probe. ## 2.28.0 -* Create priority Class to better support environments such as GKE Autopilot. +- Create priority Class to better support environments such as GKE Autopilot. ## 2.27.10 -* Add `CAP_CHOWN` to the list of capabilities for system-probe. +- Add `CAP_CHOWN` to the list of capabilities for system-probe. ## 2.27.9 -* Adds `systemProbe.enableRuntimeCompiler`, `systemProbe.mountPackageManagementDirs` and `systemprobe.runtimeCompilationAssetDir` to configure eBPF runtime compiler in the system-probe. -* Adds `systemProbe.mountPackageManagementDirs` to configure what volumes are mounted in the system-probe for runtime compilation. -* Adds `systemProbe.osReleasePath` to configure what volume is mounted in the system-probe for host OS detection. -* Adds renameat, symlinkat and flock to the allow syscalls in the system-probe's seccomp profile. +- Adds `systemProbe.enableRuntimeCompiler`, `systemProbe.mountPackageManagementDirs` and `systemprobe.runtimeCompilationAssetDir` to configure eBPF runtime compiler in the system-probe. +- Adds `systemProbe.mountPackageManagementDirs` to configure what volumes are mounted in the system-probe for runtime compilation. +- Adds `systemProbe.osReleasePath` to configure what volume is mounted in the system-probe for host OS detection. +- Adds renameat, symlinkat and flock to the allow syscalls in the system-probe's seccomp profile. ## 2.27.8 -* Default Datadog Agent image to `7.32.3`. +- Default Datadog Agent image to `7.32.3`. ## 2.27.7 -* Nothing +- Nothing ## 2.27.6 -* Default Datadog Agent image to `7.32.2`. +- Default Datadog Agent image to `7.32.2`. ## 2.27.5 -* Fix bugs that prevented running the ksm core check as a cluster check. +- Fix bugs that prevented running the ksm core check as a cluster check. ## 2.27.4 -* Do not allow unsupported configs with the security agent in windows environments. -* Ensure autoconf/extra config files are mounted in windows environments. +- Do not allow unsupported configs with the security agent in windows environments. +- Ensure autoconf/extra config files are mounted in windows environments. ## 2.27.3 -* Fix CiliumNetworkPolicy: Update toFQDNs policy to include `agent-http-intake` endpoint. -* Fix CiliumNetworkPolicy: Update toFQDNs to include `api` endpoint. +- Fix CiliumNetworkPolicy: Update toFQDNs policy to include `agent-http-intake` endpoint. +- Fix CiliumNetworkPolicy: Update toFQDNs to include `api` endpoint. ## 2.27.2 -* Expose the `labels_as_tags` parameter of the KSM core check. - This parameter exists only in agent 7.32.0 and above and cluster-agent 1.16.0 and above. +- Expose the `labels_as_tags` parameter of the KSM core check. + This parameter exists only in agent 7.32.0 and above and cluster-agent 1.16.0 and above. # 2.27.1 -* Update README.md to clarify Helm 2 vs. Helm 3 instructions. -* Fix typos in README.md in `How to join a Cluster Agent from another helm chart deployment (Linux)`. -* Fixes a port number typo for the `datadog.apm.portEnabled` option from 8216 to 8126. +- Update README.md to clarify Helm 2 vs. Helm 3 instructions. +- Fix typos in README.md in `How to join a Cluster Agent from another helm chart deployment (Linux)`. +- Fixes a port number typo for the `datadog.apm.portEnabled` option from 8216 to 8126. # 2.27.0 -* Introduce `processAgent.processDiscovery` to configure `DD_PROCESS_AGENT_DISCOVERY_ENABLED` +- Introduce `processAgent.processDiscovery` to configure `DD_PROCESS_AGENT_DISCOVERY_ENABLED` ## 2.26.5 -* Add `verticalpodautoscalers` RBACs when `datadog.kubeStateMetricsCore.enabled` is `true` +- Add `verticalpodautoscalers` RBACs when `datadog.kubeStateMetricsCore.enabled` is `true` ## 2.26.4 -* Update API/APP keys secret management documentation. +- Update API/APP keys secret management documentation. ## 2.26.3 -* Update CRDs version to `0.4.5` (reduced size) +- Update CRDs version to `0.4.5` (reduced size) ## 2.26.2 -* Add support for Universal Service Monitoring (currently under private Beta) +- Add support for Universal Service Monitoring (currently under private Beta) ## 2.26.1 -* Update CRDs version to `0.4.4` +- Update CRDs version to `0.4.4` ## 2.26.0 -* Default Datadog Agent image to `7.32.1`. +- Default Datadog Agent image to `7.32.1`. ## 2.25.0 -* Adding the following `agents.daemonsetAnnotations`, `clusterAgent.deploymentAnnotation` and `clusterChecksRunner.deploymentAnnotations` parameters to allow custom annotations on the agent's deployments/daemonsets to be setup +- Adding the following `agents.daemonsetAnnotations`, `clusterAgent.deploymentAnnotation` and `clusterChecksRunner.deploymentAnnotations` parameters to allow custom annotations on the agent's deployments/daemonsets to be setup ## 2.24.1 -* Fix typo in variable name : `agents.localService.forceLocalServiceEnabled` +- Fix typo in variable name : `agents.localService.forceLocalServiceEnabled` ## 2.24.0 -* Default Datadog Agent image to `7.32.0`. -* Default Datadog Cluster Agent image to `1.16.0`. +- Default Datadog Agent image to `7.32.0`. +- Default Datadog Cluster Agent image to `1.16.0`. ## 2.23.6 -* Add `datadog.expvarPort` parameter to customize the default expvar default port to not conflict with the default clusteragent metrics port if running in hostNetwork mode. -* Defined cluster-agent containerPort `agentmetrics` to expose the default port, which is set to 5000 and already defined in the `NetworkPolicy` for the cluster-agent. +- Add `datadog.expvarPort` parameter to customize the default expvar default port to not conflict with the default clusteragent metrics port if running in hostNetwork mode. +- Defined cluster-agent containerPort `agentmetrics` to expose the default port, which is set to 5000 and already defined in the `NetworkPolicy` for the cluster-agent. ## 2.23.5 @@ -1695,1101 +1695,1101 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.23.4 -* Add a new configuration field `datadog.providers.eks.ec2.useHostnameFromFile` to allow use of host's `/var/lib/cloud/data/instance-id` for hostname detection. +- Add a new configuration field `datadog.providers.eks.ec2.useHostnameFromFile` to allow use of host's `/var/lib/cloud/data/instance-id` for hostname detection. ## 2.23.3 -* Add `agents.localService` parameters to customize the internal traffic policy service name and force its creation of Kubernetes 1.21. +- Add `agents.localService` parameters to customize the internal traffic policy service name and force its creation of Kubernetes 1.21. ## 2.23.2 -* Add an `agents.podSecurity.defaultApparmor` setting to allow customizing the default AppArmor profile used by all containers but `system-probe`. +- Add an `agents.podSecurity.defaultApparmor` setting to allow customizing the default AppArmor profile used by all containers but `system-probe`. ## 2.23.1 -* Fix APM reporting via `trace-agent` hostPort if `datadog.apm.enabled: true`. +- Fix APM reporting via `trace-agent` hostPort if `datadog.apm.enabled: true`. ## 2.23.0 -* Add new option to the Kubernetes State Metrics Core feature to run the Cluster Check on Cluster Check Workers. This option is meant to be leveraged in large clusters. +- Add new option to the Kubernetes State Metrics Core feature to run the Cluster Check on Cluster Check Workers. This option is meant to be leveraged in large clusters. ## 2.22.18 -* Do not configure `trace-agent` hostPort if `datadog.apm.portEnabled: false`. +- Do not configure `trace-agent` hostPort if `datadog.apm.portEnabled: false`. ## 2.22.17 -* Update general installation documentation and add how to disable APM. +- Update general installation documentation and add how to disable APM. ## 2.22.16 -* Support containerd on windows node with logs enabled. +- Support containerd on windows node with logs enabled. ## 2.22.15 -* Add a new configuration field `datadog.kubeStateMetricsCore.collectSecretMetrics` to allow disabling the collection of `kubernetes_state.secret.*` metrics by the `kubernetes_state_core` check. +- Add a new configuration field `datadog.kubeStateMetricsCore.collectSecretMetrics` to allow disabling the collection of `kubernetes_state.secret.*` metrics by the `kubernetes_state_core` check. ## 2.22.14 -* Apply security context capabilities to security-agent only if compliance is enabled. +- Apply security context capabilities to security-agent only if compliance is enabled. ## 2.22.13 -* Add configurable conntrack_init_timeout to sysprobe config. +- Add configurable conntrack_init_timeout to sysprobe config. ## 2.22.12 -* Replace the `prometheus` check targetting the Datadog Cluster Agent by the new `datadog_cluster_agent` integration. (Requires Datadog Agent 7.31+) +- Replace the `prometheus` check targetting the Datadog Cluster Agent by the new `datadog_cluster_agent` integration. (Requires Datadog Agent 7.31+) ## 2.22.11 -* Adds missing configuration option `DD_STRIP_PROCESS_ARGS` for the process agent. +- Adds missing configuration option `DD_STRIP_PROCESS_ARGS` for the process agent. ## 2.22.10 -* Default Datadog Agent image to `7.31.1`. -* Default Datadog Cluster Agent image to `1.15.1`. +- Default Datadog Agent image to `7.31.1`. +- Default Datadog Cluster Agent image to `1.15.1`. ## 2.22.9 -* Makes the runtime socket configurable when running on Windows instead of defaulting to `\\.\pipe\docker_engine`. +- Makes the runtime socket configurable when running on Windows instead of defaulting to `\\.\pipe\docker_engine`. ## 2.22.8 -* Add a service with local [internal traffic policy](https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/) for traces and dogstatsd. - This works only on Kubernetes 1.22 or more recent. +- Add a service with local [internal traffic policy](https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/) for traces and dogstatsd. + This works only on Kubernetes 1.22 or more recent. ## 2.22.7 -* Add a default required pod anti-affinity for the cluster agent. +- Add a default required pod anti-affinity for the cluster agent. ## 2.22.6 -* Adds missing configuration option for `DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS`. +- Adds missing configuration option for `DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS`. ## 2.22.5 -* Add support for using `envFrom` on all container definitions. +- Add support for using `envFrom` on all container definitions. ## 2.22.4 -* Cluster Agent: `DD_TAGS` are included even when Datadog is not set as metrics provider. +- Cluster Agent: `DD_TAGS` are included even when Datadog is not set as metrics provider. ## 2.22.3 -* CiliumNetworkPolicy: Grant access to the agent to ECS container agent via localhost. +- CiliumNetworkPolicy: Grant access to the agent to ECS container agent via localhost. ## 2.22.2 -* Bind mount host /etc/os-release in system probe container. +- Bind mount host /etc/os-release in system probe container. ## 2.22.1 -* Fix CiliumNetworkPolicy `port` field. +- Fix CiliumNetworkPolicy `port` field. ## 2.22.0 -* Default Datadog Agent image to 7.31.0. -* Default Datadog Cluster Agent image to 1.15.0. +- Default Datadog Agent image to 7.31.0. +- Default Datadog Cluster Agent image to 1.15.0. ## 2.21.5 -* Update descriptions for securityAgent configuration. +- Update descriptions for securityAgent configuration. ## 2.21.4 -* Fix condition for including `sysprobe-socket-dir` and `sysprobe-config` volume mounts for `agent`. +- Fix condition for including `sysprobe-socket-dir` and `sysprobe-config` volume mounts for `agent`. ## 2.21.3 -* Default Datadog Agent image to 7.30.1. +- Default Datadog Agent image to 7.30.1. ## 2.21.2 -* Fix Dogstatsd UDS socket configuration with a HostVolume when `useSocketVolume: true`. +- Fix Dogstatsd UDS socket configuration with a HostVolume when `useSocketVolume: true`. ## 2.21.1 -* Disable by default UDS socket for dogstastd and apm on GKE autopilot. +- Disable by default UDS socket for dogstastd and apm on GKE autopilot. ## 2.21.0 -* Enable APM by default with using a Unix Domain socket for communication. +- Enable APM by default with using a Unix Domain socket for communication. ## 2.20.4 -* Skip KSM network policy creation when KSM creation is disabled. +- Skip KSM network policy creation when KSM creation is disabled. ## 2.20.3 -* Add `agents.image.tagSuffix` and `clusterChecksRunner.image.tagSuffix` to be able to request JMX or Windows servercore images without having to explicitly specify the full version. +- Add `agents.image.tagSuffix` and `clusterChecksRunner.image.tagSuffix` to be able to request JMX or Windows servercore images without having to explicitly specify the full version. ## 2.20.2 -* Add an additional way to configure cluster check allowing multiple configs for the same check. +- Add an additional way to configure cluster check allowing multiple configs for the same check. ## 2.20.1 -* Add Statefulsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +- Add Statefulsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.20.0 -* Update default Agent image tag to `7.30.0` -* Update default Cluster-Agent image tag to `1.14.0` +- Update default Agent image tag to `7.30.0` +- Update default Cluster-Agent image tag to `1.14.0` ## 2.19.9 -* Print a configuration notice to clarify the containers filtering behavior when a misconfiguration is detected. +- Print a configuration notice to clarify the containers filtering behavior when a misconfiguration is detected. ## 2.19.8 -* Update `datadog-crds` to `0.3.2`. +- Update `datadog-crds` to `0.3.2`. ## 2.19.7 -* Fix test value files in datadog/ci directory. +- Fix test value files in datadog/ci directory. ## 2.19.6 -* Update `agent` image tag to `7.29.1`. -* Update `clusterChecksRunner` image tag to `7.29.1`. +- Update `agent` image tag to `7.29.1`. +- Update `clusterChecksRunner` image tag to `7.29.1`. ## 2.19.5 -* Update link toe `kube-state-metrics` in README.md. +- Update link toe `kube-state-metrics` in README.md. ## 2.19.4 -* Fix `runtimesocket` volumeMount for the `trace-agent` on windows deployment. +- Fix `runtimesocket` volumeMount for the `trace-agent` on windows deployment. ## 2.19.3 -* Fix condition defining `should-enable-k8s-resource-monitoring`, which toggles the orchestrator explorer feature. +- Fix condition defining `should-enable-k8s-resource-monitoring`, which toggles the orchestrator explorer feature. ## 2.19.2 -* Fix `dsdsocket` volumeMount for the `trace-agent` on windows deployment. +- Fix `dsdsocket` volumeMount for the `trace-agent` on windows deployment. ## 2.19.1 -* Fix chart release process after updating the `kube-state-metrics` chart registry. +- Fix chart release process after updating the `kube-state-metrics` chart registry. ## 2.19.0 -* Move to the new `kube-state-metrics` chart registry, but keep the version `2.13.2`. +- Move to the new `kube-state-metrics` chart registry, but keep the version `2.13.2`. ## 2.18.2 -* Update `kube-state-metrics` requirement chart documentation. -* Add missing `DD_TAGS` envvar in `cluster-agent` deployment (Fix #304). +- Update `kube-state-metrics` requirement chart documentation. +- Add missing `DD_TAGS` envvar in `cluster-agent` deployment (Fix #304). ## 2.18.1 -* Honor `doNotCheckTag` in Env AD detection, preventing install failures with custom images using non semver tags. +- Honor `doNotCheckTag` in Env AD detection, preventing install failures with custom images using non semver tags. ## 2.18.0 -* Configure and activate the Dogstatsd UDS socket in an "emptyDir" volume by default. It will allow JMX-Fetch to use UDS by default. +- Configure and activate the Dogstatsd UDS socket in an "emptyDir" volume by default. It will allow JMX-Fetch to use UDS by default. ## 2.17.1 -* Update `cluster-agent` image tag to `1.13.1`. +- Update `cluster-agent` image tag to `1.13.1`. ## 2.17.0 -* Update `agent` image tag to `7.29.0`. -* Update `cluster-agent` image tag to `1.13.0`. +- Update `agent` image tag to `7.29.0`. +- Update `cluster-agent` image tag to `1.13.0`. ## 2.16.6 -* Support template expansion for `clusterAgent.podAnnotations` -* Support template expansion for `clusterAgent.rbac.serviceAccountAnnotations` +- Support template expansion for `clusterAgent.podAnnotations` +- Support template expansion for `clusterAgent.rbac.serviceAccountAnnotations` ## 2.16.5 -* Remove other way of detecting OpenShift cluster as it's not supported by Helm2. +- Remove other way of detecting OpenShift cluster as it's not supported by Helm2. ## 2.16.4 -* Rename the `Role` and `RoleBinding` of the Datadog Cluster Agent to avoid edge cases where `helm upgrade` can fail because of object name conflict. +- Rename the `Role` and `RoleBinding` of the Datadog Cluster Agent to avoid edge cases where `helm upgrade` can fail because of object name conflict. ## 2.16.3 -* Add Daemonsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +- Add Daemonsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.16.2 -* Document Autodiscovery management parameters: `datadog.containerExclude`, `datadog.containerInclude`, `datadog.containerExcludeMetrics`, `datadog.containerIncludeMetrics`, `datadog.containerExcludeLogs` and `datadog.containerIncludeLogs`. -* Introduce `datadog.includePauseContainer` to control autodiscovery of pause containers. -* Introduce a deprecation noticed for the undocumented and long deprecated `datadog.acInclude` and `datadog.acExclude`. +- Document Autodiscovery management parameters: `datadog.containerExclude`, `datadog.containerInclude`, `datadog.containerExcludeMetrics`, `datadog.containerIncludeMetrics`, `datadog.containerExcludeLogs` and `datadog.containerIncludeLogs`. +- Introduce `datadog.includePauseContainer` to control autodiscovery of pause containers. +- Introduce a deprecation noticed for the undocumented and long deprecated `datadog.acInclude` and `datadog.acExclude`. ## 2.16.1 -* Use the pod name as cluster check runner ID to allow deploying multiple cluster check runners on the same node. (Requires agent 7.27.0+) +- Use the pod name as cluster check runner ID to allow deploying multiple cluster check runners on the same node. (Requires agent 7.27.0+) ## 2.16.0 -* Always mount `/var/log/containers` for the Datadog Agent to better handle logs file scanning with short-lived containers. (See [datadog-agent#8143](https://github.com/DataDog/datadog-agent/pull/8143)) +- Always mount `/var/log/containers` for the Datadog Agent to better handle logs file scanning with short-lived containers. (See [datadog-agent#8143](https://github.com/DataDog/datadog-agent/pull/8143)) ## 2.15.6 -* Set `GODEBUG=x509ignoreCN=0` to revert Agent SSL certificates validation to behaviour to Golang <= 1.14. Notably it fixes issues with Kubelet certificates on AKS with Agent >= 7.28. +- Set `GODEBUG=x509ignoreCN=0` to revert Agent SSL certificates validation to behaviour to Golang <= 1.14. Notably it fixes issues with Kubelet certificates on AKS with Agent >= 7.28. ## 2.15.5 -* Add RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +- Add RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.15.4 -* Bump Agent version to `7.28.1`. +- Bump Agent version to `7.28.1`. ## 2.15.3 -* Fix Cilium network policies. +- Fix Cilium network policies. ## 2.15.2 -* OpenShift: Automatically use built-in SCCs instead of failing if create SCC option is not used +- OpenShift: Automatically use built-in SCCs instead of failing if create SCC option is not used ## 2.15.1 -* Add parameter `clusterAgent.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Agent. -* Add parameter `agents.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Agents. -* Support template expansion for `agents.podAnnotations` +- Add parameter `clusterAgent.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Agent. +- Add parameter `agents.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Agents. +- Support template expansion for `agents.podAnnotations` ## 2.15.0 -* Bump Agent version to `7.28.0`. +- Bump Agent version to `7.28.0`. ## 2.14.0 -* Improve resources labels with kubermetes/helm standard labels. +- Improve resources labels with kubermetes/helm standard labels. ## 2.13.3 -* Add `datadog.checksCardinality` field to configure `DD_CHECKS_TAG_CARDINALITY`. -* Add a reminder to set the `datadog.site` field if needed. +- Add `datadog.checksCardinality` field to configure `DD_CHECKS_TAG_CARDINALITY`. +- Add a reminder to set the `datadog.site` field if needed. ## 2.13.2 -* Fix `YAML parse error on datadog/templates/daemonset.yaml` when autopilot is enabled. -* Fix "README.md" generation. +- Fix `YAML parse error on datadog/templates/daemonset.yaml` when autopilot is enabled. +- Fix "README.md" generation. ## 2.13.1 -* Fix Kubelet connection on GKE-autopilot environment: force `http` endpoint to retrieves pods information. +- Fix Kubelet connection on GKE-autopilot environment: force `http` endpoint to retrieves pods information. ## 2.13.0 -* Update `kube-state-metrics` chart version to `2.13.2` that include `kubernetes/kube-state-metrics#1442` fix for `helm2`. +- Update `kube-state-metrics` chart version to `2.13.2` that include `kubernetes/kube-state-metrics#1442` fix for `helm2`. ## 2.12.4 -* Fix missing namespaces in chart templates +- Fix missing namespaces in chart templates ## 2.12.3 -* Added `datadog.ignoreAutoConfig` config option to ignore `auto_conf.yaml` configurations. +- Added `datadog.ignoreAutoConfig` config option to ignore `auto_conf.yaml` configurations. ## 2.12.2 -* The Datadog Cluster Agent's Admission Controller now uses a `Role` to watch secrets instead of a `ClusterRole`. (Requires Datadog Cluster Agent v1.12+) +- The Datadog Cluster Agent's Admission Controller now uses a `Role` to watch secrets instead of a `ClusterRole`. (Requires Datadog Cluster Agent v1.12+) ## 2.12.1 -* Add more kube-state-metrics core check documentation +- Add more kube-state-metrics core check documentation ## 2.12.0 -* Update the Cluster Agent version to `1.12.0` -* Support kube-state-metrics core check (Requires Datadog Cluster Agent v1.12+) +- Update the Cluster Agent version to `1.12.0` +- Support kube-state-metrics core check (Requires Datadog Cluster Agent v1.12+) ## 2.11.6 -* Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. -Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. +- Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. + Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. ## 2.11.5 -* Remove comment in the `seccomp` json profile, which is break the json parsing. +- Remove comment in the `seccomp` json profile, which is break the json parsing. ## 2.11.4 -* Add missing system calls to system-probe `seccomp` profile. +- Add missing system calls to system-probe `seccomp` profile. ## 2.11.3 -* Update the documentation with the new path of the `kube-state-metrics` chart +- Update the documentation with the new path of the `kube-state-metrics` chart ## 2.11.2 -* Update `agent.customAgentConfig` config example in the `values.yaml`: removes reference to APM configuration. +- Update `agent.customAgentConfig` config example in the `values.yaml`: removes reference to APM configuration. ## 2.11.1 -* Enable `collectDNSStats` by default +- Enable `collectDNSStats` by default ## 2.11.0 -* Bump Agent version to `7.27.0`. -* Support configuring advanced openmetrics check parameters via `datadog.prometheusScrape.additionalConfigs`. +- Bump Agent version to `7.27.0`. +- Support configuring advanced openmetrics check parameters via `datadog.prometheusScrape.additionalConfigs`. ## 2.10.14 -* Add Kubelet `hostCAPath` and `agentCAPath` parameters to automatically mount and use CA cert from host filesystem for Kubelet connection. -* Fix default value for DCA hostNetwork +- Add Kubelet `hostCAPath` and `agentCAPath` parameters to automatically mount and use CA cert from host filesystem for Kubelet connection. +- Fix default value for DCA hostNetwork ## 2.10.13 -* Fix `security-agent-feature` helper function to support `helm2`. -* Fix `provider-labels` helper function to support `helm2`. -* Fix `provider-env` helper function to support `helm2`. +- Fix `security-agent-feature` helper function to support `helm2`. +- Fix `provider-labels` helper function to support `helm2`. +- Fix `provider-env` helper function to support `helm2`. ## 2.10.12 -* Add the possibility to specify securityContext for cluster-agent containers +- Add the possibility to specify securityContext for cluster-agent containers ## 2.10.11 -* Fix RBAC needed for the external metrics provider for the future release of the DCA. +- Fix RBAC needed for the external metrics provider for the future release of the DCA. ## 2.10.10 -* Fix system-probe version check when using `datadog.networkMonitoring.enabled` +- Fix system-probe version check when using `datadog.networkMonitoring.enabled` ## 2.10.9 -* Add the possibility to specify a priority class name for the cluster checks runner pods. +- Add the possibility to specify a priority class name for the cluster checks runner pods. ## 2.10.8 -* When node agents are joining an existing DCA managed by another Helm release, we must control if they should be eligible to cluster checks dispatch or not depending on whether CLC have been deployed with the external DCA. +- When node agents are joining an existing DCA managed by another Helm release, we must control if they should be eligible to cluster checks dispatch or not depending on whether CLC have been deployed with the external DCA. ## 2.10.7 -* Fix bug regarding using "Metric collection with Prometheus annotations". +- Fix bug regarding using "Metric collection with Prometheus annotations". ## 2.10.6 -* Add provider labels on pods, warning on dogstatsd with UDS on GKE Autopilot. +- Add provider labels on pods, warning on dogstatsd with UDS on GKE Autopilot. ## 2.10.5 -* Increase default `datadog.systemProbe.maxTrackedConnections` to 131072. +- Increase default `datadog.systemProbe.maxTrackedConnections` to 131072. ## 2.10.4 -* Fix several bugs with OpenShift SCC and hostNetwork. +- Fix several bugs with OpenShift SCC and hostNetwork. ## 2.10.3 -* Bump version of KSM chart to get rid of `rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1` warnings +- Bump version of KSM chart to get rid of `rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1` warnings ## 2.10.2 -* Use an EmptyDir volume shared between all the agents for logs so that `agent flare` can gather the logs of all of them. +- Use an EmptyDir volume shared between all the agents for logs so that `agent flare` can gather the logs of all of them. ## 2.10.1 -* Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.25+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). +- Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.25+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). ## 2.10.0 -* Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.26+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). +- Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.26+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). ## 2.9.11 -* Allow system-probe container to send flares by adding main agent config file to container. +- Allow system-probe container to send flares by adding main agent config file to container. ## 2.9.10 -* Support configuring Prometheus Autodiscovery. (Requires Datadog Agent 7/6.26+ and Datadog Cluster Agent 1.11+). +- Support configuring Prometheus Autodiscovery. (Requires Datadog Agent 7/6.26+ and Datadog Cluster Agent 1.11+). ## 2.9.9 -* Update "agent" image tag to `7.26.0` and "cluster-agent" to `1.11.0`. -* Fix nit comments +- Update "agent" image tag to `7.26.0` and "cluster-agent" to `1.11.0`. +- Fix nit comments ## 2.9.8 -* Make pod collection for the Kubernetes Explorer work with an external Cluster Agent deployment. +- Make pod collection for the Kubernetes Explorer work with an external Cluster Agent deployment. ## 2.9.7 -* Allow cluster-agent to override metrics provider endpoint with `clusterAgent.metricsProvider.endpoint`. +- Allow cluster-agent to override metrics provider endpoint with `clusterAgent.metricsProvider.endpoint`. ## 2.9.6 -* Add missing `NET_RAW` capability to `System-probe` to support `CVE-2020-14386` mitigation. +- Add missing `NET_RAW` capability to `System-probe` to support `CVE-2020-14386` mitigation. ## 2.9.5 -* Fix typo in variable name. `agents.podSecurity.capabilities` replaces `agents.podSecurity.capabilites`. +- Fix typo in variable name. `agents.podSecurity.capabilities` replaces `agents.podSecurity.capabilites`. ## 2.9.4 -* Remove uses of `systemProbe.enabled`. +- Remove uses of `systemProbe.enabled`. ## 2.9.3 -* Enable support for GKE Autopilot. +- Enable support for GKE Autopilot. ## 2.9.2 -* Fixed a bug where `datadog.leaderElection` would not configure the cluster-agent environment variable `DD_LEADER_ELECTION` correctly. +- Fixed a bug where `datadog.leaderElection` would not configure the cluster-agent environment variable `DD_LEADER_ELECTION` correctly. ## 2.9.1 -* add `datadog.systemProbe.conntrackMaxStateSize` and `datadog.systemProbe.maxTrackedConnections`. +- add `datadog.systemProbe.conntrackMaxStateSize` and `datadog.systemProbe.maxTrackedConnections`. ## 2.9.0 -* Remove `systemProbe.enabled` config param in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. -* Fix bug preventing network monitoring to be disabled by setting `datadog.networkMonitoring.enabled` to `false`. +- Remove `systemProbe.enabled` config param in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. +- Fix bug preventing network monitoring to be disabled by setting `datadog.networkMonitoring.enabled` to `false`. ## 2.8.6 -* Add support for Service Topology to target the Datadog Agent via a kubernetes service instead of host ports. This will allow sending traces and custom metrics without using host ports. Note: Service Topology is a new Kubernetes feature, it's still in alpha and disabled by default. +- Add support for Service Topology to target the Datadog Agent via a kubernetes service instead of host ports. This will allow sending traces and custom metrics without using host ports. Note: Service Topology is a new Kubernetes feature, it's still in alpha and disabled by default. ## 2.8.5 -* Allow `namespaces` in RBAC for `kubernetes_namespace_labels_as_tags`. +- Allow `namespaces` in RBAC for `kubernetes_namespace_labels_as_tags`. ## 2.8.4 -* Grant access to the `Lease` objects. - `Lease` objects can be read by the `kube_scheduler` and `kube_controller_manager` checks on agent 7.27+ on Kubernetes clusters 1.14+. +- Grant access to the `Lease` objects. + `Lease` objects can be read by the `kube_scheduler` and `kube_controller_manager` checks on agent 7.27+ on Kubernetes clusters 1.14+. ## 2.8.3 -* Fix potential duplicate `DD_KUBERNETES_KUBELET_TLS_VERIFY` env var due to new parameter `kubelet.tlsVerify`. Parameter has now 3 states and env var won't be added if not set, improving backward compatibility. -* Fix activation of Cluster Checks while Cluster Agent is disabled. -* Change default value for `clusterAgent.metricsProvider.useDatadogMetrics` from `true` to `false` as it may trigger CRD ownership issues in several situations. +- Fix potential duplicate `DD_KUBERNETES_KUBELET_TLS_VERIFY` env var due to new parameter `kubelet.tlsVerify`. Parameter has now 3 states and env var won't be added if not set, improving backward compatibility. +- Fix activation of Cluster Checks while Cluster Agent is disabled. +- Change default value for `clusterAgent.metricsProvider.useDatadogMetrics` from `true` to `false` as it may trigger CRD ownership issues in several situations. ## 2.8.2 -* Open port 5000/TCP for ingress on cluster agent for Prometheus check from the agent. +- Open port 5000/TCP for ingress on cluster agent for Prometheus check from the agent. ## 2.8.1 -* Fix `datadog.kubelet.tlsVerify` value when set to `false` +- Fix `datadog.kubelet.tlsVerify` value when set to `false` ## 2.8.0 -* Enable the orchestrator explorer by default. +- Enable the orchestrator explorer by default. ## 2.7.2 -* Add a new fields `datadog.kubelet.host` (to override `DD_KUBERNETES_KUBELET_HOST`) and `datadog.kubelet.tlsVerify` (to toggle kubelet TLS verification) +- Add a new fields `datadog.kubelet.host` (to override `DD_KUBERNETES_KUBELET_HOST`) and `datadog.kubelet.tlsVerify` (to toggle kubelet TLS verification) ## 2.7.1 -* Open port 8000/TCP for ingress on cluster agent for Admission Controller communication. +- Open port 8000/TCP for ingress on cluster agent for Admission Controller communication. ## 2.7.0 -* Changes default values to activate a maximum of built-in features to ease configuration. - Notable changes: - * Cluster Agent, cluster checks and event collection are activated by default - * DatadogMetrics CRD usage is activated by default if ExternalMetrics are used - * Dogstatsd non-local traffic is activated by default (hostPort usage is not) -* Bump Agent version to `7.25.0` and Cluster Agent version to `1.10.0` -* Introduce `.registry` parameter to quickly change registry for all Datadog images. Image name is retrieved from `.image.name`, however setting `.image.repository` still allows to override per image, ensuring backward compatibility +- Changes default values to activate a maximum of built-in features to ease configuration. + Notable changes: + - Cluster Agent, cluster checks and event collection are activated by default + - DatadogMetrics CRD usage is activated by default if ExternalMetrics are used + - Dogstatsd non-local traffic is activated by default (hostPort usage is not) +- Bump Agent version to `7.25.0` and Cluster Agent version to `1.10.0` +- Introduce `.registry` parameter to quickly change registry for all Datadog images. Image name is retrieved from `.image.name`, however setting `.image.repository` still allows to override per image, ensuring backward compatibility ## 2.6.15 -* Add `ports` options to all Agent containers to allow users to add any binding they'd like for integrations +- Add `ports` options to all Agent containers to allow users to add any binding they'd like for integrations ## 2.6.14 -* Opens port 6443/TCP on kube-state-metrics netpol. +- Opens port 6443/TCP on kube-state-metrics netpol. ## 2.6.13 -* Opens ports 6443/TCP and 53/UDP for egress on cluster agent. -* Adds PodSecurityPolicy support for Cluster Agents. +- Opens ports 6443/TCP and 53/UDP for egress on cluster agent. +- Adds PodSecurityPolicy support for Cluster Agents. ## 2.6.12 -* Mount `/etc/passwd` as `readOnly` in the `process-agent`. +- Mount `/etc/passwd` as `readOnly` in the `process-agent`. ## 2.6.11 -* Adds `unconfined` as a default value for `agents.podSecurity.apparmorProfiles`. It now aligns with `datadog.systemProbe.apparmor` default value. -* Updates `hostPID` for PodSecurityPolicy, bringing it in line with SCC. +- Adds `unconfined` as a default value for `agents.podSecurity.apparmorProfiles`. It now aligns with `datadog.systemProbe.apparmor` default value. +- Updates `hostPID` for PodSecurityPolicy, bringing it in line with SCC. ## 2.6.10 -* Allow cluster-agent to access apps/daemonsets when admissionController is enabled. +- Allow cluster-agent to access apps/daemonsets when admissionController is enabled. ## 2.6.9 -* Add `/tmp` in Agent POD as an emptyDir to allow VOLUME removal from Agent Dockerfile -* Clarify documentation of `datadog.dogstatsd.nonLocalTraffic` +- Add `/tmp` in Agent POD as an emptyDir to allow VOLUME removal from Agent Dockerfile +- Clarify documentation of `datadog.dogstatsd.nonLocalTraffic` ## 2.6.8 -* Fix `helm lint` by renaming YAML files lacking metadata info. +- Fix `helm lint` by renaming YAML files lacking metadata info. ## 2.6.7 -* Change the default agent version to `7.24.1` +- Change the default agent version to `7.24.1` ## 2.6.6 -* Add `agents.containers.systemProbe.securityContext` option. +- Add `agents.containers.systemProbe.securityContext` option. ## 2.6.5 -* Make sure all agents are rolled out on API key update and the Cluster agents on Application key update. +- Make sure all agents are rolled out on API key update and the Cluster agents on Application key update. ## 2.6.4 -* Fix agent container volumeMounts when oom kill check or tcp queue length check is enabled. +- Fix agent container volumeMounts when oom kill check or tcp queue length check is enabled. ## 2.6.3 -* Add a new field `datadog.dogstatsd.tags` to configure `DD_DOGSTATSD_TAGS`. +- Add a new field `datadog.dogstatsd.tags` to configure `DD_DOGSTATSD_TAGS`. ## 2.6.2 -* Make sure KSM deploys on Linux nodes +- Make sure KSM deploys on Linux nodes ## 2.6.1 -* Fix `process-agent` and `trace-agent` communication with the `cluster-agent`: When the `cluster-agent` is activated, - the agents should communicated with the `cluster-agent` to retrived tags like `kube_service` instead of communicating - directly with the Kubernetes API-Server. +- Fix `process-agent` and `trace-agent` communication with the `cluster-agent`: When the `cluster-agent` is activated, + the agents should communicated with the `cluster-agent` to retrived tags like `kube_service` instead of communicating + directly with the Kubernetes API-Server. ## 2.6.0 -* deprecates `systemProbe.enabled` in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. -* fixes a bug where network performance monitoring would be enabled if any systemProbe feature was enabled. +- deprecates `systemProbe.enabled` in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. +- fixes a bug where network performance monitoring would be enabled if any systemProbe feature was enabled. ## 2.5.5 -* Add CiliumNetworkPolicy +- Add CiliumNetworkPolicy ## 2.5.4 -* Supports `clusterChecksRunner` pod annotations +- Supports `clusterChecksRunner` pod annotations ## 2.5.3 -* Add "datadog-crds" chart as dependency. It is used to install the `DatadogMetrics` CRD if needed. +- Add "datadog-crds" chart as dependency. It is used to install the `DatadogMetrics` CRD if needed. ## 2.5.2 -* Change `datadog.tags` to a `tpl` value +- Change `datadog.tags` to a `tpl` value ## 2.5.0 -* Use `gcr.io` instead of Dockerhub -* Change the default agent version `7.23.1` -* Change the default cluster agent version `1.9.1` -* Change the default cluster checks runner version `7.23.1` +- Use `gcr.io` instead of Dockerhub +- Change the default agent version `7.23.1` +- Change the default cluster agent version `1.9.1` +- Change the default cluster checks runner version `7.23.1` ## 2.4.39 -* Fixed a bug where `networkMonitoring.enabled` would not configure the process-agent correctly, causing network data to not be reported. +- Fixed a bug where `networkMonitoring.enabled` would not configure the process-agent correctly, causing network data to not be reported. ## 2.4.38 -* Move the kube-state-metrics subchart from google's helm registry to charts.helm.sh/stable. +- Move the kube-state-metrics subchart from google's helm registry to charts.helm.sh/stable. ## 2.4.37 -* Fix incorrect link for Event Collection in `values.yaml`. +- Fix incorrect link for Event Collection in `values.yaml`. ## 2.4.36 -* Fix `should-enable-system-probe` helper function to support `helm2`. +- Fix `should-enable-system-probe` helper function to support `helm2`. ## 2.4.35 -* Add options to set pod and container securityContext +- Add options to set pod and container securityContext ## 2.4.34 -* Add `datadog.networkMonitoring` section to allow the system-probe to be run without network performance monitoring. Deprecates `systemProbe.enabled`. +- Add `datadog.networkMonitoring` section to allow the system-probe to be run without network performance monitoring. Deprecates `systemProbe.enabled`. ## 2.4.33 -* Introduce overall cluster-name limit of 80 -* Remove character limit of single parts of the cluster-name +- Introduce overall cluster-name limit of 80 +- Remove character limit of single parts of the cluster-name ## 2.4.32 -* The `agents.volumeMounts` option is now properly propagated to all agent containers. +- The `agents.volumeMounts` option is now properly propagated to all agent containers. ## 2.4.31 -* Support adding labels to the Agent pods and daemonset via `agents.additionalLabels`. -* Support adding labels to the Cluster Agent pods and deployment via `clusterAgent.additionalLabels`. -* Support adding labels to the Cluster Checks Runner pods and deployment via `clusterChecksRunner.additionalLabels`. +- Support adding labels to the Agent pods and daemonset via `agents.additionalLabels`. +- Support adding labels to the Cluster Agent pods and deployment via `clusterAgent.additionalLabels`. +- Support adding labels to the Cluster Checks Runner pods and deployment via `clusterChecksRunner.additionalLabels`. ## 2.4.30 -* Refactor liveness and readiness probes with helpers to allow user overrides with other types of probes or disabling - probes entirely. -* Introduce `clusterChecksRunner.healthPort` default setting. -* Use health port defaults instead of hardcoded values. +- Refactor liveness and readiness probes with helpers to allow user overrides with other types of probes or disabling + probes entirely. +- Introduce `clusterChecksRunner.healthPort` default setting. +- Use health port defaults instead of hardcoded values. ## 2.4.29 -* Add `common-env-vars` to `system-probe` container +- Add `common-env-vars` to `system-probe` container ## 2.4.28 -* Make sure we rollout Agent/CLC/DCA when an upgrade is done (thus triggering a change in token secret) +- Make sure we rollout Agent/CLC/DCA when an upgrade is done (thus triggering a change in token secret) ## 2.4.27 -* Remove port defaults from liveness/readiness probes and show error notices on misconfiguration if user overrides are supplying custom node settings. +- Remove port defaults from liveness/readiness probes and show error notices on misconfiguration if user overrides are supplying custom node settings. ## 2.4.26 -* Revert to Helm2 hash in `requirements.yaml` to retain compatibility with Helm 2 +- Revert to Helm2 hash in `requirements.yaml` to retain compatibility with Helm 2 ## 2.4.25 -* Update default `datadog/agent` image tag to `7.23.0` -* Update default `datadog/cluster-agent` image tag to `1.9.0` +- Update default `datadog/agent` image tag to `7.23.0` +- Update default `datadog/cluster-agent` image tag to `1.9.0` ## 2.4.24 -* Fix the Cluster Agent's network policy (allow ingress from node Agents) -* Add kube-state-metrics network policy +- Fix the Cluster Agent's network policy (allow ingress from node Agents) +- Add kube-state-metrics network policy ## 2.4.23 -* Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment -variables, instead of passing one by one. +- Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment + variables, instead of passing one by one. ## 2.4.22 -* Add automatic README.md generation from `Values.yaml` +- Add automatic README.md generation from `Values.yaml` ## 2.4.21 -* Change `securityContext` variable name to `seLinuxContext` allow setting the PSP/SCC seLinux `type` or `rule`. Backward compatible. +- Change `securityContext` variable name to `seLinuxContext` allow setting the PSP/SCC seLinux `type` or `rule`. Backward compatible. ## 2.4.20 -* Add NetworkPolicy ingress rules for dogstatsd and APM +- Add NetworkPolicy ingress rules for dogstatsd and APM ## 2.4.19 -* Add NetworkPolicy - Add the following parameters to control the creation of NetworkPolicy: - * `agents.networkPolicy.create` - * `clusterAgent.networkPolicy.create` - * `clusterChecksRunner.networkPolicy.create` - The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. - In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted - by IP but the datadog intake IP cannot be guaranteed to be stable. - The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations - that can be dynamically added to them. +- Add NetworkPolicy + Add the following parameters to control the creation of NetworkPolicy: + - `agents.networkPolicy.create` + - `clusterAgent.networkPolicy.create` + - `clusterChecksRunner.networkPolicy.create` + The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. + In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted + by IP but the datadog intake IP cannot be guaranteed to be stable. + The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations + that can be dynamically added to them. ## 2.4.18 -* Fix `config` volume not being mounted in clusterChecksRunner pods. +- Fix `config` volume not being mounted in clusterChecksRunner pods. ## 2.4.17 -* Update default `Agent` and `Cluster-Agent` image tags: `7.22` and `1.18`. +- Update default `Agent` and `Cluster-Agent` image tags: `7.22` and `1.18`. ## 2.4.16 -* Add `External Metric` Aggregator config on Chart. +- Add `External Metric` Aggregator config on Chart. ## 2.4.15 -* Add `agents.podSecurity.apparmor.enabled` flag (defaulted to `true`). +- Add `agents.podSecurity.apparmor.enabled` flag (defaulted to `true`). ## 2.4.14 -* Fix external metrics on GKE due to Google fix on recent versions (introduced in 2.4.1). +- Fix external metrics on GKE due to Google fix on recent versions (introduced in 2.4.1). ## 2.4.13 -* fix Agent `PodSecurityPolicy` with `hostPorts` definition, and missing RBAC. +- fix Agent `PodSecurityPolicy` with `hostPorts` definition, and missing RBAC. ## 2.4.12 -* Add `compliance` and `runtime` `security-agent` support. +- Add `compliance` and `runtime` `security-agent` support. ## 2.4.11 -* Add `NET_BROADCAST` capability for `system-probe`. +- Add `NET_BROADCAST` capability for `system-probe`. ## 2.4.10 -* Add `scrubbing` option for helm charts to "Orchestrator Explorer" support. +- Add `scrubbing` option for helm charts to "Orchestrator Explorer" support. ## 2.4.9 -* Add `DD_DOGSTATSD_TAG_CARDINALITY` capability. +- Add `DD_DOGSTATSD_TAG_CARDINALITY` capability. ## 2.4.8 -* Fix, Only try to mount `/lib/modules` and `/usr/src` when needed. +- Fix, Only try to mount `/lib/modules` and `/usr/src` when needed. ## 2.4.7 -* Add `eventfd` and `eventfd2` to allowed syscalls for `system-probe`. +- Add `eventfd` and `eventfd2` to allowed syscalls for `system-probe`. ## 2.4.6 -* Fix Windows deployment support (fixes #15). +- Fix Windows deployment support (fixes #15). ## 2.4.5 -* Add mount propagation option for `hostVolumes`. +- Add mount propagation option for `hostVolumes`. ## 2.4.4 -* Fix typo in `allowHostPorts`. -* Add support of `MustRunAs` in Agent `PodSecurityPolicy` and `SecurityContextConstraints`. +- Fix typo in `allowHostPorts`. +- Add support of `MustRunAs` in Agent `PodSecurityPolicy` and `SecurityContextConstraints`. ## 2.4.3 -* Fix `Cluster-Agent` RBAC to collect new resources for the "Orchestrator Explorer" support. +- Fix `Cluster-Agent` RBAC to collect new resources for the "Orchestrator Explorer" support. ## 2.4.2 -* Add `install_info` file. +- Add `install_info` file. ## 2.4.1 -* Fix MetricsProvider RBAC setup on GKE clusters +- Fix MetricsProvider RBAC setup on GKE clusters ## 2.4.0 -* First release on github.com/datadog/helm-charts +- First release on github.com/datadog/helm-charts ## 2.3.41 -* Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) +- Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) ## 2.3.40 -* Update documentation for resource requests & limits default values. +- Update documentation for resource requests & limits default values. ## 2.3.39 -* Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. +- Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. ## 2.3.38 -* Add support of DD\_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} +- Add support of DD_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} ## 2.3.37 -* Add NET\_BROADCAST capability +- Add NET_BROADCAST capability ## 2.3.36 -* Bump default Agent version to `7.21.1` +- Bump default Agent version to `7.21.1` ## 2.3.35 -* Add support for configuring the Datadog Admission Controller +- Add support for configuring the Datadog Admission Controller ## 2.3.34 -* Add support for scaling based on `DatadogMetric` CRD +- Add support for scaling based on `DatadogMetric` CRD ## 2.3.33 -* Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. +- Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. ## 2.3.32 -* Always add os in nodeSelector based on `targetSystem` +- Always add os in nodeSelector based on `targetSystem` ## 2.3.31 -* Fixed daemonset template for go 1.14 +- Fixed daemonset template for go 1.14 ## 2.3.29 -* Change the default port for the Cluster Agent's External Metrics Provider - from 443 to 8443. -* Document usage of `clusterAgent.env` +- Change the default port for the Cluster Agent's External Metrics Provider + from 443 to 8443. +- Document usage of `clusterAgent.env` ## 2.3.28 -* fix daemonset template generation if `datadog.securityContext` is set to `nil` +- fix daemonset template generation if `datadog.securityContext` is set to `nil` ## 2.3.27 -* add systemProbe.collectDNSStats option +- add systemProbe.collectDNSStats option ## 2.3.26 -* fix PodSecurityContext configuration +- fix PodSecurityContext configuration ## 2.3.25 -* Use directly .env var YAML block for all agents (was already the case for Cluster Agent) +- Use directly .env var YAML block for all agents (was already the case for Cluster Agent) ## 2.3.24 -* Allow enabling Orchestrator Explorer data collection from the process-agent +- Allow enabling Orchestrator Explorer data collection from the process-agent ## 2.3.23 -* Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. +- Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. ## 2.3.22 -* Remove duplicate imagePullSecrets -* Fix DataDog location to useConfigMap in docs -* Adding explanation for metricsProvider.enabled +- Remove duplicate imagePullSecrets +- Fix DataDog location to useConfigMap in docs +- Adding explanation for metricsProvider.enabled ## 2.3.21 -* Fix additional default values in `values.yaml` to prevent errors with Helm 2.x +- Fix additional default values in `values.yaml` to prevent errors with Helm 2.x ## 2.3.20 -* Fix process-agent <> system-probe communication +- Fix process-agent <> system-probe communication ## 2.3.19 -* Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. +- Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. ## 2.3.18 -* Support arguments in the cluster-agent container `command` value +- Support arguments in the cluster-agent container `command` value ## 2.3.17 -* grammar edits to datadog helm docs! -* Typo in log config +- grammar edits to datadog helm docs! +- Typo in log config ## 2.3.16 -* Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. -* Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. +- Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. +- Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. ## 2.3.15 -* Mount kernel headers in system-probe container -* Fix the mount of the `system-probe` socket in core agent -* Add parameters to enable eBPF based checks +- Mount kernel headers in system-probe container +- Fix the mount of the `system-probe` socket in core agent +- Add parameters to enable eBPF based checks ## 2.3.14 -* Allow overriding the `command` to run in the cluster-agent container +- Allow overriding the `command` to run in the cluster-agent container ## 2.3.13 -* Use two distinct health endpoints for liveness and readiness probes. +- Use two distinct health endpoints for liveness and readiness probes. ## 2.3.12 -* Fix endpoints checks scheduling between agent and cluster check runners -* Cluster Check Runner now runs without s6 (similar to other agents) +- Fix endpoints checks scheduling between agent and cluster check runners +- Cluster Check Runner now runs without s6 (similar to other agents) ## 2.3.11 -* Bump the default version of the agent docker images +- Bump the default version of the agent docker images ## 2.3.10 -* Add dnsConfig options to all containers +- Add dnsConfig options to all containers ## 2.3.9 -* Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) +- Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) ## 2.3.8 -* Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. +- Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. ## 2.3.7 -* Fix an agent warning at startup because of a deprecated parameter +- Fix an agent warning at startup because of a deprecated parameter ## 2.3.6 -* Add `affinity` parameter in `values.yaml` for cluster agent deployment +- Add `affinity` parameter in `values.yaml` for cluster agent deployment ## 2.3.5 -* Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers -* Add "Unix Domain Socket" support in trace-agent -* Add new parameter to specify the dogstatsd socket path on the host -* Fix typos in values.yaml -* Update "tags:" example in values.yaml -* Add "rate_limit_queries_*" in the datadog.cluster-agent prometheus check configuration +- Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers +- Add "Unix Domain Socket" support in trace-agent +- Add new parameter to specify the dogstatsd socket path on the host +- Fix typos in values.yaml +- Update "tags:" example in values.yaml +- Add "rate*limit_queries*\*" in the datadog.cluster-agent prometheus check configuration ## 2.3.4 -* Fix default values in `values.yaml` to prevent warnings with Helm 2.x +- Fix default values in `values.yaml` to prevent warnings with Helm 2.x ## 2.3.3 -* Allow pre-release versions as docker image tag +- Allow pre-release versions as docker image tag ## 2.3.2 -* Update the DCA RBAC to allow it to create events in the HPA +- Update the DCA RBAC to allow it to create events in the HPA ## 2.3.1 -* Update the example for `datadog.securityContext` +- Update the example for `datadog.securityContext` ## 2.3.0 -* Mount the directory containing the CRI socket instead of the socket itself - This is to handle the cases where the docker daemon is restarted. - In this case, the docker daemon will recreate its docker socket and, - if the container bind-mounted directly the socket, the container would - still have access to the old socket instead of the one of the new docker - daemon. - ⚠ This version of the chart requires an agent image 7.19.0 or more recent +- Mount the directory containing the CRI socket instead of the socket itself + This is to handle the cases where the docker daemon is restarted. + In this case, the docker daemon will recreate its docker socket and, + if the container bind-mounted directly the socket, the container would + still have access to the old socket instead of the one of the new docker + daemon. + ⚠ This version of the chart requires an agent image 7.19.0 or more recent ## 2.2.12 -* Adding resources for `system-probe` init container +- Adding resources for `system-probe` init container ## 2.2.11 -* Add documentations around secret management in the datadog helm chart. It is to upstream - requested changes in the IBM charts repository: -* update `kube-state-metrics` dependency -* uncomment every values.yaml parameters for IBM chart compliancy +- Add documentations around secret management in the datadog helm chart. It is to upstream + requested changes in the IBM charts repository: +- update `kube-state-metrics` dependency +- uncomment every values.yaml parameters for IBM chart compliancy ## 2.2.10 -* Remove `kubeStateMetrics` section from `values.yaml` as not used anymore +- Remove `kubeStateMetrics` section from `values.yaml` as not used anymore ## 2.2.9 -* Fixing variables description in README and Migration documentation (#22031) -* Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. +- Fixing variables description in README and Migration documentation (#22031) +- Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. ## 2.2.8 -* Mount `system-probe` socket in `agent` container when system-probe is enabled +- Mount `system-probe` socket in `agent` container when system-probe is enabled ## 2.2.7 -* Add "Cluster-Agent" `Event` `create` RBAC permission +- Add "Cluster-Agent" `Event` `create` RBAC permission ## 2.2.6 -* Ensure the `trace-agent` computes the same hostname as the core `agent`. - by giving it access to all the elements that might be used to compute the hostname: - the `DD_CLUSTER_NAME` environment variable and the docker socket. +- Ensure the `trace-agent` computes the same hostname as the core `agent`. + by giving it access to all the elements that might be used to compute the hostname: + the `DD_CLUSTER_NAME` environment variable and the docker socket. ## 2.2.5 -* Fix RBAC +- Fix RBAC ## 2.2.4 -* Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. -* Fix discrepancies migration-guide and readme reporded in #21806 and #21920. -* Fix EnvVars with integer value due to yaml. serialization, reported by #21853. -* Fix .Values.datadog.tags encoding, reported by #21663. -* Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. +- Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. +- Fix discrepancies migration-guide and readme reporded in #21806 and #21920. +- Fix EnvVars with integer value due to yaml. serialization, reported by #21853. +- Fix .Values.datadog.tags encoding, reported by #21663. +- Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. ## 2.2.3 -* Fix `datadog.dockerOrCriSocketPath` helper #21992 +- Fix `datadog.dockerOrCriSocketPath` helper #21992 ## 2.2.2 -* Fix indentation for `clusterAgent.volumes`. +- Fix indentation for `clusterAgent.volumes`. ## 2.2.1 -* Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. +- Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. ## 2.2.0 -* Add Windows support -* Update documentation to reflect some changes that were made default -* Enable endpoint checks by default in DCA/Agent +- Add Windows support +- Update documentation to reflect some changes that were made default +- Enable endpoint checks by default in DCA/Agent ## 2.1.2 -* Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt -config to this environment variable. +- Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt + config to this environment variable. ## 2.1.1 -* Add option to enable WPA in the Cluster Agent. +- Add option to enable WPA in the Cluster Agent. ## 2.1.0 -* Changed the default for `processAgent.enabled` to `true`. +- Changed the default for `processAgent.enabled` to `true`. ## 2.0.14 -* Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` +- Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` ## 2.0.13 -* Fix `system-probe` startup on latest versions of containerd. - Here is the error that this change fixes: +- Fix `system-probe` startup on latest versions of containerd. + Here is the error that this change fixes: - ``` State: Waiting - Reason: CrashLoopBackOff - Last State: Terminated - Reason: StartError - Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown - Exit Code: 128 - ``` + ```State: Waiting + Reason: CrashLoopBackOff + Last State: Terminated + Reason: StartError + Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown + Exit Code: 128 + ``` ## 2.0.11 -* Add missing syscalls in the `system-probe` seccomp profile +- Add missing syscalls in the `system-probe` seccomp profile ## 2.0.10 -* Do not enable the `cri` check when running on a `docker` setup. +- Do not enable the `cri` check when running on a `docker` setup. ## 2.0.7 -* Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` +- Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` ## 2.0.6 -* Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. +- Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. ## 2.0.5 -* Honor the `datadog.env` parameter in all containers. +- Honor the `datadog.env` parameter in all containers. ## 2.0.4 -* Honor the image pull policy in init containers. -* Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. +- Honor the image pull policy in init containers. +- Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. ## 2.0.3 -* Fix templating error when `agents.useConfigMap` is set to true. -* Add DD\_APM\_ENABLED environment variable to trace agent container. +- Fix templating error when `agents.useConfigMap` is set to true. +- Add DD_APM_ENABLED environment variable to trace agent container. ## 2.0.2 -* Revert the docker socket path inside the agent container to its standard location to fix #21223. +- Revert the docker socket path inside the agent container to its standard location to fix #21223. ## 2.0.1 -* Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. -* Update the migration document link in the `Readme.md`. +- Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. +- Update the migration document link in the `Readme.md`. ### 2.0.0 -* Remove Datadog agent deployment configuration. -* Cleanup resources labels, to fit with recommended labels. -* Cleanup useless or unused values parameters. -* each component have its own RBAC configuration (create,configuration). -* container runtime socket update values configuration simplification. -* `nameOverride` `fullnameOverride` is now optional in values.yaml. +- Remove Datadog agent deployment configuration. +- Cleanup resources labels, to fit with recommended labels. +- Cleanup useless or unused values parameters. +- each component have its own RBAC configuration (create,configuration). +- container runtime socket update values configuration simplification. +- `nameOverride` `fullnameOverride` is now optional in values.yaml. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b635bf643..288d678c6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -5,14 +5,14 @@ version: 3.90.0 appVersion: "7" description: Datadog Agent keywords: - - monitoring - - alerting - - metric +- monitoring +- alerting +- metric home: https://www.datadoghq.com icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png sources: - - https://app.datadoghq.com/account/settings#agent/kubernetes - - https://github.com/DataDog/datadog-agent +- https://app.datadoghq.com/account/settings#agent/kubernetes +- https://github.com/DataDog/datadog-agent maintainers: - - name: Datadog - email: support@datadoghq.com +- name: Datadog + email: support@datadoghq.com diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 10c17693f..b230a1218 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -404,6 +404,16 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} +{{- if .Values.datadog.networkMonitoring.enabled }} + +####################################################################################### +#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### +####################################################################################### + +{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} + +{{- end }} + {{- end }} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index af1cfea68..59b36e002 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,15 +1,13 @@ {{- define "linux-container-host-release-volumemounts" -}} {{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} - {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} - {{- if eq (include "should-enable-system-probe" .) "true" }} + {{- if and (eq (include "should-enable-system-probe" .) "true") (not .Values.providers.gke.gdc) }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} readOnly: true - {{- else if .Values.datadog.osReleasePath }} + {{- else if .Values.datadog.osReleasePath }} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} readOnly: true - {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index dd262b810..9acf4ea5e 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -343,7 +343,6 @@ Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} {{- if and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -388,7 +387,8 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not .Values.providers.gke.gdc ) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" +.) "true") -}} true {{- else -}} false @@ -410,7 +410,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not .Values.providers.gke.gdc) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -1026,7 +1026,7 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} - {{- if or .Values.providers.gke.gdc .Values.providers.gke.autopilot -}} + {{- if .Values.providers.gke.gdc -}} false {{- else if ne .Values.targetSystem "linux" -}} false @@ -1074,6 +1074,8 @@ Create RBACs for custom resources {{- define "should-add-host-path-for-os-release-paths" -}} {{- if ne .Values.targetSystem "linux" -}} false + {{- else if .Values.providers.gke.autopilot -}} + false {{- else if .Values.providers.talos.enabled -}} false {{- else if (and .Values.datadog.systemProbe.enableDefaultOsReleasePaths (not .Values.datadog.disableDefaultOsReleasePaths)) -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 46c2a2359..c202299ff 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -55,18 +55,18 @@ spec: checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - {{- if .Values.agents.podSecurity.apparmor.enabled }} + {{- if and (.Values.agents.podSecurity.apparmor.enabled) (not .Values.providers.gke.autopilot) }} container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} {{- end }} {{- if semverCompare "<1.19.0" .Capabilities.KubeVersion.Version }} container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.providers.gke.autopilot) }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} {{- if .Values.providers.gke.autopilot }} - autopilot.gke.io/no-connect: "false" + autopilot.gke.io/no-connect: "true" {{- end }} {{- if .Values.agents.podAnnotations }} {{ tpl (toYaml .Values.agents.podAnnotations) . | indent 8 }} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index d14249794..ea31f1bb2 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 37a2772ca63263767c6e7068e0045e49adbc15740749bda902e911cd80f1b43a - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 7a191b46e37210282a7d889d0f025945b63970d0d4d9de96d286c3b73b5b4cf7 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 54b4028fb..8cf57e983 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 406b54942cb117c07edbdf779143465270e695ae181ac7cb1510d7f51938bcba - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/clusteragent_token: facb8dd79b211ff3953c8958ae1f70ee76fc2adc10ee080c91a204c6a7e88491 + checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 + checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index e16a33377..b4136ef3d 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 795ee1c256c20770693733bfa713d5614c1eea95d15e8141b6fa8a4894f81557 - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/clusteragent_token: 0c3539cd7055e84dd64879bb3ff326700a5a2ec3f3b0d722e7071968ee8f0fd8 + checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 + checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 90137e113..22542c57a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4a9ef7efc38cb1ca3eebf80fe91e7447283866158f242d3e1f6f4fcde674bf0e - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/clusteragent_token: e477034b230a96cc5f27d29d160d9cb80e6f4f9d6c49fb28713126fefddcbe62 + checksum/clusteragent-configmap: b80db4e65821dd6bcd24691a57341dbf840b5ac2c7e635060f0e8ae83f6597c1 + checksum/api_key: e8756335f64a19cdbc31bf5c1e01c7cc4fa57310bf1a1739384243a8adada70c checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index b664d3644..c4c14352a 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: c456fcb1ef3669e17f99562f9daff2c69a0b63a382b597db38525e2169dff3da - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 54012c1a4ce0a6149663e8f4454f1990609e504b55a4d40dfaea08fa08c9620b + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index c8612e188..0da1b51f8 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: bea41cde459ee76a26104fde88acde58e9cddfd64e19dde2f473bd471617a9bf - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 5c598c4c593e57447477b1697c7a2b0c633a749417879a7f924b43ee99e29a6a + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -146,6 +146,9 @@ spec: mountPath: /tmp readOnly: false # Need RW to write to /tmp directory + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 1a809c125..ac0e90b83 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: b876b950a97ece20cb3ec3849c48e7b38822786a117db182b10fcef4fd038fcb - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: c0200d78f6e8dba93ae6568c787f31b4700c6637877be9155afc3197a091223b + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -146,6 +146,9 @@ spec: mountPath: /tmp readOnly: false # Need RW to write to /tmp directory + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index f6b4161bc..556b5ae9f 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "T0UwV1F3NzlTTjlVaDJzekhrSGdZczc1VnQzYThTMnY=" + token: "V2dVVFg2SjRiVUhYQWFnQXlUNFE4UlU0M1JMaTc1VGY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,10 +149,12 @@ data: {} annotations_as_tags: {} + kubernetes_apiserver.yaml: |- init_config: instances: - - filtering_enabled: false + - + filtering_enabled: false unbundle_events: false --- # Source: datadog/templates/install_info-configmap.yaml @@ -162,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.88.0 + installer_version: datadog-3.90.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "3e55a44e-ebf1-4c36-9d60-8d5a88c2c279" - install_time: "1736806509" + install_id: "c6025e5d-8497-4177-8ec0-a9506c773e6e" + install_time: "1738191091" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -424,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -520,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -568,7 +570,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -588,7 +590,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -608,7 +610,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -629,7 +631,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -648,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -665,7 +667,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -687,7 +689,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -708,7 +710,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -731,7 +733,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -753,10 +755,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -779,10 +781,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.88.0" + chart: "datadog-3.90.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -808,7 +810,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -832,8 +834,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 8b856ec67f8792fa8141d5d88a721a5155de2227792a4c61fd221b5c6689df5d - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: 16409ccac7f428b887e61144e9ed9e925af8aa8977e81fd556f96399129ef33a + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1236,7 +1238,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1266,8 +1268,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 3653c2cfb1aae823a7f36aedc8380741670bfb9f18758132cb208d45d1cd0b6b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: ba6a09ff415c3872456aa9ca91676c5f84c4cfa2991904a7116965df80d0bc41 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1428,7 +1430,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.88.0' + helm.sh/chart: 'datadog-3.90.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1458,9 +1460,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 42324d7b2e100268673aa3a6b356ff7b191a437d121680f69bd6f00761336c22 - checksum/clusteragent-configmap: c0fbaef09d8f108962e862318211303e8039aed3e6e95697fc23cb2c3894e5ea - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/clusteragent_token: d565ff0ebd0b384ad4f538c6039a5c240c919bc0e08f62e02b5aee52e58d7114 + checksum/clusteragent-configmap: 84fd9626779d2b7fc64dc85cfbfa1cea1edb062f6e8cdba7dcf88d4637b73fa5 + checksum/install_info: 3b9b3e85592ca511f47e6f39152d86a2c22f1ecc6fe577f4a9f78fa7e78097a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From b0dc8985cad3b92a5af69a93f442d6d479a32dff Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Thu, 30 Jan 2025 11:08:06 -0600 Subject: [PATCH 07/20] Fix --- charts/datadog/templates/NOTES.txt | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index b230a1218..10c17693f 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -404,16 +404,6 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} -{{- if .Values.datadog.networkMonitoring.enabled }} - -####################################################################################### -#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### -####################################################################################### - -{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} - -{{- end }} - {{- end }} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} From e1c96c280af5bb2caa43583f96b5c920c7880f45 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Thu, 6 Feb 2025 13:34:51 -0500 Subject: [PATCH 08/20] Enable apparmor profile on gke autopilot for system-probe --- charts/datadog/templates/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index c202299ff..5fe549773 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -55,7 +55,7 @@ spec: checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - {{- if and (.Values.agents.podSecurity.apparmor.enabled) (not .Values.providers.gke.autopilot) }} + {{- if and (.Values.agents.podSecurity.apparmor.enabled) }} container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} {{- end }} {{- if semverCompare "<1.19.0" .Capabilities.KubeVersion.Version }} From 90b0c78f8fb6cf54b97b6da7a9a1d9fc9e2de863 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Thu, 6 Feb 2025 17:16:19 -0500 Subject: [PATCH 09/20] Enable securityContext on gke autopilot --- charts/datadog/templates/_containers-init-linux.yaml | 4 ---- charts/datadog/templates/_system-probe-init.yaml | 2 -- 2 files changed, 6 deletions(-) diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index fd0636250..e50dac6f6 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,8 +1,6 @@ {{- define "containers-init-linux" -}} - name: init-volume -{{- if not .Values.providers.gke.autopilot }} {{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["bash", "-c"] @@ -15,9 +13,7 @@ resources: {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config -{{- if not .Values.providers.gke.autopilot }} {{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/charts/datadog/templates/_system-probe-init.yaml b/charts/datadog/templates/_system-probe-init.yaml index cfea181fc..a9defec32 100644 --- a/charts/datadog/templates/_system-probe-init.yaml +++ b/charts/datadog/templates/_system-probe-init.yaml @@ -1,8 +1,6 @@ {{- define "system-probe-init" -}} - name: seccomp-setup -{{- if not .Values.providers.gke.autopilot }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: From 700f22fa3891e12c8a876d4154c561e5173f0c2c Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 6 Feb 2025 19:59:58 -0500 Subject: [PATCH 10/20] Fix npm for autopilot and GDC (#1679) * fix npm and autopilot and gdc * fix ci * newline * bump chart version and update baselines --- charts/datadog/CHANGELOG.md | 5 +- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 14 ++ .../_container-host-release-volumemounts.yaml | 6 +- .../baseline/Operator_Deployment_default.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 18 +- .../cluster-agent-deployment_default.yaml | 24 +-- ...loyment_default_advanced_AC_injection.yaml | 24 +-- ...ployment_default_minimal_AC_injection.yaml | 24 +-- test/datadog/baseline/daemonset_default.yaml | 60 +++---- .../baseline/gdc_daemonset_default.yaml | 39 ++--- .../gdc_daemonset_logs_collection.yaml | 39 ++--- test/datadog/baseline/other_default.yaml | 164 +++++++++--------- 14 files changed, 218 insertions(+), 205 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 36da26925..0f005d308 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.91.0 + +* Enable `system-probe` container on GKE Autopilot. + ## 3.90.2 * Adds env vars `DD_AGENT_IPC_PORT` and `DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL` when Otel Agent is enabled and adds flag `--sync-delay=30s` to otel agent. @@ -10,7 +14,6 @@ ## 3.90.0 -* Enable `system-probe` container on GKE Autopilot * Set default `Agent` and `Cluster-Agent` version to `7.62.0`. ## 3.89.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 7388e6921..aa398ce1e 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.90.2 +version: 3.91.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 3a29aa8a9..db10fd946 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.90.2](https://img.shields.io/badge/Version-3.90.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.91.0](https://img.shields.io/badge/Version-3.91.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 10c17693f..ebbc04e51 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -420,6 +420,20 @@ On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'da {{- end }} +{{- if .Values.providers.gke.gdc }} + +{{- if .Values.datadog.networkMonitoring.enabled }} + +####################################################################################### +#### WARNING: Network Performance Monitoring is not supported on GKE GDC #### +####################################################################################### + +{{- fail "On GKE GDC environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} + +{{- end }} + +{{- end }} + {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} ################################################################################### diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 59b36e002..274b176af 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,13 +1,15 @@ {{- define "linux-container-host-release-volumemounts" -}} {{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} - {{- if and (eq (include "should-enable-system-probe" .) "true") (not .Values.providers.gke.gdc) }} + {{- if not .Values.providers.gke.gdc }} + {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} readOnly: true - {{- else if .Values.datadog.osReleasePath }} + {{- else if .Values.datadog.osReleasePath }} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} readOnly: true + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index a1e2c5a8e..b373cd360 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.5.1 + helm.sh/chart: datadog-operator-2.5.2 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.11.1" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 5d3bc118c..7c6570c18 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: clusterchecks-agent - + spec: replicas: 2 revisionHistoryLimit: 10 @@ -33,11 +33,11 @@ spec: app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 82707f47b0bfc55fc39a2740339e31da8b81064a3a1af2eb7ad07b8cefca2060 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 247c426a527d3914cf4c9ed1f016b3ba0b4797064af564486f45cd0b2f13174d + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -76,7 +76,7 @@ spec: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: - + - name: KUBERNETES value: "yes" - name: DD_API_KEY @@ -129,8 +129,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - + + resources: {} volumeMounts: @@ -189,4 +189,4 @@ spec: app: datadog-clusterchecks topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 42c4e4eb1..3e5ea25b0 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,14 +33,14 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 2a79fd54ee54b48b65cf8755fb30c0a8709de2d17d4498be14a4f81d7e62c7e6 - checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b - checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 + checksum/clusteragent_token: a456a0b0db2dcb0a05cc06a3b8cccd630ce47a103199f363970edeb225ed57e7 + checksum/clusteragent-configmap: 04f78cc8c755f4c6debb07948b1bf8318109acb1f32d624857bf409e9e7570c0 + checksum/api_key: 657e19756058df21cac9dd8bdb1289cdf8ab0a632155ce5b9cd382881874a62f checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -90,7 +90,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -119,8 +119,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -183,7 +183,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -268,4 +268,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index ea0c906ab..50822929f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,14 +33,14 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: - checksum/clusteragent_token: da73eb12114a230565e36abba3c29649d8fd0c8dd4fa0940ef4ef23512120e52 - checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b - checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 + checksum/clusteragent_token: 8d8f3cd91285a7d6e1507a1f1435fc5fd21778965cf685a462238553841a2daf + checksum/clusteragent-configmap: 04f78cc8c755f4c6debb07948b1bf8318109acb1f32d624857bf409e9e7570c0 + checksum/api_key: 657e19756058df21cac9dd8bdb1289cdf8ab0a632155ce5b9cd382881874a62f checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -90,7 +90,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -119,8 +119,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED @@ -197,7 +197,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -282,4 +282,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a464794c9..a6b62bf7d 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,13 +6,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,14 +33,14 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 041ef1801306228d46d7eec4638bca9ce06c2ed5d1a158f9d03fae036e5a5661 - checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b - checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 + checksum/clusteragent_token: 443892528b5e1ffddee461bdd9a241aa564cd5126cf4d6f36b7af5d50a94d884 + checksum/clusteragent-configmap: 04f78cc8c755f4c6debb07948b1bf8318109acb1f32d624857bf409e9e7570c0 + checksum/api_key: 657e19756058df21cac9dd8bdb1289cdf8ab0a632155ce5b9cd382881874a62f checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -90,7 +90,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -119,8 +119,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED @@ -193,7 +193,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -278,4 +278,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 9a1eb8c25..b89003e13 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,13 +6,13 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: agent - + spec: revisionHistoryLimit: 10 selector: @@ -27,16 +27,16 @@ spec: app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + name: datadog annotations: - checksum/clusteragent_token: 174aed95311830aaf174696e8c52c338f13193ff6b513fa2407bccf3de9cf236 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: f9c45c3e8cd387fc09e0d57c3d5395387e3c674a00806e2a8a26e14454a0a262 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 hostPID: true @@ -45,7 +45,7 @@ spec: image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -62,7 +62,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -75,9 +75,9 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - - + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -124,7 +124,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -134,7 +134,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -146,7 +146,7 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - + - name: os-release-file mountPath: /host/etc/os-release readOnly: true @@ -156,12 +156,12 @@ spec: - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + - name: dsdsocket mountPath: /var/run/datadog readOnly: false @@ -209,7 +209,7 @@ spec: - name: trace-agent image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: {} ports: @@ -226,7 +226,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -239,7 +239,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -249,7 +249,7 @@ spec: secretKeyRef: name: datadog-cluster-agent key: token - + - name: DD_LOG_LEVEL value: "INFO" - name: DD_APM_ENABLED @@ -276,7 +276,7 @@ spec: valueFrom: configMapKeyRef: name: datadog-kpi-telemetry-configmap - key: install_type + key: install_type volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -301,12 +301,12 @@ spec: - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + livenessProbe: initialDelaySeconds: 15 periodSeconds: 15 @@ -314,7 +314,7 @@ spec: port: 8126 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -326,7 +326,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: @@ -345,7 +345,7 @@ spec: mountPath: /host/proc mountPropagation: None readOnly: true - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None @@ -360,7 +360,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -373,7 +373,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + resources: {} volumes: @@ -384,7 +384,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -424,4 +424,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 081844391..aa71a7b89 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,13 +30,13 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 7fc9f30808ea0383822036c8c312145acf9d5ffbce9dfd4e4fa2c58ee6885cee - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: b1ce037acd1ae38c7dd524a44aa9bab7cab5c3679696633ffcac0dea97152aec + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 containers: @@ -44,7 +44,7 @@ spec: image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -61,7 +61,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -87,8 +87,8 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - - + + - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -123,7 +123,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -133,7 +133,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -145,18 +145,15 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true + - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - - + + - name: kubelet-cert-volume mountPath: /certs livenessProbe: @@ -190,7 +187,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -202,7 +199,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: @@ -224,7 +221,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -260,7 +257,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -280,4 +277,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 62cb605c5..52a59100e 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,13 +30,13 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 5251a960464770e4370d189d056f28e10e31380da0f2313f0c2448897e2624ec - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: c477368060c394d653969d3cbce514a56824150a477be33eb4fecaf6e702c9b1 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 containers: @@ -44,7 +44,7 @@ spec: image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -61,7 +61,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -87,8 +87,8 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - - + + - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -123,7 +123,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -133,7 +133,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -145,18 +145,15 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true + - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - - + + - name: pointerdir mountPath: /opt/datadog-agent/run mountPropagation: None @@ -202,7 +199,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -214,7 +211,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: @@ -236,7 +233,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -272,7 +269,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -301,4 +298,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 36dfcaf14..ab63ebcf0 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.91.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.91.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "akJERTVsWGplWTZEZXdPMFVLalFlS2FSZVhaWTlvU1E=" + token: "Rjh4VG1qODNFVWdNR0F5RG5RMWs4cWJ3VGU0OWR1S0k=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,7 +149,7 @@ data: {} annotations_as_tags: {} - + kubernetes_apiserver.yaml: |- init_config: instances: @@ -164,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.90.1 + installer_version: datadog-3.91.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "2481de20-14d7-4ee6-9a7a-c2ef5ed1a195" - install_time: "1738785665" + install_id: "a8722398-d4d1-4608-ae54-a267838ef60d" + install_time: "1738887322" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -426,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -522,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -577,7 +577,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -597,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -617,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -674,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -696,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -717,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -740,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -762,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.91.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -788,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.90.1" + chart: "datadog-3.91.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,13 +817,13 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: agent - + spec: revisionHistoryLimit: 10 selector: @@ -838,16 +838,16 @@ spec: app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + name: datadog annotations: - checksum/clusteragent_token: 2f5e57327770b567fc1dafc71318aa2f3c850df1ef4977ec5fe26197b8834136 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: df5542e15c4a6b2ca3cafa45d4f4dd9885dacbdd3b5e859a78b7eb09a873d3bc + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 hostPID: true @@ -856,7 +856,7 @@ spec: image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -873,7 +873,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -886,9 +886,9 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - - + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -932,11 +932,11 @@ spec: value: "/var/run/datadog/dsd.socket" - name: DD_EXTRA_CONFIG_PROVIDERS value: "endpointschecks" - + - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -946,7 +946,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -958,7 +958,7 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - + - name: os-release-file mountPath: /host/etc/os-release readOnly: true @@ -968,12 +968,12 @@ spec: - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + - name: dsdsocket mountPath: /var/run/datadog readOnly: false @@ -1021,7 +1021,7 @@ spec: - name: trace-agent image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: {} ports: @@ -1038,7 +1038,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1051,7 +1051,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -1061,7 +1061,7 @@ spec: secretKeyRef: name: datadog-cluster-agent key: token - + - name: DD_LOG_LEVEL value: "INFO" - name: DD_APM_ENABLED @@ -1088,7 +1088,7 @@ spec: valueFrom: configMapKeyRef: name: datadog-kpi-telemetry-configmap - key: install_type + key: install_type volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -1113,12 +1113,12 @@ spec: - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + livenessProbe: initialDelaySeconds: 15 periodSeconds: 15 @@ -1126,7 +1126,7 @@ spec: port: 8126 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1138,7 +1138,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: @@ -1157,7 +1157,7 @@ spec: mountPath: /host/proc mountPropagation: None readOnly: true - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None @@ -1172,7 +1172,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1185,7 +1185,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + resources: {} volumes: @@ -1196,7 +1196,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -1245,13 +1245,13 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: clusterchecks-agent - + spec: replicas: 2 revisionHistoryLimit: 10 @@ -1272,11 +1272,11 @@ spec: app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 1b27814030c156af6fcafca3ca9274edebf20699c821e892d77c4c7d740a2f5b - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 5a3ebcf850d185370c74eb30bfc4943a792c0aaff1358543224a8c0a7e1882bb + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1315,7 +1315,7 @@ spec: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: - + - name: KUBERNETES value: "yes" - name: DD_API_KEY @@ -1368,8 +1368,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - + + resources: {} volumeMounts: @@ -1437,13 +1437,13 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.90.1' + helm.sh/chart: 'datadog-3.91.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -1464,12 +1464,12 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1176d3833b7a6e7565e239de5bb77df64ee32f35d85f852534db02422215ba35 - checksum/clusteragent-configmap: 9f0ae9132099384f08acb30e2ef9005327efa60bf64fe70444720d4b538bbf21 - checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 + checksum/clusteragent_token: 2125e0b8c18f02677614776f5826a96ecdf6be8393e9acdc9a096b538337b316 + checksum/clusteragent-configmap: 86190a6d13b82b58a4a3158761c458fd0009ae0cfd622e7c98e02207e8361074 + checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -1519,7 +1519,7 @@ spec: name: "datadog-secret" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1548,8 +1548,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -1614,7 +1614,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -1699,4 +1699,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file From 50f0ebec52b0fbe1bcb9cd54d5aee074c6ce7cd2 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Fri, 7 Feb 2025 11:15:41 -0500 Subject: [PATCH 11/20] Fix --- charts/datadog/templates/daemonset.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 5fe549773..27fa3d25c 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -62,12 +62,9 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.providers.gke.autopilot) }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} - {{- if .Values.providers.gke.autopilot }} - autopilot.gke.io/no-connect: "true" - {{- end }} {{- if .Values.agents.podAnnotations }} {{ tpl (toYaml .Values.agents.podAnnotations) . | indent 8 }} {{- end }} From 0836fe5e60ce99231a44985c70b8c922b87e4208 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 10 Feb 2025 16:53:10 -0500 Subject: [PATCH 12/20] fix changelog and add note about required GKE version --- charts/datadog/CHANGELOG.md | 1654 +++++++++++++++++------------------ 1 file changed, 827 insertions(+), 827 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0f005d308..198828c04 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -2,7 +2,7 @@ ## 3.91.0 -* Enable `system-probe` container on GKE Autopilot. +* Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1376000 or later). ## 3.90.2 @@ -26,198 +26,198 @@ ## 3.88.2 -- Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. +* Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. ## 3.88.1 -- Disable SBOM monitoring features for GKE Autopilot, as they are not supported +* Disable SBOM monitoring features for GKE Autopilot, as they are not supported ## 3.88.0 -- Set default `Agent` and `Cluster-Agent` version to `7.61.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.61.0`. ## 3.87.2 -- Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. +* Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. ## 3.87.1 -- Add the ability to set the image tag to use for the APM Injector. +* Add the ability to set the image tag to use for the APM Injector. ## 3.87.0 -- Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. ## 3.86.0 -- Add `delete` permission for `datadog-webhook` Admission Registration RBACs. +* Add `delete` permission for `datadog-webhook` Admission Registration RBACs. ## 3.85.0 -- Add `datadog.discovery.enabled` configuration to control service-discovery. +* Add `datadog.discovery.enabled` configuration to control service-discovery. ## 3.84.4 -- Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. +* Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. ## 3.84.3 -- Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. +* Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. ## 3.84.2 -- Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. -- Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. +* Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. +* Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. ## 3.84.1 -- Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet +* Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet ## 3.84.0 -- Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. +* Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. ## 3.83.1 -- Add /sys/fs/bpf to system-probe volume mounts +* Add /sys/fs/bpf to system-probe volume mounts ## 3.83.0 -- Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). -- Added the configuration value `datadog.disableDefaultOsReleasePaths` to disable mounting the default "os-release" file paths from the host filesystem (e.g., `/etc/redhat-release`, `/etc/fedora-release`, etc.). Note that this change does not affect the `datadog.osReleasePath` option. To avoid mounting the `/etc/os-release` host path, set the `datadog.osReleasePath` configuration value to an empty string. This option should be used when the underlying OS does not have these files (e.g., Talos OS). -- Add `providers.talos.enabled` to simplify agent deployment configuration on Talos OS. +* Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +* Added the configuration value `datadog.disableDefaultOsReleasePaths` to disable mounting the default "os-release" file paths from the host filesystem (e.g., `/etc/redhat-release`, `/etc/fedora-release`, etc.). Note that this change does not affect the `datadog.osReleasePath` option. To avoid mounting the `/etc/os-release` host path, set the `datadog.osReleasePath` configuration value to an empty string. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +* Add `providers.talos.enabled` to simplify agent deployment configuration on Talos OS. ## 3.82.0 -- Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. +* Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. ## 3.81.2 -- Fix ci values.yaml files name to be taken into account by the ci job. +* Fix ci values.yaml files name to be taken into account by the ci job. ## 3.81.1 -- Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 +* Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 ## 3.81.0 -- Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. +* Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. ## 3.80.0 -- Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. +* Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. ## 3.79.1 -- Document how to use `datadog.envDict` option with the `--set` helm's flag. +* Document how to use `datadog.envDict` option with the `--set` helm's flag. ## 3.79.0 -- Add Logs Collection support for Google GKE on GDC +* Add Logs Collection support for Google GKE on GDC ## 3.78.0 -- Set default `Agent` and `Cluster-Agent` version to `7.59.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. ## 3.77.3 -- Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. +* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. ## 3.77.2 -- Add the ability to include Security Contexts at the container level for Cluster Checks Runners. +* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. ## 3.77.1 -- Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. +* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. ## 3.77.0 -- Add experimental support for overlayfs direct scan for SBOMs +* Add experimental support for overlayfs direct scan for SBOMs ## 3.76.3 -- Add `podisruptionbudgets` RBAC to the Cluster Agent. +* Add `podisruptionbudgets` RBAC to the Cluster Agent. ## 3.76.2 -- Fix warning message displayed when installing/upgrading the Agent with OTel collector. -- Add preview message in values.yaml file. +* Fix warning message displayed when installing/upgrading the Agent with OTel collector. +* Add preview message in values.yaml file. ## 3.76.1 -- Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. +* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. ## 3.76.0 -- Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. +* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. ## 3.75.0 -- Set default `Agent` and `Cluster-Agent` version to `7.58.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. ## 3.74.6 -- Fix error message for when System Probe is enabled on GKE Autopilot +* Fix error message for when System Probe is enabled on GKE Autopilot ## 3.74.5 -- Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. +* Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. ## 3.74.4 -- Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. +* Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. ## 3.74.3 -- Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. +* Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. ## 3.74.2 -- Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). +* Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). ## 3.74.1 -- Pass components env variables to the cluster checks runner deployment pod spec. +* Pass components env variables to the cluster checks runner deployment pod spec. ## 3.74.0 -- Simplify OTel Agent OOTB pipelines: - - Remove `traces/otlp` pipeline from the default OTel Agent config - - Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. +* Simplify OTel Agent OOTB pipelines: + * Remove `traces/otlp` pipeline from the default OTel Agent config + * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. ## 3.73.3 -- Fix a few typos on OTel Agent configs. +* Fix a few typos on OTel Agent configs. ## 3.73.2 -- Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. +* Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. ## 3.73.1 -- Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. +* Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. ## 3.73.0 -- Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. +* Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. ## 3.72.1 -- Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. +* Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. ## 3.72.0 -- Set default `Agent` and `Cluster-Agent` version to `7.57.2`. +* Set default `Agent` and `Cluster-Agent` version to `7.57.2`. ## 3.71.2 -- Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger -- Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger +* Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger +* Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger ## 3.71.1 -- Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 +* Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 ## 3.71.0 @@ -225,281 +225,281 @@ ## 3.70.7 -- Set default `Agent` and `Cluster-Agent` version to `7.56.2`. +* Set default `Agent` and `Cluster-Agent` version to `7.56.2`. ## 3.70.6 -- Add private beta note for OTel Collector. +* Add private beta note for OTel Collector. ## 3.70.5 -- Set default `Agent` and `Cluster-Agent` version to `7.56.1`. +* Set default `Agent` and `Cluster-Agent` version to `7.56.1`. ## 3.70.4 -- Improve support for `processAgent.runInCoreAgent` feature. +* Improve support for `processAgent.runInCoreAgent` feature. ## 3.70.3 -- Update `fips.image.tag` to `1.1.4` +* Update `fips.image.tag` to `1.1.4` ## 3.70.2 -- Add admission controller port to cilium network policy for the cluster agent +* Add admission controller port to cilium network policy for the cluster agent ## 3.70.1 -- Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value +* Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value ## 3.70.0 -- Set default `Agent` and `Cluster-Agent` version to `7.56.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.56.0`. ## 3.69.3 -- Update `datadog-crds` dependency to `1.7.2`. +* Update `datadog-crds` dependency to `1.7.2`. ## 3.69.2 -- Allow activation of autoscaling. +* Allow activation of autoscaling. ## 3.69.1 -- Set default `Agent` and `Cluster-Agent` version to `7.55.2`. +* Set default `Agent` and `Cluster-Agent` version to `7.55.2`. ## 3.69.0 -- Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. +* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. ## 3.68.2 -- Fix datadog.containerLifecycle.enabled conditional statement to accept false value +* Fix datadog.containerLifecycle.enabled conditional statement to accept false value ## 3.68.1 -- Add automatic detection for enablement of process agent container. +* Add automatic detection for enablement of process agent container. ## 3.68.0 -- Set default `Agent` and `Cluster-Agent` version to `7.55.1`. +* Set default `Agent` and `Cluster-Agent` version to `7.55.1`. ## 3.67.5 -- Add support for `processAgent.runInCoreAgent` as an experimental feature. +* Add support for `processAgent.runInCoreAgent` as an experimental feature. ## 3.67.4 -- Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. +* Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. ## 3.67.3 -- Make sure that disabling CSPM host benchmarks is propagated to the agent. +* Make sure that disabling CSPM host benchmarks is propagated to the agent. ## 3.67.2 -- Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions +* Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions ## 3.67.1 -- Update `fips.image.tag` to `1.1.3` +* Update `fips.image.tag` to `1.1.3` ## 3.67.0 -- Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. +* Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. ## 3.66.1 -- Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. +* Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. ## 3.66.0 -- Set default `Agent` and `Cluster-Agent` version to `7.54.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.54.0`. ## 3.65.3 -- Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. +* Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. ## 3.65.2 -- Do not enable live process collection by default when language detection is enabled for `APM SSI`. +* Do not enable live process collection by default when language detection is enabled for `APM SSI`. ## 3.65.1 -- Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. +* Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. ## 3.65.0 -- Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). +* Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). ## 3.64.1 -- Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). +* Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). ## 3.64.0 -- Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default +* Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default ## 3.63.0 -- Set kubelet core check to be enabled by default +* Set kubelet core check to be enabled by default ## 3.62.1 -- Update `fips.image.tag` to `1.1.2` +* Update `fips.image.tag` to `1.1.2` ## 3.62.0 -- Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default +* Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default ## 3.61.0 -- Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used - Note: this requires agent/cluster agent version 7.53.0+ +* Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used + Note: this requires agent/cluster agent version 7.53.0+ ## 3.60.0 -- Set default `Agent` and `Cluster-Agent` version to `7.53.0` +* Set default `Agent` and `Cluster-Agent` version to `7.53.0` ## 3.59.7 -- Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry -- No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, - that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. +* Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry +* No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, + that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. ## 3.59.6 -- Add configuration option datadog.apm.instrumentation.skipKPITelemetry. +* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. ## 3.59.5 -- Set default `Agent` and `Cluster-Agent` version to `7.52.1`. +* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. ## 3.59.4 -- Add language detection enable option for `APM` instrumentation. +* Add language detection enable option for `APM` instrumentation. ## 3.59.3 -- Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. +* Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. ## 3.59.2 -- Disable language detection reporting by default in Cluster Agent with Agent 7.52+. +* Disable language detection reporting by default in Cluster Agent with Agent 7.52+. ## 3.59.1 -- Add support for configuring Agent sidecar injection using Admission Controller. +* Add support for configuring Agent sidecar injection using Admission Controller. ## 3.59.0 -- Set default `Agent` and `Cluster-Agent` version to `7.52.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.52.0`. ## 3.58.1 -- Fix typo in PodSecurityPolicy warning note. +* Fix typo in PodSecurityPolicy warning note. ## 3.58.0 -- Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: -- `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. -- `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. -- `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. +* Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: +* `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. +* `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. +* `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. ## 3.57.3 -- Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. +* Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. ## 3.57.2 -- Add `networkpolicies` default permission for the cluster agent. +* Add `networkpolicies` default permission for the cluster agent. ## 3.57.1 -- Allow configuring CWS security profile based auto suppression feature and enable it by default. +* Allow configuring CWS security profile based auto suppression feature and enable it by default. ## 3.57.0 -- Set default `Agent` and `Cluster-Agent` version to `7.51.0`. +* Set default `Agent` and `Cluster-Agent` version to `7.51.0`. ## 3.56.0 -- Allow templating of `datadog.clusterName`. +* Allow templating of `datadog.clusterName`. ## 3.55.0 -- Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. +* Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. ## 3.54.2 -- Set `DD_APM_ENABLED` value in the core agent container to properly report its value. +* Set `DD_APM_ENABLED` value in the core agent container to properly report its value. ## 3.54.1 -- Migrate from `kubeval` to `kubeconform` for ci chart validation. +* Migrate from `kubeval` to `kubeconform` for ci chart validation. ## 3.53.3 -- Update `fips.image.tag` to `1.1.1` +* Update `fips.image.tag` to `1.1.1` ## 3.53.2 -- Exclude agent pod from labels injection from the admission controller. +* Exclude agent pod from labels injection from the admission controller. ## 3.53.1 -- Update `fips.image.tag` to `1.1.0` +* Update `fips.image.tag` to `1.1.0` ## 3.53.0 -- Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. +* Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. ## 3.52.0 -- Allow configuring CWS security profile features and enable drift events by default +* Allow configuring CWS security profile features and enable drift events by default ## 3.51.2 -- Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. +* Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. ## 3.51.1 -- Parametrize the name of kpi-telemetry-configmap. +* Parametrize the name of kpi-telemetry-configmap. ## 3.51.0 -- Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. +* Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. ## 3.50.5 -- Add option to use containerd snapshotter to generate SBOMs. +* Add option to use containerd snapshotter to generate SBOMs. ## 3.50.4 -- Mount host files for proper OS detection in SBOMs. +* Mount host files for proper OS detection in SBOMs. ## 3.50.3 -- Set default `Agent` and `Cluster-Agent` version to `7.50.3`. +* Set default `Agent` and `Cluster-Agent` version to `7.50.3`. ## 3.50.2 -- Support automatic registry selection based on `datadog.site` on GKE Autopilot. +* Support automatic registry selection based on `datadog.site` on GKE Autopilot. ## 3.50.1 -- Set default `Agent` and `Cluster-Agent` version to `7.50.2`. +* Set default `Agent` and `Cluster-Agent` version to `7.50.2`. ## 3.50.0 -- Set default `Agent` and `Cluster-Agent` version to `7.50.1`. +* Set default `Agent` and `Cluster-Agent` version to `7.50.1`. ## 3.49.9 -- Update `fips.image.tag` to `1.0.1` +* Update `fips.image.tag` to `1.0.1` ## 3.49.8 -- Mount host package manager database when host SBOM is enabled. +* Mount host package manager database when host SBOM is enabled. ## 3.49.7 @@ -511,1195 +511,1195 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.49.5 -- Fix registry selection with GKE Autopilot until new registries are allowed. +* Fix registry selection with GKE Autopilot until new registries are allowed. ## 3.49.4 -- Exclude a namespace with Datadog resources from APM Single Step Instrumentation +* Exclude a namespace with Datadog resources from APM Single Step Instrumentation ## 3.49.3 -- Fix NOTES warning for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +* Fix NOTES warning for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.2 -- Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.1 -- Update `fips.image.tag` to `1.0.0` +* Update `fips.image.tag` to `1.0.0` ## 3.49.0 -- Beta: Add `datadog.apm.instrumentation` section to configure APM Single Step Instrumentation +* Beta: Add `datadog.apm.instrumentation` section to configure APM Single Step Instrumentation ## 3.48.0 -- Set default `Agent` and `Cluster-Agent` version to `7.49.1`. +* Set default `Agent` and `Cluster-Agent` version to `7.49.1`. ## 3.47.2 -- Fix CI following enabling container image collection by default. +* Fix CI following enabling container image collection by default. ## 3.47.1 -- Fix `registry` being ignored even if set. +* Fix `registry` being ignored even if set. ## 3.47.0 -- `registry` is now set automatically adapted based on `datadog.site` value. Still default to `gcr.io/datadoghq` if not set. +* `registry` is now set automatically adapted based on `datadog.site` value. Still default to `gcr.io/datadoghq` if not set. ## 3.46.0 -- Enable container image collection by default. +* Enable container image collection by default. ## 3.45.0 -- Separate values for `DD_CONTAINER_INCLUDE` and `DD_CONTAINER_EXCLUDE` in `Agent` and `Cluster-Agent` - Note: this requires agent/cluster agent version 7.50.0+ +* Separate values for `DD_CONTAINER_INCLUDE` and `DD_CONTAINER_EXCLUDE` in `Agent` and `Cluster-Agent` + Note: this requires agent/cluster agent version 7.50.0+ ## 3.44.1 -- Fix local agent Kubernetes service to include APM traceport +* Fix local agent Kubernetes service to include APM traceport ## 3.44.0 -- Remove buggy `chmod` directive in the init container of the cluster agent. +* Remove buggy `chmod` directive in the init container of the cluster agent. ## 3.43.2 -- Remove line break in helpers tpl file that prevents the chart from rendering in older Helm versions. +* Remove line break in helpers tpl file that prevents the chart from rendering in older Helm versions. ## 3.43.1 -- Fix docstring typos and remove unneeded lines. +* Fix docstring typos and remove unneeded lines. ## 3.43.0 -- Default `Agent` and `Cluster-Agent` to `7.49.0` version. +* Default `Agent` and `Cluster-Agent` to `7.49.0` version. ## 3.42.1 -- Bump FIPS proxy OpenSSL version to 3.0.12 +* Bump FIPS proxy OpenSSL version to 3.0.12 ## 3.42.0 -- Allow enabling SBOM collection for host and container images. +* Allow enabling SBOM collection for host and container images. ## 3.41.0 -- Enable container lifecycle events collection by default. +* Enable container lifecycle events collection by default. ## 3.40.4 -- Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService` +* Add the option `clusterAgent.metricsProvider.registerAPIService` to allow user to disable registering external-metrics server as an `APIService` ## 3.40.3 -- Default `Agent` and `Cluster-Agent` to `7.48.1` version. +* Default `Agent` and `Cluster-Agent` to `7.48.1` version. ## 3.40.2 -- Gate `PodSecurityPolicy` RBAC for k8s versions which no longer support this deprecated API. +* Gate `PodSecurityPolicy` RBAC for k8s versions which no longer support this deprecated API. ## 3.40.1 -- Add support for initContainer volume mounts +* Add support for initContainer volume mounts ## 3.40.0 -- Default `Agent` and `Cluster-Agent` to `7.48.0` version. +* Default `Agent` and `Cluster-Agent` to `7.48.0` version. ## 3.39.3 -- Omit cluster check and leader election in orchestrator check configuration if custom resources are provided +* Omit cluster check and leader election in orchestrator check configuration if custom resources are provided ## 3.39.2 -- Support custom resources and custom resource definitions collection in orchestrator explorer +* Support custom resources and custom resource definitions collection in orchestrator explorer ## 3.39.1 -- Add `kubeStateMetricsCore.collectConfigMaps` config field to the Agent +* Add `kubeStateMetricsCore.collectConfigMaps` config field to the Agent ## 3.39.0 -- Add a new parameter `datadog.leaderElectionResource` to select which resource lock to use in the leader election. Can be `leases(s)` in agent 7.47+, `configmap(s)`, or empty for auto detection. +* Add a new parameter `datadog.leaderElectionResource` to select which resource lock to use in the leader election. Can be `leases(s)` in agent 7.47+, `configmap(s)`, or empty for auto detection. ## 3.38.4 -- Add `orchestrator_explorer.enabled` for the Agent +* Add `orchestrator_explorer.enabled` for the Agent ## 3.38.3 -- Update `fips.image.tag` to `0.6.0` +* Update `fips.image.tag` to `0.6.0` ## 3.38.2 -- Skip references to PodSecurityPolicy where the support of this API has been dropped. +* Skip references to PodSecurityPolicy where the support of this API has been dropped. ## 3.38.1 -- Enable Remote Config by default on the host agent only +* Enable Remote Config by default on the host agent only ## 3.38.0 -- Default `Agent` and `Cluster-Agent` to `7.47.1` version. +* Default `Agent` and `Cluster-Agent` to `7.47.1` version. ## 3.37.1 -- Temporarily revert enabling Remote Config by default +* Temporarily revert enabling Remote Config by default ## 3.37.0 -- Rename `datadog.securityAgent.compliance.xccdf.enabled` parameter to `datadog.securityAgent.compliance.host_benchmarks.enabled`. +* Rename `datadog.securityAgent.compliance.xccdf.enabled` parameter to `datadog.securityAgent.compliance.host_benchmarks.enabled`. ## 3.36.4 -- Disable Remote Config on the cluster checks runner +* Disable Remote Config on the cluster checks runner ## 3.36.3 -- Mount `/etc/passwd` in process agent only if `datadog.processAgent.processCollection` or `datadog.processAgent.processDiscovery` is enabled. +* Mount `/etc/passwd` in process agent only if `datadog.processAgent.processCollection` or `datadog.processAgent.processDiscovery` is enabled. ## 3.36.2 -- Update `fips.image.tag` to `0.5.5` which upgrades HAProxy to 2.4.24 and zlib to 1.3 +* Update `fips.image.tag` to `0.5.5` which upgrades HAProxy to 2.4.24 and zlib to 1.3 ## 3.36.1 -- Add option to enable CWS security profiles (runtime anomaly detection) +* Add option to enable CWS security profiles (runtime anomaly detection) ## 3.36.0 -- Enable Remote Config by default +* Enable Remote Config by default ## 3.35.2 -- Fix Agent Service Account Name used in `RoleBinding` for Secret Backend permissions when in GKE Autopliot +* Fix Agent Service Account Name used in `RoleBinding` for Secret Backend permissions when in GKE Autopliot ## 3.35.1 -- Add permissions to curl `/metrics/slis` to agent cluster role. +* Add permissions to curl `/metrics/slis` to agent cluster role. ## 3.35.0 -- Default `Agent` and `Cluster-Agent` to `7.47.0` version. +* Default `Agent` and `Cluster-Agent` to `7.47.0` version. ## 3.34.3 -- Fix extra empty line in helmchecks, issue [#953](https://github.com/DataDog/helm-charts/issues/953). +* Fix extra empty line in helmchecks, issue [#953](https://github.com/DataDog/helm-charts/issues/953). ## 3.34.2 -- Add containerPort 8000/TCP to `cluster-agent` deployment for Admission Controller. +* Add containerPort 8000/TCP to `cluster-agent` deployment for Admission Controller. ## 3.34.1 -- Fix `clusterAgent.admissionController.webhookName` RBAC to avoid restricting `create` by resource name. +* Fix `clusterAgent.admissionController.webhookName` RBAC to avoid restricting `create` by resource name. ## 3.34.0 -- Introduced a new parameter `clusterAgent.admissionController.webhookName` for selecting the name of the mutating webhook. -- Narrowed the admission controller's RBAC scope in the cluster agent to only include a single resourceName, specifically `clusterAgent.admissionController.webhookName`. +* Introduced a new parameter `clusterAgent.admissionController.webhookName` for selecting the name of the mutating webhook. +* Narrowed the admission controller's RBAC scope in the cluster agent to only include a single resourceName, specifically `clusterAgent.admissionController.webhookName`. ## 3.33.10 -- Avoid creating the `DD_PROVIDER_KIND` environment variable twice for containers. +* Avoid creating the `DD_PROVIDER_KIND` environment variable twice for containers. ## 3.33.9 -- Add `fips.customFipsConfig` parameter to allow configuring FIPS proxy sidecar `datadog-fips-proxy.cfg` using a ConfigMap. +* Add `fips.customFipsConfig` parameter to allow configuring FIPS proxy sidecar `datadog-fips-proxy.cfg` using a ConfigMap. ## 3.33.8 -- Remove `mountPropagation` for `/etc/os-release` files. +* Remove `mountPropagation` for `/etc/os-release` files. ## 3.33.7 -- Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config +* Add additional intakes into `CiliumNetworkPolicy` for node Agent and Cluster Check Runner for profiling, network monitoring, dbm, and remote config ## 3.33.6 -- Ensure the core agent is aware that CSPM is enabled (for inventories purposes). +* Ensure the core agent is aware that CSPM is enabled (for inventories purposes). ## 3.33.5 -- Daemonset includes `logdatadog` volume when rendered for `targetSystem: "windows"` +* Daemonset includes `logdatadog` volume when rendered for `targetSystem: "windows"` ## 3.33.4 -- Update `fips.image.tag` to `0.5.4` increasing the health checks interval from 2 to 10 seconds in the FIPS compliant side car container +* Update `fips.image.tag` to `0.5.4` increasing the health checks interval from 2 to 10 seconds in the FIPS compliant side car container ## 3.33.3 -- Remove `datadog.dataStreamsMonitoring.enabled` parameter. +* Remove `datadog.dataStreamsMonitoring.enabled` parameter. ## 3.33.2 -- Add emptyDir and volumeMounts for Agent log files in Windows containers to fix log file access +* Add emptyDir and volumeMounts for Agent log files in Windows containers to fix log file access # 3.33.0 -- Default `Agent` and `Cluster-Agent` to `7.46.0` version. +* Default `Agent` and `Cluster-Agent` to `7.46.0` version. ## 3.32.8 -- Always set the Remote Configuration environment variable +* Always set the Remote Configuration environment variable ## 3.32.7 -- Update the cluster agent network policy to allow telemetry submission. +* Update the cluster agent network policy to allow telemetry submission. ## 3.32.6 -- Fix cluster agent pod failing to start when securityContext is set. +* Fix cluster agent pod failing to start when securityContext is set. ## 3.32.5 -- Fix comment for datadog.kubernetesEvents.collectedEventTypes in values.yaml. +* Fix comment for datadog.kubernetesEvents.collectedEventTypes in values.yaml. ## 3.32.4 -- Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp. +* Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp. ## 3.32.3 -- Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`. +* Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`. ## 3.32.2 -- Set the `priority` field of the OpenShift’s SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC. +* Set the `priority` field of the OpenShift’s SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC. ## 3.32.1 -- Add AP1 Site Comment at `value.yaml`. -- Fix CVE in the FIPS compliant side car container +* Add AP1 Site Comment at `value.yaml`. +* Fix CVE in the FIPS compliant side car container ## 3.32.0 -- Add a new preferred parameter to enable Remote Configuration on both the agent and the cluster agent. +* Add a new preferred parameter to enable Remote Configuration on both the agent and the cluster agent. ## 3.31.0 -- Default `Agent` and `Cluster-Agent` to `7.45.0` version. +* Default `Agent` and `Cluster-Agent` to `7.45.0` version. ## 3.30.10 -- Updated pointerdir mountPath for Windows deployments. +* Updated pointerdir mountPath for Windows deployments. ## 3.30.9 -- Pass its pod name to the cluster-agent. This is used by cluster agent 7.46+ to make leader election work when using host network. +* Pass its pod name to the cluster-agent. This is used by cluster agent 7.46+ to make leader election work when using host network. ## 3.30.8 -- Update `fips.image.tag` to `0.5.2` version +* Update `fips.image.tag` to `0.5.2` version ## 3.30.7 -- Fix Windows support of `agents.customAgentConfig` to avoid bind mount of a file. +* Fix Windows support of `agents.customAgentConfig` to avoid bind mount of a file. ## 3.30.6 -- Adds `datadog.kubeStateMetricsCore.collectApiServicesMetrics` (`false` by default) to collect apiservices metrics in Kube State Metrics Core. - Note: APIServices metrics collection requires Cluster Agent 7.45.0+. +* Adds `datadog.kubeStateMetricsCore.collectApiServicesMetrics` (`false` by default) to collect apiservices metrics in Kube State Metrics Core. + Note: APIServices metrics collection requires Cluster Agent 7.45.0+. ## 3.30.5 -- Add `list` and `watch` permissions of `apiservices` resources for the `kubernetes_state_core` check. +* Add `list` and `watch` permissions of `apiservices` resources for the `kubernetes_state_core` check. ## 3.30.4 -- Remove USM private beta comments. +* Remove USM private beta comments. ## 3.30.3 -- Remove resourceName field from `create` permission of `leases` in `cluster-agent-rbac`. +* Remove resourceName field from `create` permission of `leases` in `cluster-agent-rbac`. ## 3.30.2 -- Add `get`, `create`, `update` permissions of `leases` to `cluster-agent-rbac`. +* Add `get`, `create`, `update` permissions of `leases` to `cluster-agent-rbac`. ## 3.30.1 -- Remove guidance that users must manually convert tag syntax for `labelsAsTags` +* Remove guidance that users must manually convert tag syntax for `labelsAsTags` ## 3.30.0 -- Add `datadog.dataStreamsMonitoring.enabled` parameter to enable Data Stream Monitoring. +* Add `datadog.dataStreamsMonitoring.enabled` parameter to enable Data Stream Monitoring. ## 3.29.3 -- Add `inotify_add_watch`, `inotify_init`, `inotify_init1`, and `inotify_rm_watch` to the default seccomp profile of system-probe. +* Add `inotify_add_watch`, `inotify_init`, `inotify_init1`, and `inotify_rm_watch` to the default seccomp profile of system-probe. ## 3.29.2 -- Default `Agent` and `Cluster-Agent` to `7.44.1` version. +* Default `Agent` and `Cluster-Agent` to `7.44.1` version. ## 3.29.1 -- Add `customresourcedefinitions` option to enable CRD metrics collection in KSM Core. +* Add `customresourcedefinitions` option to enable CRD metrics collection in KSM Core. ## 3.29.0 -- Add `datadog.securityAgent.compliance.xccdf.enabled` parameter to enable XCCDF feature in CSPM. +* Add `datadog.securityAgent.compliance.xccdf.enabled` parameter to enable XCCDF feature in CSPM. ## 3.28.1 -- Add `memfd_create` syscall to seccomp profile for system-probe. +* Add `memfd_create` syscall to seccomp profile for system-probe. ## 3.28.0 -- Adding support to use a FIPS compliant side car container in the Datadog Cluster Agent, the Datadog Agent, and the Datadog Cluster Check Runners pods. +* Adding support to use a FIPS compliant side car container in the Datadog Cluster Agent, the Datadog Agent, and the Datadog Cluster Check Runners pods. ## 3.27.0 -- Default `Agent` and `Cluster-Agent` to `7.44.0` version. +* Default `Agent` and `Cluster-Agent` to `7.44.0` version. ## 3.26.2 -- Adds statx syscall to seccomp for system-probe +* Adds statx syscall to seccomp for system-probe ## 3.26.1 -- Add support for `topologySpreadConstraints` in pod templates +* Add support for `topologySpreadConstraints` in pod templates ## 3.26.0 -- Default `Agent` and `Cluster-Agent` to `7.43.2` version. +* Default `Agent` and `Cluster-Agent` to `7.43.2` version. ## 3.25.5 -- Adds securityContext and resource annotations for initContainers in cluster agent +* Adds securityContext and resource annotations for initContainers in cluster agent ## 3.25.4 -- Add `list` and `watch` permissions of `customresourcedefinitions` to `kube-state-metrics-core-rbac`. +* Add `list` and `watch` permissions of `customresourcedefinitions` to `kube-state-metrics-core-rbac`. ## 3.25.3 -- Remote Config is now enabled even if the Cluster Agent is disabled. +* Remote Config is now enabled even if the Cluster Agent is disabled. ## 3.25.2 -- Fix a bug with `datadog.remoteConfiguration.enabled` where Remote Config was only enabled for the main agent container but not other containers such as the trace-agent. +* Fix a bug with `datadog.remoteConfiguration.enabled` where Remote Config was only enabled for the main agent container but not other containers such as the trace-agent. ## 3.25.1 -- Fix CI to unblock release of charts +* Fix CI to unblock release of charts ## 3.25.0 -- Automatically collect Security Profiles when CWS is enabled. +* Automatically collect Security Profiles when CWS is enabled. ## 3.24.0 -- Move `kube-state-metrics` default image registry from k8s.gcr.io to registry.k8s.io. +* Move `kube-state-metrics` default image registry from k8s.gcr.io to registry.k8s.io. ## 3.23.0 -- Injects additional environment variables in the Cluster Agent -- Add `clusterAgent.rbac.flareAdditionalPermissions` parameter to enable user Helm values retrieval in DCA flare (`true` by default) +* Injects additional environment variables in the Cluster Agent +* Add `clusterAgent.rbac.flareAdditionalPermissions` parameter to enable user Helm values retrieval in DCA flare (`true` by default) ## 3.22.0 -- Auto-configure `clusterAgent.admissionController.configMode` based on `datadog.apm.socketEnabled|portEnabled`. +* Auto-configure `clusterAgent.admissionController.configMode` based on `datadog.apm.socketEnabled|portEnabled`. ## 3.21.0 -- Add `datadog.remoteConfiguration.enabled` parameter to enable remote configuration. +* Add `datadog.remoteConfiguration.enabled` parameter to enable remote configuration. ## 3.20.3 -- Fix command script in linux init container to prevent blocking deployment in GKE Autopilot on Rapid release channel. -- Only mount DogStatsD socket in non-Autopilot environments. +* Fix command script in linux init container to prevent blocking deployment in GKE Autopilot on Rapid release channel. +* Only mount DogStatsD socket in non-Autopilot environments. ## 3.20.2 -- Fix R/W volume mounts for CRI on Windows +* Fix R/W volume mounts for CRI on Windows ## 3.20.1 -- Fix command args in linux init container to prevent blocking deployment in GKE Autopilot. +* Fix command args in linux init container to prevent blocking deployment in GKE Autopilot. ## 3.20.0 -- Enable CWS network detections by default. +* Enable CWS network detections by default. ## 3.19.2 -- Fix R/W volume mounts in init containers on Windows +* Fix R/W volume mounts in init containers on Windows ## 3.19.1 -- Mount emptyDir volumes in `/etc/datadog-agent` and `/tmp` to allow the cluster-agent to write files in those - locations with read-only root filesystem. +* Mount emptyDir volumes in `/etc/datadog-agent` and `/tmp` to allow the cluster-agent to write files in those + locations with read-only root filesystem. ## 3.19.0 -- Declare `readOnly` in volumeMounts. +* Declare `readOnly` in volumeMounts. ## 3.18.0 -- Default `Agent` and `Cluster-Agent` image tags to `7.43.1`. +* Default `Agent` and `Cluster-Agent` image tags to `7.43.1`. ## 3.17.1 -- Fix Cilium egress rules to kube-apiserver entities. +* Fix Cilium egress rules to kube-apiserver entities. ## 3.17.0 -- Add the following configurations which allow environment variables to be defined in a dictionary: - - `agents.containers.agent.envDict` - - `agents.containers.processAgent.envDict` - - `agents.containers.securityAgent.envDict` - - `agents.containers.systemProbe.envDict` - - `agents.containers.traceAgent.envDict` - - `clusterAgent.envDict` - - `clusterChecksRunner.envDict` - - `datadog.envDict` +* Add the following configurations which allow environment variables to be defined in a dictionary: + * `agents.containers.agent.envDict` + * `agents.containers.processAgent.envDict` + * `agents.containers.securityAgent.envDict` + * `agents.containers.systemProbe.envDict` + * `agents.containers.traceAgent.envDict` + * `clusterAgent.envDict` + * `clusterChecksRunner.envDict` + * `datadog.envDict` ## 3.16.2 -- Mount an emptyDir volume in `/opt/datadog-agent/run` to allow the cluster-agent to write files in that location - with read-only root filesystem. +* Mount an emptyDir volume in `/opt/datadog-agent/run` to allow the cluster-agent to write files in that location + with read-only root filesystem. ## 3.16.1 -- Fix `cluster-agent` deployment to allow the cluster-agent to write file in `/var/log/datadog` when it runs with - read-only root filesystem. +* Fix `cluster-agent` deployment to allow the cluster-agent to write file in `/var/log/datadog` when it runs with + read-only root filesystem. ## 3.16.0 -- Add new checksum to cluster agent deployment base on all cluster-agent configmap configuration. +* Add new checksum to cluster agent deployment base on all cluster-agent configmap configuration. ## 3.15.0 -- Beta: Enable remote configuration if `clusterAgent.admissionController.remoteInstrumentation` is enabled. +* Beta: Enable remote configuration if `clusterAgent.admissionController.remoteInstrumentation` is enabled. ## 3.14.0 -- Make the root filesystem of the cluster agent container read only by default +* Make the root filesystem of the cluster agent container read only by default ## 3.13.0 -- Beta: Support APM library injection with Remote Configuration. +* Beta: Support APM library injection with Remote Configuration. ## 3.12.0 -- Add `automountServiceAccountToken` option to configure automatic mounting of ServiceAccount's API credentials +* Add `automountServiceAccountToken` option to configure automatic mounting of ServiceAccount's API credentials ## 3.11.0 -- Default `Agent` and `Cluster-Agent` image tags to `7.43.0`. +* Default `Agent` and `Cluster-Agent` image tags to `7.43.0`. ## 3.10.9 -- Default `Agent` and `Cluster-Agent` image tags to `7.42.2`. +* Default `Agent` and `Cluster-Agent` image tags to `7.42.2`. ## 3.10.8 -- Fix `cluster-agent` SCC, remove duplicate `users` field. +* Fix `cluster-agent` SCC, remove duplicate `users` field. ## 3.10.7 -- Default `Agent` and `Cluster-Agent` image tags to `7.42.1`. +* Default `Agent` and `Cluster-Agent` image tags to `7.42.1`. ## 3.10.6 -- Includes the imagePullPolicy key for the seccomp-setup container template +* Includes the imagePullPolicy key for the seccomp-setup container template ## 3.10.5 -- Only expose the shared volume for the auth-token in non autopilot environments. +* Only expose the shared volume for the auth-token in non autopilot environments. ## 3.10.4 -- Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env` +* Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env` ## 3.10.3 -- Fix default `hostPid` value set to true on Windows. -- Fix auth token path value on Windows. +* Fix default `hostPid` value set to true on Windows. +* Fix auth token path value on Windows. ## 3.10.1 -- Fix: add missing `DAC_READ_SEARCH` capability in agent PSP and SCC (openshift) +* Fix: add missing `DAC_READ_SEARCH` capability in agent PSP and SCC (openshift) ## 3.10.0 -- Default `Agent` and `Cluster-Agent` image tags to `7.42.0`. +* Default `Agent` and `Cluster-Agent` image tags to `7.42.0`. ## 3.9.0 -- Set processDiscovery to be true by default +* Set processDiscovery to be true by default ## 3.8.1 -- Update docs for `datadog.otlp.receiver.protocols.grpc.endpoint` +* Update docs for `datadog.otlp.receiver.protocols.grpc.endpoint` ## 3.8.0 -- Add `providers.gke.cos` option to prevent `/usr/src` from being mounted on COS +* Add `providers.gke.cos` option to prevent `/usr/src` from being mounted on COS ## 3.7.3 -- Add support for Secret Annotations using `datadog.SecretAnnotations` helm value +* Add support for Secret Annotations using `datadog.SecretAnnotations` helm value ## 3.7.2 -- Rename dogstatsd port on the Agent Service to match the name of the dogstatsd port in the Agent pod (`dogstatsd -> dogstatsdport`). +* Rename dogstatsd port on the Agent Service to match the name of the dogstatsd port in the Agent pod (`dogstatsd -> dogstatsdport`). ## 3.7.1 -- Add required capability to system-probe in order to make the `auth_token` file readable. +* Add required capability to system-probe in order to make the `auth_token` file readable. ## 3.7.0 -- Add `datadog.kubernetesEvents.*` options to configure new Kubernetes unbundling events feature. - (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) -- Add `datadog.clusterTagger.*` options to configure the Kubernetes cluster-tagger feature. - (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) -- Create `components-common-env` to define shared environment variable between "agent" and "cluster-agent" containers, and refactor `containers-common-env`. +* Add `datadog.kubernetesEvents.*` options to configure new Kubernetes unbundling events feature. + (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) +* Add `datadog.clusterTagger.*` options to configure the Kubernetes cluster-tagger feature. + (This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above.) +* Create `components-common-env` to define shared environment variable between "agent" and "cluster-agent" containers, and refactor `containers-common-env`. ## 3.6.9 -- Add `auth_token` to all the containers. +* Add `auth_token` to all the containers. ## 3.6.8 -- Add missing RBAC rules for collection of Vertical Pod Autoscaler resources in the Orchestrator Explorer. +* Add missing RBAC rules for collection of Vertical Pod Autoscaler resources in the Orchestrator Explorer. ## 3.6.7 -- Default `Agent` and `Cluster-Agent` image tags to `7.41.1`. +* Default `Agent` and `Cluster-Agent` image tags to `7.41.1`. ## 3.6.6 -- Fix missing volumeMount in `security-agent` container when `datadog.kubelet.hostCAPath` is provided. +* Fix missing volumeMount in `security-agent` container when `datadog.kubelet.hostCAPath` is provided. ## 3.6.5 -- Fix missing Cluster Agent configuration in `security-agent` if CSPM is not actived. +* Fix missing Cluster Agent configuration in `security-agent` if CSPM is not actived. ## 3.6.4 -- Change nesting for `providers.aks.enabled` parameter in Helm template. +* Change nesting for `providers.aks.enabled` parameter in Helm template. ## 3.6.3 -- Add `datadog.kubeStateMetricsCore.annotationsAsTags` that expose the `annotations_as_tags` parameter of the KSM core check. - This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above. +* Add `datadog.kubeStateMetricsCore.annotationsAsTags` that expose the `annotations_as_tags` parameter of the KSM core check. + This parameter exists only in agent 7.42.0 and above and cluster-agent 7.42.0 and above. # 3.6.2 -- Add CRDs to the cluster agent RBAC to be able to collect them using the Orchestrator Explorer. +* Add CRDs to the cluster agent RBAC to be able to collect them using the Orchestrator Explorer. ## 3.6.1 -- Add `providers.aks.enabled` parameter to activate specific configuration options for AKS. +* Add `providers.aks.enabled` parameter to activate specific configuration options for AKS. ## 3.6.0 -- Update "Agent" and "Cluster-Agent" versions to `7.41.0` by default. +* Update "Agent" and "Cluster-Agent" versions to `7.41.0` by default. ## 3.5.2 -- Fix API Key check in NOTES.txt following change of default value for `datadog.apiKey`. -- Fix failure if PSP activated in Kubernetes 1.25 (PSP have been removed). +* Fix API Key check in NOTES.txt following change of default value for `datadog.apiKey`. +* Fix failure if PSP activated in Kubernetes 1.25 (PSP have been removed). ## 3.5.1 -- Removing default value placeholder for the API Key in the values.yaml. +* Removing default value placeholder for the API Key in the values.yaml. ## 3.5.0 -- Remove runtime compilation-related config values `enableKernelHeaderDownload` and `enableRuntimeCompiler` in the system-probe. +* Remove runtime compilation-related config values `enableKernelHeaderDownload` and `enableRuntimeCompiler` in the system-probe. ## 3.4.0 -- Add `datadog.systemProbe.btfPath` for mounting user-provided BTF files (see datadog-agent PRs #13962 and #14096 for more context). +* Add `datadog.systemProbe.btfPath` for mounting user-provided BTF files (see datadog-agent PRs #13962 and #14096 for more context). ## 3.3.3 -- Add a warning note to alert users about suboptimal configuration of Cluster Checks Runner. +* Add a warning note to alert users about suboptimal configuration of Cluster Checks Runner. ## 3.3.2 -- Fix GKE Autopilot mounts in the `trace-agent` container and `hostPid` setting for the Agent pods +* Fix GKE Autopilot mounts in the `trace-agent` container and `hostPid` setting for the Agent pods ## 3.3.1 -- Remove `mountPropagation` for `*-release` files in `/etc`. It is not needed for individual files. +* Remove `mountPropagation` for `*-release` files in `/etc`. It is not needed for individual files. ## 3.3.0 -- Add datadog.hostPID option and deprecate datadog.dogstatsd.hostPID. +* Add datadog.hostPID option and deprecate datadog.dogstatsd.hostPID. ## 3.2.2 -- Mount `/host/proc` and `/host/sys/fs/cgroup` in trace-agent container for better support of container tagging +* Mount `/host/proc` and `/host/sys/fs/cgroup` in trace-agent container for better support of container tagging ## 3.2.1 -- Default "Agent" and "Cluster-Agent" image tag to `7.40.1`. +* Default "Agent" and "Cluster-Agent" image tag to `7.40.1`. ## 3.2.0 -- Default "Agent" and "Cluster-Agent" image tag to `7.40.0`. +* Default "Agent" and "Cluster-Agent" image tag to `7.40.0`. ## 3.1.11 -- Allow disabling use of the Host Port when enabling OTLP Ingest for Agent -- Add OTLP Ingest ports to Agent Service, to be used when Host Port is disabled +* Allow disabling use of the Host Port when enabling OTLP Ingest for Agent +* Add OTLP Ingest ports to Agent Service, to be used when Host Port is disabled ## 3.1.10 -- Default "Agent" and "Cluster-Agent" image tag to `7.39.2`. +* Default "Agent" and "Cluster-Agent" image tag to `7.39.2`. ## 3.1.9 -- Add `faccessat` to system-probe seccomp profile. +* Add `faccessat` to system-probe seccomp profile. ## 3.1.8 -- Add `clone3` and `rseq` to system-probe seccomp profile. +* Add `clone3` and `rseq` to system-probe seccomp profile. ## 3.1.7 -- Fix the configuration of the default seccomp profile for system-probe +* Fix the configuration of the default seccomp profile for system-probe ## 3.1.6 -- Fix usage of `generate-security-context` helper. +* Fix usage of `generate-security-context` helper. ## 3.1.5 -- Use `securityContext.seccompProfile` instead of annotations for system-probe on kubernetes 1.19+. +* Use `securityContext.seccompProfile` instead of annotations for system-probe on kubernetes 1.19+. ## 3.1.4 -- Default "Agent" and "Cluster-Agent" image tag to `7.39.1`. +* Default "Agent" and "Cluster-Agent" image tag to `7.39.1`. ## 3.1.3 -- Add `datadog.helmCheck.valuesAsTags` option to collect helm values and use them as tags. +* Add `datadog.helmCheck.valuesAsTags` option to collect helm values and use them as tags. ## 3.1.2 -- Add `datadog.securityAgent.runtime.activityDump.enabled` configuration to enable CWS activity dumps. +* Add `datadog.securityAgent.runtime.activityDump.enabled` configuration to enable CWS activity dumps. ## 3.1.1 -- Set default value for `datadog.systemProbe.enableKernelHeaderDownload` to `true` +* Set default value for `datadog.systemProbe.enableKernelHeaderDownload` to `true` ## 3.1.0 -- Default Agent image to `7.39.0`. -- Default Cluster-Agent image to `7.39.0`. Cluster-Agent versioning is now aligned with the Agent. +* Default Agent image to `7.39.0`. +* Default Cluster-Agent image to `7.39.0`. Cluster-Agent versioning is now aligned with the Agent. ## 3.0.4 -- Fix preventing mounting os-release in GKE autopilot for all containers. +* Fix preventing mounting os-release in GKE autopilot for all containers. ## 3.0.3 -- Add `faccessat2` to allowed actions in system-probe seccomp profile. +* Add `faccessat2` to allowed actions in system-probe seccomp profile. ## 3.0.2 -- Allow disabling kubeStateMetricsCore rbac creation. +* Allow disabling kubeStateMetricsCore rbac creation. ## 3.0.1 -- Add `datadog.systemProbe.enableDefaultKernelHeadersPaths` option that allows - to choose whether to mount the default kernel headers paths. +* Add `datadog.systemProbe.enableDefaultKernelHeadersPaths` option that allows + to choose whether to mount the default kernel headers paths. ## 3.0.0 -- Minimum version of the Agent supported is 7.36.0 and minimum version of the Cluster Agent supported is 1.20.0. -- Disable the legacy KSM check and enable the KSM core check by default. -- Drop support for Helm 2. +* Minimum version of the Agent supported is 7.36.0 and minimum version of the Cluster Agent supported is 1.20.0. +* Disable the legacy KSM check and enable the KSM core check by default. +* Drop support for Helm 2. ## 2.37.9 -- Add `DD_PROMETHEUS_SCRAPE_VERSION` to Cluster Agent to match Agent version +* Add `DD_PROMETHEUS_SCRAPE_VERSION` to Cluster Agent to match Agent version ## 2.37.8 -- Fix the volumeMount duplication in `system-probe` container if `datadog.osReleasePath` value - corresponds to one of the default os-release-paths automatically mounted. -- Add the option to disable the default os-release path mount linked to `system-probe` container. +* Fix the volumeMount duplication in `system-probe` container if `datadog.osReleasePath` value + corresponds to one of the default os-release-paths automatically mounted. +* Add the option to disable the default os-release path mount linked to `system-probe` container. ## 2.37.7 -- Fix Windows nodes deployment: do not mount `container-host-release-volumemounts` if - the `targetSystem` is "Windows". +* Fix Windows nodes deployment: do not mount `container-host-release-volumemounts` if + the `targetSystem` is "Windows". ## 2.37.6 -- Add `chmod` to allowed actions in system-probe seccomp profile +* Add `chmod` to allowed actions in system-probe seccomp profile ## 2.37.5 -- Mount host release files for proper host OS detection +* Mount host release files for proper host OS detection ## 2.37.4 -- Add `digest` as a configurable value for all datadog images used +* Add `digest` as a configurable value for all datadog images used ## 2.37.3 -- Update default agent image version tag to `7.38.2`. -- Rename view CI values.yaml files to be executed by the CI. +* Update default agent image version tag to `7.38.2`. +* Rename view CI values.yaml files to be executed by the CI. ## 2.37.2 -- Set traced_cgroups_count default value to 0 in the system-config file for CWS. +* Set traced_cgroups_count default value to 0 in the system-config file for CWS. ## 2.37.1 -- Default Datadog Agent image to `7.38.1`. +* Default Datadog Agent image to `7.38.1`. ## 2.37.0 -- Default Datadog Agent image to `7.38.0`. -- Default Datadog Cluster Agent image to `1.22.0`. +* Default Datadog Agent image to `7.38.0`. +* Default Datadog Cluster Agent image to `1.22.0`. ## 2.36.9 -- Add `/etc/dnf/vars` and `/etc/yum/vars` to the default package management directories mounted for kernel header downloading. +* Add `/etc/dnf/vars` and `/etc/yum/vars` to the default package management directories mounted for kernel header downloading. ## 2.36.8 -- Add `datadog.clusterName` on clusterCheckRunner pods +* Add `datadog.clusterName` on clusterCheckRunner pods ## 2.36.7 -- Add `priorityPreemptionPolicyValue` as a configurable value on the Agent charts +* Add `priorityPreemptionPolicyValue` as a configurable value on the Agent charts ## 2.36.6 -- Fix GKE Autopilot installation. The `process-agent` command must - use the `-config` argument to be compliant with the Datadog Agent's - GKE Autopilot security profile. +* Fix GKE Autopilot installation. The `process-agent` command must + use the `-config` argument to be compliant with the Datadog Agent's + GKE Autopilot security profile. ## 2.36.5 -- Use `regexFind` in favor of `mustRegexFind` to support helm2. +* Use `regexFind` in favor of `mustRegexFind` to support helm2. ## 2.36.4 -- Support `commonlabels` configuration to be able to add common labels on all resources created by the chart. +* Support `commonlabels` configuration to be able to add common labels on all resources created by the chart. ## 2.36.3 -- Fix usage of deprecated command flags in the process-agent. +* Fix usage of deprecated command flags in the process-agent. ## 2.36.2 -- Documentation updates to comments in some agent templates +* Documentation updates to comments in some agent templates ## 2.36.1 -- Add `datadog.otlp` section to configure OTLP ingest. +* Add `datadog.otlp` section to configure OTLP ingest. ## 2.36.0 -- Default Datadog Agent image to `7.37.1`. -- Default Datadog Cluster Agent image to `1.21.0`. +* Default Datadog Agent image to `7.37.1`. +* Default Datadog Cluster Agent image to `1.21.0`. ## 2.35.6 -- Fix `include` in clusterchecks deployment template. +* Fix `include` in clusterchecks deployment template. ## 2.35.5 -- Allow cross-DCA communication in DCA `NetworkPolicy` and `CiliumNetworkPolicy` +* Allow cross-DCA communication in DCA `NetworkPolicy` and `CiliumNetworkPolicy` ## 2.35.4 -- Fix comments in `values.yaml` to allow a seamless `helm-docs` update. +* Fix comments in `values.yaml` to allow a seamless `helm-docs` update. ## 2.35.3 -- Add `openat2` to system-probe seccomp profile to fix issues with opening files. +* Add `openat2` to system-probe seccomp profile to fix issues with opening files. ## 2.35.2 -- Update RBACs and the default check configuration to collect ingress metrics in Kube State Metrics Core. - Note: Ingress metrics collection requires Cluster Agent 1.21+. +* Update RBACs and the default check configuration to collect ingress metrics in Kube State Metrics Core. + Note: Ingress metrics collection requires Cluster Agent 1.21+. ## 2.35.1 -- Fix Cluster-Agent SCC creation on openshift 3.x. +* Fix Cluster-Agent SCC creation on openshift 3.x. ## 2.35.0 -- The Admission Controller is now enabled by default. +* The Admission Controller is now enabled by default. ## 2.34.6 -- Avoid the error `: error calling eq: incompatible types for comparison` that can happen in older helm versions. +* Avoid the error `: error calling eq: incompatible types for comparison` that can happen in older helm versions. ## 2.34.5 -- Add `datadog.securityAgent.runtime.fimEnabled` configuration to enable CWS File Integrity Monitoring. +* Add `datadog.securityAgent.runtime.fimEnabled` configuration to enable CWS File Integrity Monitoring. ## 2.34.4 -- Add `clusterAgent.admissionController.failurePolicy` configuration to set the failure policy for dynamic admission control +* Add `clusterAgent.admissionController.failurePolicy` configuration to set the failure policy for dynamic admission control ## 2.34.3 -- Introduce `clusterAgent.admissionController.configMode` (requires Cluster Agent `1.20+`). It allows choosing the kind of configuration to be injected ("hostip", "service", or "socket"). +* Introduce `clusterAgent.admissionController.configMode` (requires Cluster Agent `1.20+`). It allows choosing the kind of configuration to be injected ("hostip", "service", or "socket"). ## 2.34.2 -- Default Cluster Agent image to `1.20.0`. +* Default Cluster Agent image to `1.20.0`. ## 2.34.1 -- Add the `datadog.secretBackend.enableGlobalPermissions` value, which when set to `false`, does not allow Datadog agents to read all secrets in all clusters. Defaults to `true`. -- Add the `datadog.secretBackend.roles` value, which creates `Role` and `RoleBinding` for each namespace defined. Allows for opt-in read permissions for secrets in those namespaces. +* Add the `datadog.secretBackend.enableGlobalPermissions` value, which when set to `false`, does not allow Datadog agents to read all secrets in all clusters. Defaults to `true`. +* Add the `datadog.secretBackend.roles` value, which creates `Role` and `RoleBinding` for each namespace defined. Allows for opt-in read permissions for secrets in those namespaces. ## 2.34.0 -- Default Datadog Agent image to `7.36.1`. +* Default Datadog Agent image to `7.36.1`. ## 2.33.8 -- Add `datadog.securityAgent.runtime.network.enabled` configuration to enable CWS network events. +* Add `datadog.securityAgent.runtime.network.enabled` configuration to enable CWS network events. ## 2.33.7 -- Fix inaccurate documentation example for `datadog.kubeStateMetricsCore.labelsAsTags`. +* Fix inaccurate documentation example for `datadog.kubeStateMetricsCore.labelsAsTags`. ## 2.33.6 -- Add `renameat2` to system-probe seccomp profile to fix issues with renaming files. +* Add `renameat2` to system-probe seccomp profile to fix issues with renaming files. ## 2.33.5 -- Make the DCA leader election ConfigMap name depend on the Helm release name. (Requires DCA 1.21+) +* Make the DCA leader election ConfigMap name depend on the Helm release name. (Requires DCA 1.21+) ## 2.33.4 -- Improves help message when only `.datadog.containerInclude` is defined but no `.datadog.containerExclude` +* Improves help message when only `.datadog.containerInclude` is defined but no `.datadog.containerExclude` ## 2.33.3 -- Add enableKernelHeaderDownload configuration option to system-probe. +* Add enableKernelHeaderDownload configuration option to system-probe. ## 2.33.2 -- Add `revisionHistoryLimit` to set the number of old ReplicaSets in the Deployment. +* Add `revisionHistoryLimit` to set the number of old ReplicaSets in the Deployment. ## 2.33.1 -- Default Datadog Agent image to `7.35.2`. +* Default Datadog Agent image to `7.35.2`. ## 2.33.0 -**_Warning:_** From this version onwards, on GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes namespace due to the following new constraints: +***Warning:*** From this version onwards, on GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes namespace due to the following new constraints: -- On GKE Autopilot, hardcode the "Agent" DaemonSet serviceAccountName. -- On GKE Autopilot, hardcode the "Install Info" ConfigMap name. +* On GKE Autopilot, hardcode the "Agent" DaemonSet serviceAccountName. +* On GKE Autopilot, hardcode the "Install Info" ConfigMap name. ## 2.32.6 -- Add `verticalpodautoscalers` in `kubernetes_state_core.yaml.default` to enable collection in KSM Core by default +* Add `verticalpodautoscalers` in `kubernetes_state_core.yaml.default` to enable collection in KSM Core by default ## 2.32.5 -- Fix process detection, by adding `kill` syscall with signal `0` to system-probe seccomp profile. +* Fix process detection, by adding `kill` syscall with signal `0` to system-probe seccomp profile. ## 2.32.4 -- Update `cluster-agent` image to the latest stable version: `1.19.0` +* Update `cluster-agent` image to the latest stable version: `1.19.0` ## 2.32.3 -- Fix Go CPU profiling, by adding `setitimer` to system-probe seccomp profile. +* Fix Go CPU profiling, by adding `setitimer` to system-probe seccomp profile. ## 2.32.2 -- Fix scheduling of Helm check due to missing `helm.yaml` in Cluster Agent `confd`. +* Fix scheduling of Helm check due to missing `helm.yaml` in Cluster Agent `confd`. ## 2.32.1 -- Remove usage of `concat` to restore compatibility with Helm2. +* Remove usage of `concat` to restore compatibility with Helm2. ## 2.32.0 -- Default Datadog Agent image to `7.35.0`. +* Default Datadog Agent image to `7.35.0`. ## 2.31.1 -- Improves how securityContext are set depending on the `targetSystem` option (fix #590). +* Improves how securityContext are set depending on the `targetSystem` option (fix #590). ## 2.31.0 -- Add `datadog.prometheusScrape.version` parameter to choose the version of the openmetrics check that the Prometheus auto-discovery should instantiate by default. - It now defaults to `2`, which requires an agent 7.34+. - It can be explicitely set to `1` to restore the behaviour of previous versions. +* Add `datadog.prometheusScrape.version` parameter to choose the version of the openmetrics check that the Prometheus auto-discovery should instantiate by default. + It now defaults to `2`, which requires an agent 7.34+. + It can be explicitely set to `1` to restore the behaviour of previous versions. ## 2.30.21 -- Add `datadog.kubelet.podLogsPath` to customize hostPath mounted in to get Kubernetes PODs logs. +* Add `datadog.kubelet.podLogsPath` to customize hostPath mounted in to get Kubernetes PODs logs. ## 2.30.20 -- Update "agents are spinning up" message to point towards the new Events Explorer +* Update "agents are spinning up" message to point towards the new Events Explorer ## 2.30.19 -- Update documentation for enabling NPM. +* Update documentation for enabling NPM. ## 2.30.18 -- Enforce use of `root` user for the node agent. +* Enforce use of `root` user for the node agent. ## 2.30.17 -- Add `datadog.helmCheck.collectEvents` to enable event collection in the Helm check. +* Add `datadog.helmCheck.collectEvents` to enable event collection in the Helm check. ## 2.30.16 -- Default Datadog CRD chart to `0.4.7`. +* Default Datadog CRD chart to `0.4.7`. ## 2.30.15 -- Default Datadog Agent image to `7.34.0`. -- Default Datadog Cluster-Agent image to `1.18.0`. +* Default Datadog Agent image to `7.34.0`. +* Default Datadog Cluster-Agent image to `1.18.0`. ## 2.30.14 -- Default Datadog Agent image to `7.33.1`. +* Default Datadog Agent image to `7.33.1`. ## 2.30.13 -- Feat: Add `shareProcessNamespace` parameter. +* Feat: Add `shareProcessNamespace` parameter. ## 2.30.12 -- Add an option to remove the container runtime socket access. +* Add an option to remove the container runtime socket access. ## 2.30.11 -- Fix CiliumNetworkPolicy: Allow sending support flares. +* Fix CiliumNetworkPolicy: Allow sending support flares. ## 2.30.10 -- Fix scheduling of Helm check. It's no longer scheduled on a daemonset agent. +* Fix scheduling of Helm check. It's no longer scheduled on a daemonset agent. ## 2.30.9 -- Add RBAC rules for Roles, RoleBindings, ClusterRoles, ClusterRoleBindings and ServiceAccounts in order to collect them in the Orchestrator Explorer from the Cluster-agent. +* Add RBAC rules for Roles, RoleBindings, ClusterRoles, ClusterRoleBindings and ServiceAccounts in order to collect them in the Orchestrator Explorer from the Cluster-agent. ## 2.30.8 -- Add option to enable Helm Check (requires Agent 7.35.0+ and Cluster Agent 1.19.0+). +* Add option to enable Helm Check (requires Agent 7.35.0+ and Cluster Agent 1.19.0+). ## 2.30.7 -- Add ingress RBAC rules for the Cluster Agent to collect ingress resources in the Orchestrator Explorer. (Feature available starting Cluster Agent v1.19) +* Add ingress RBAC rules for the Cluster Agent to collect ingress resources in the Orchestrator Explorer. (Feature available starting Cluster Agent v1.19) ## 2.30.6 -- Fix syntax of agents.podAnnotations to be aligned with other podAnnotations setting. +* Fix syntax of agents.podAnnotations to be aligned with other podAnnotations setting. ## 2.30.5 -- Add a new note to recommand to the Cluster Agent in HA mode when the `admission-controller` or the `metrics provider` are enabled. +* Add a new note to recommand to the Cluster Agent in HA mode when the `admission-controller` or the `metrics provider` are enabled. ## 2.30.4 -- Add PV and PVC RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +* Add PV and PVC RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.30.3 -- Add `datadog.logs.autoMultiLineDetection` parameter to setup automatic multi-line log detection - See - This new option requires an agent 7.32+. +* Add `datadog.logs.autoMultiLineDetection` parameter to setup automatic multi-line log detection + See + This new option requires an agent 7.32+. ## 2.30.2 -- rename the APM port in the local traffic policy service from `apm` to `traceport` +* rename the APM port in the local traffic policy service from `apm` to `traceport` ## 2.30.1 -- clusterAgent.tolerations documented in values.yaml +* clusterAgent.tolerations documented in values.yaml ## 2.30.0 -- Default Datadog Agent image to `7.33.0`. -- Default Datadog Cluster-Agent image to `1.17.0`. +* Default Datadog Agent image to `7.33.0`. +* Default Datadog Cluster-Agent image to `1.17.0`. ## 2.29.0 -- Add `agents.podSecurity.allowedUnsafeSysctls` parameter +* Add `agents.podSecurity.allowedUnsafeSysctls` parameter ## 2.28.15 -- Remove unused configuration option from system_probe.yaml to address error message: `Unknown key in config file: runtime_security_config.debug` +* Remove unused configuration option from system_probe.yaml to address error message: `Unknown key in config file: runtime_security_config.debug` ## 2.28.14 -- Update cluster-agent's podAntiAffinity from required to preferred +* Update cluster-agent's podAntiAffinity from required to preferred ## 2.28.13 -- Do not declare the volumes for `/etc/*-release` if there is no `system-probe`. - Only the `system-probe` container mounts them. +* Do not declare the volumes for `/etc/*-release` if there is no `system-probe`. + Only the `system-probe` container mounts them. ## 2.28.12 -- Fix some typos in comments +* Fix some typos in comments ## 2.28.11 -- Fix deprecation warning in examples caused by the `datadog.apm.enabled` parameter +* Fix deprecation warning in examples caused by the `datadog.apm.enabled` parameter ## 2.28.10 -- Update confd examples for the mysql integration +* Update confd examples for the mysql integration ## 2.28.9 -- Fix Cluster-Agent SCC creation on openshift 3.x. : remove unset parameters. +* Fix Cluster-Agent SCC creation on openshift 3.x. : remove unset parameters. ## 2.28.8 -- Fix `PodDisruptionBudget` api version definition when using `helm template`. +* Fix `PodDisruptionBudget` api version definition when using `helm template`. ## 2.28.7 -- Fix environment variables to be quoted correct with a loop and `quote` instead of `toYaml`. +* Fix environment variables to be quoted correct with a loop and `quote` instead of `toYaml`. ## 2.28.6 -- Update `PodDisruptionBudget` api version to get rid of `policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget` warning. +* Update `PodDisruptionBudget` api version to get rid of `policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget` warning. ## 2.28.5 -- Default Datadog Agent image to `7.32.4`. +* Default Datadog Agent image to `7.32.4`. ## 2.28.4 -- Add a new configuration section `datadog.secretBackend`. -- Configuring `datadog.secretBackend.command="/readsecret_multiple_providers.sh"` will add the secret permissions required by the `/readsecret_multiple_providers.sh` helper. +* Add a new configuration section `datadog.secretBackend`. +* Configuring `datadog.secretBackend.command="/readsecret_multiple_providers.sh"` will add the secret permissions required by the `/readsecret_multiple_providers.sh` helper. ## 2.28.3 -- Update `agents.podSecurity.capabilities` to contain all `agents.containers.systemProbe.securityContext.capabilities`. +* Update `agents.podSecurity.capabilities` to contain all `agents.containers.systemProbe.securityContext.capabilities`. ## 2.28.2 -- Fix conflict between `clusterAgent.confd` and `clusterAgent.advancedConfd`: merge the 2 ConfigMaps. +* Fix conflict between `clusterAgent.confd` and `clusterAgent.advancedConfd`: merge the 2 ConfigMaps. ## 2.28.1 -- Fix `CAP_CHOWN` capability configuration for system-probe. +* Fix `CAP_CHOWN` capability configuration for system-probe. ## 2.28.0 -- Create priority Class to better support environments such as GKE Autopilot. +* Create priority Class to better support environments such as GKE Autopilot. ## 2.27.10 -- Add `CAP_CHOWN` to the list of capabilities for system-probe. +* Add `CAP_CHOWN` to the list of capabilities for system-probe. ## 2.27.9 -- Adds `systemProbe.enableRuntimeCompiler`, `systemProbe.mountPackageManagementDirs` and `systemprobe.runtimeCompilationAssetDir` to configure eBPF runtime compiler in the system-probe. -- Adds `systemProbe.mountPackageManagementDirs` to configure what volumes are mounted in the system-probe for runtime compilation. -- Adds `systemProbe.osReleasePath` to configure what volume is mounted in the system-probe for host OS detection. -- Adds renameat, symlinkat and flock to the allow syscalls in the system-probe's seccomp profile. +* Adds `systemProbe.enableRuntimeCompiler`, `systemProbe.mountPackageManagementDirs` and `systemprobe.runtimeCompilationAssetDir` to configure eBPF runtime compiler in the system-probe. +* Adds `systemProbe.mountPackageManagementDirs` to configure what volumes are mounted in the system-probe for runtime compilation. +* Adds `systemProbe.osReleasePath` to configure what volume is mounted in the system-probe for host OS detection. +* Adds renameat, symlinkat and flock to the allow syscalls in the system-probe's seccomp profile. ## 2.27.8 -- Default Datadog Agent image to `7.32.3`. +* Default Datadog Agent image to `7.32.3`. ## 2.27.7 -- Nothing +* Nothing ## 2.27.6 -- Default Datadog Agent image to `7.32.2`. +* Default Datadog Agent image to `7.32.2`. ## 2.27.5 -- Fix bugs that prevented running the ksm core check as a cluster check. +* Fix bugs that prevented running the ksm core check as a cluster check. ## 2.27.4 -- Do not allow unsupported configs with the security agent in windows environments. -- Ensure autoconf/extra config files are mounted in windows environments. +* Do not allow unsupported configs with the security agent in windows environments. +* Ensure autoconf/extra config files are mounted in windows environments. ## 2.27.3 -- Fix CiliumNetworkPolicy: Update toFQDNs policy to include `agent-http-intake` endpoint. -- Fix CiliumNetworkPolicy: Update toFQDNs to include `api` endpoint. +* Fix CiliumNetworkPolicy: Update toFQDNs policy to include `agent-http-intake` endpoint. +* Fix CiliumNetworkPolicy: Update toFQDNs to include `api` endpoint. ## 2.27.2 -- Expose the `labels_as_tags` parameter of the KSM core check. - This parameter exists only in agent 7.32.0 and above and cluster-agent 1.16.0 and above. +* Expose the `labels_as_tags` parameter of the KSM core check. + This parameter exists only in agent 7.32.0 and above and cluster-agent 1.16.0 and above. # 2.27.1 -- Update README.md to clarify Helm 2 vs. Helm 3 instructions. -- Fix typos in README.md in `How to join a Cluster Agent from another helm chart deployment (Linux)`. -- Fixes a port number typo for the `datadog.apm.portEnabled` option from 8216 to 8126. +* Update README.md to clarify Helm 2 vs. Helm 3 instructions. +* Fix typos in README.md in `How to join a Cluster Agent from another helm chart deployment (Linux)`. +* Fixes a port number typo for the `datadog.apm.portEnabled` option from 8216 to 8126. # 2.27.0 -- Introduce `processAgent.processDiscovery` to configure `DD_PROCESS_AGENT_DISCOVERY_ENABLED` +* Introduce `processAgent.processDiscovery` to configure `DD_PROCESS_AGENT_DISCOVERY_ENABLED` ## 2.26.5 -- Add `verticalpodautoscalers` RBACs when `datadog.kubeStateMetricsCore.enabled` is `true` +* Add `verticalpodautoscalers` RBACs when `datadog.kubeStateMetricsCore.enabled` is `true` ## 2.26.4 -- Update API/APP keys secret management documentation. +* Update API/APP keys secret management documentation. ## 2.26.3 -- Update CRDs version to `0.4.5` (reduced size) +* Update CRDs version to `0.4.5` (reduced size) ## 2.26.2 -- Add support for Universal Service Monitoring (currently under private Beta) +* Add support for Universal Service Monitoring (currently under private Beta) ## 2.26.1 -- Update CRDs version to `0.4.4` +* Update CRDs version to `0.4.4` ## 2.26.0 -- Default Datadog Agent image to `7.32.1`. +* Default Datadog Agent image to `7.32.1`. ## 2.25.0 -- Adding the following `agents.daemonsetAnnotations`, `clusterAgent.deploymentAnnotation` and `clusterChecksRunner.deploymentAnnotations` parameters to allow custom annotations on the agent's deployments/daemonsets to be setup +* Adding the following `agents.daemonsetAnnotations`, `clusterAgent.deploymentAnnotation` and `clusterChecksRunner.deploymentAnnotations` parameters to allow custom annotations on the agent's deployments/daemonsets to be setup ## 2.24.1 -- Fix typo in variable name : `agents.localService.forceLocalServiceEnabled` +* Fix typo in variable name : `agents.localService.forceLocalServiceEnabled` ## 2.24.0 -- Default Datadog Agent image to `7.32.0`. -- Default Datadog Cluster Agent image to `1.16.0`. +* Default Datadog Agent image to `7.32.0`. +* Default Datadog Cluster Agent image to `1.16.0`. ## 2.23.6 -- Add `datadog.expvarPort` parameter to customize the default expvar default port to not conflict with the default clusteragent metrics port if running in hostNetwork mode. -- Defined cluster-agent containerPort `agentmetrics` to expose the default port, which is set to 5000 and already defined in the `NetworkPolicy` for the cluster-agent. +* Add `datadog.expvarPort` parameter to customize the default expvar default port to not conflict with the default clusteragent metrics port if running in hostNetwork mode. +* Defined cluster-agent containerPort `agentmetrics` to expose the default port, which is set to 5000 and already defined in the `NetworkPolicy` for the cluster-agent. ## 2.23.5 @@ -1707,1101 +1707,1101 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.23.4 -- Add a new configuration field `datadog.providers.eks.ec2.useHostnameFromFile` to allow use of host's `/var/lib/cloud/data/instance-id` for hostname detection. +* Add a new configuration field `datadog.providers.eks.ec2.useHostnameFromFile` to allow use of host's `/var/lib/cloud/data/instance-id` for hostname detection. ## 2.23.3 -- Add `agents.localService` parameters to customize the internal traffic policy service name and force its creation of Kubernetes 1.21. +* Add `agents.localService` parameters to customize the internal traffic policy service name and force its creation of Kubernetes 1.21. ## 2.23.2 -- Add an `agents.podSecurity.defaultApparmor` setting to allow customizing the default AppArmor profile used by all containers but `system-probe`. +* Add an `agents.podSecurity.defaultApparmor` setting to allow customizing the default AppArmor profile used by all containers but `system-probe`. ## 2.23.1 -- Fix APM reporting via `trace-agent` hostPort if `datadog.apm.enabled: true`. +* Fix APM reporting via `trace-agent` hostPort if `datadog.apm.enabled: true`. ## 2.23.0 -- Add new option to the Kubernetes State Metrics Core feature to run the Cluster Check on Cluster Check Workers. This option is meant to be leveraged in large clusters. +* Add new option to the Kubernetes State Metrics Core feature to run the Cluster Check on Cluster Check Workers. This option is meant to be leveraged in large clusters. ## 2.22.18 -- Do not configure `trace-agent` hostPort if `datadog.apm.portEnabled: false`. +* Do not configure `trace-agent` hostPort if `datadog.apm.portEnabled: false`. ## 2.22.17 -- Update general installation documentation and add how to disable APM. +* Update general installation documentation and add how to disable APM. ## 2.22.16 -- Support containerd on windows node with logs enabled. +* Support containerd on windows node with logs enabled. ## 2.22.15 -- Add a new configuration field `datadog.kubeStateMetricsCore.collectSecretMetrics` to allow disabling the collection of `kubernetes_state.secret.*` metrics by the `kubernetes_state_core` check. +* Add a new configuration field `datadog.kubeStateMetricsCore.collectSecretMetrics` to allow disabling the collection of `kubernetes_state.secret.*` metrics by the `kubernetes_state_core` check. ## 2.22.14 -- Apply security context capabilities to security-agent only if compliance is enabled. +* Apply security context capabilities to security-agent only if compliance is enabled. ## 2.22.13 -- Add configurable conntrack_init_timeout to sysprobe config. +* Add configurable conntrack_init_timeout to sysprobe config. ## 2.22.12 -- Replace the `prometheus` check targetting the Datadog Cluster Agent by the new `datadog_cluster_agent` integration. (Requires Datadog Agent 7.31+) +* Replace the `prometheus` check targetting the Datadog Cluster Agent by the new `datadog_cluster_agent` integration. (Requires Datadog Agent 7.31+) ## 2.22.11 -- Adds missing configuration option `DD_STRIP_PROCESS_ARGS` for the process agent. +* Adds missing configuration option `DD_STRIP_PROCESS_ARGS` for the process agent. ## 2.22.10 -- Default Datadog Agent image to `7.31.1`. -- Default Datadog Cluster Agent image to `1.15.1`. +* Default Datadog Agent image to `7.31.1`. +* Default Datadog Cluster Agent image to `1.15.1`. ## 2.22.9 -- Makes the runtime socket configurable when running on Windows instead of defaulting to `\\.\pipe\docker_engine`. +* Makes the runtime socket configurable when running on Windows instead of defaulting to `\\.\pipe\docker_engine`. ## 2.22.8 -- Add a service with local [internal traffic policy](https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/) for traces and dogstatsd. - This works only on Kubernetes 1.22 or more recent. +* Add a service with local [internal traffic policy](https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/) for traces and dogstatsd. + This works only on Kubernetes 1.22 or more recent. ## 2.22.7 -- Add a default required pod anti-affinity for the cluster agent. +* Add a default required pod anti-affinity for the cluster agent. ## 2.22.6 -- Adds missing configuration option for `DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS`. +* Adds missing configuration option for `DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS`. ## 2.22.5 -- Add support for using `envFrom` on all container definitions. +* Add support for using `envFrom` on all container definitions. ## 2.22.4 -- Cluster Agent: `DD_TAGS` are included even when Datadog is not set as metrics provider. +* Cluster Agent: `DD_TAGS` are included even when Datadog is not set as metrics provider. ## 2.22.3 -- CiliumNetworkPolicy: Grant access to the agent to ECS container agent via localhost. +* CiliumNetworkPolicy: Grant access to the agent to ECS container agent via localhost. ## 2.22.2 -- Bind mount host /etc/os-release in system probe container. +* Bind mount host /etc/os-release in system probe container. ## 2.22.1 -- Fix CiliumNetworkPolicy `port` field. +* Fix CiliumNetworkPolicy `port` field. ## 2.22.0 -- Default Datadog Agent image to 7.31.0. -- Default Datadog Cluster Agent image to 1.15.0. +* Default Datadog Agent image to 7.31.0. +* Default Datadog Cluster Agent image to 1.15.0. ## 2.21.5 -- Update descriptions for securityAgent configuration. +* Update descriptions for securityAgent configuration. ## 2.21.4 -- Fix condition for including `sysprobe-socket-dir` and `sysprobe-config` volume mounts for `agent`. +* Fix condition for including `sysprobe-socket-dir` and `sysprobe-config` volume mounts for `agent`. ## 2.21.3 -- Default Datadog Agent image to 7.30.1. +* Default Datadog Agent image to 7.30.1. ## 2.21.2 -- Fix Dogstatsd UDS socket configuration with a HostVolume when `useSocketVolume: true`. +* Fix Dogstatsd UDS socket configuration with a HostVolume when `useSocketVolume: true`. ## 2.21.1 -- Disable by default UDS socket for dogstastd and apm on GKE autopilot. +* Disable by default UDS socket for dogstastd and apm on GKE autopilot. ## 2.21.0 -- Enable APM by default with using a Unix Domain socket for communication. +* Enable APM by default with using a Unix Domain socket for communication. ## 2.20.4 -- Skip KSM network policy creation when KSM creation is disabled. +* Skip KSM network policy creation when KSM creation is disabled. ## 2.20.3 -- Add `agents.image.tagSuffix` and `clusterChecksRunner.image.tagSuffix` to be able to request JMX or Windows servercore images without having to explicitly specify the full version. +* Add `agents.image.tagSuffix` and `clusterChecksRunner.image.tagSuffix` to be able to request JMX or Windows servercore images without having to explicitly specify the full version. ## 2.20.2 -- Add an additional way to configure cluster check allowing multiple configs for the same check. +* Add an additional way to configure cluster check allowing multiple configs for the same check. ## 2.20.1 -- Add Statefulsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +* Add Statefulsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.20.0 -- Update default Agent image tag to `7.30.0` -- Update default Cluster-Agent image tag to `1.14.0` +* Update default Agent image tag to `7.30.0` +* Update default Cluster-Agent image tag to `1.14.0` ## 2.19.9 -- Print a configuration notice to clarify the containers filtering behavior when a misconfiguration is detected. +* Print a configuration notice to clarify the containers filtering behavior when a misconfiguration is detected. ## 2.19.8 -- Update `datadog-crds` to `0.3.2`. +* Update `datadog-crds` to `0.3.2`. ## 2.19.7 -- Fix test value files in datadog/ci directory. +* Fix test value files in datadog/ci directory. ## 2.19.6 -- Update `agent` image tag to `7.29.1`. -- Update `clusterChecksRunner` image tag to `7.29.1`. +* Update `agent` image tag to `7.29.1`. +* Update `clusterChecksRunner` image tag to `7.29.1`. ## 2.19.5 -- Update link toe `kube-state-metrics` in README.md. +* Update link toe `kube-state-metrics` in README.md. ## 2.19.4 -- Fix `runtimesocket` volumeMount for the `trace-agent` on windows deployment. +* Fix `runtimesocket` volumeMount for the `trace-agent` on windows deployment. ## 2.19.3 -- Fix condition defining `should-enable-k8s-resource-monitoring`, which toggles the orchestrator explorer feature. +* Fix condition defining `should-enable-k8s-resource-monitoring`, which toggles the orchestrator explorer feature. ## 2.19.2 -- Fix `dsdsocket` volumeMount for the `trace-agent` on windows deployment. +* Fix `dsdsocket` volumeMount for the `trace-agent` on windows deployment. ## 2.19.1 -- Fix chart release process after updating the `kube-state-metrics` chart registry. +* Fix chart release process after updating the `kube-state-metrics` chart registry. ## 2.19.0 -- Move to the new `kube-state-metrics` chart registry, but keep the version `2.13.2`. +* Move to the new `kube-state-metrics` chart registry, but keep the version `2.13.2`. ## 2.18.2 -- Update `kube-state-metrics` requirement chart documentation. -- Add missing `DD_TAGS` envvar in `cluster-agent` deployment (Fix #304). +* Update `kube-state-metrics` requirement chart documentation. +* Add missing `DD_TAGS` envvar in `cluster-agent` deployment (Fix #304). ## 2.18.1 -- Honor `doNotCheckTag` in Env AD detection, preventing install failures with custom images using non semver tags. +* Honor `doNotCheckTag` in Env AD detection, preventing install failures with custom images using non semver tags. ## 2.18.0 -- Configure and activate the Dogstatsd UDS socket in an "emptyDir" volume by default. It will allow JMX-Fetch to use UDS by default. +* Configure and activate the Dogstatsd UDS socket in an "emptyDir" volume by default. It will allow JMX-Fetch to use UDS by default. ## 2.17.1 -- Update `cluster-agent` image tag to `1.13.1`. +* Update `cluster-agent` image tag to `1.13.1`. ## 2.17.0 -- Update `agent` image tag to `7.29.0`. -- Update `cluster-agent` image tag to `1.13.0`. +* Update `agent` image tag to `7.29.0`. +* Update `cluster-agent` image tag to `1.13.0`. ## 2.16.6 -- Support template expansion for `clusterAgent.podAnnotations` -- Support template expansion for `clusterAgent.rbac.serviceAccountAnnotations` +* Support template expansion for `clusterAgent.podAnnotations` +* Support template expansion for `clusterAgent.rbac.serviceAccountAnnotations` ## 2.16.5 -- Remove other way of detecting OpenShift cluster as it's not supported by Helm2. +* Remove other way of detecting OpenShift cluster as it's not supported by Helm2. ## 2.16.4 -- Rename the `Role` and `RoleBinding` of the Datadog Cluster Agent to avoid edge cases where `helm upgrade` can fail because of object name conflict. +* Rename the `Role` and `RoleBinding` of the Datadog Cluster Agent to avoid edge cases where `helm upgrade` can fail because of object name conflict. ## 2.16.3 -- Add Daemonsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +* Add Daemonsets RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.16.2 -- Document Autodiscovery management parameters: `datadog.containerExclude`, `datadog.containerInclude`, `datadog.containerExcludeMetrics`, `datadog.containerIncludeMetrics`, `datadog.containerExcludeLogs` and `datadog.containerIncludeLogs`. -- Introduce `datadog.includePauseContainer` to control autodiscovery of pause containers. -- Introduce a deprecation noticed for the undocumented and long deprecated `datadog.acInclude` and `datadog.acExclude`. +* Document Autodiscovery management parameters: `datadog.containerExclude`, `datadog.containerInclude`, `datadog.containerExcludeMetrics`, `datadog.containerIncludeMetrics`, `datadog.containerExcludeLogs` and `datadog.containerIncludeLogs`. +* Introduce `datadog.includePauseContainer` to control autodiscovery of pause containers. +* Introduce a deprecation noticed for the undocumented and long deprecated `datadog.acInclude` and `datadog.acExclude`. ## 2.16.1 -- Use the pod name as cluster check runner ID to allow deploying multiple cluster check runners on the same node. (Requires agent 7.27.0+) +* Use the pod name as cluster check runner ID to allow deploying multiple cluster check runners on the same node. (Requires agent 7.27.0+) ## 2.16.0 -- Always mount `/var/log/containers` for the Datadog Agent to better handle logs file scanning with short-lived containers. (See [datadog-agent#8143](https://github.com/DataDog/datadog-agent/pull/8143)) +* Always mount `/var/log/containers` for the Datadog Agent to better handle logs file scanning with short-lived containers. (See [datadog-agent#8143](https://github.com/DataDog/datadog-agent/pull/8143)) ## 2.15.6 -- Set `GODEBUG=x509ignoreCN=0` to revert Agent SSL certificates validation to behaviour to Golang <= 1.14. Notably it fixes issues with Kubelet certificates on AKS with Agent >= 7.28. +* Set `GODEBUG=x509ignoreCN=0` to revert Agent SSL certificates validation to behaviour to Golang <= 1.14. Notably it fixes issues with Kubelet certificates on AKS with Agent >= 7.28. ## 2.15.5 -- Add RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. +* Add RBAC rules for the Cluster Agent in order to collect new resources in the Orchestrator Explorer. ## 2.15.4 -- Bump Agent version to `7.28.1`. +* Bump Agent version to `7.28.1`. ## 2.15.3 -- Fix Cilium network policies. +* Fix Cilium network policies. ## 2.15.2 -- OpenShift: Automatically use built-in SCCs instead of failing if create SCC option is not used +* OpenShift: Automatically use built-in SCCs instead of failing if create SCC option is not used ## 2.15.1 -- Add parameter `clusterAgent.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Agent. -- Add parameter `agents.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Agents. -- Support template expansion for `agents.podAnnotations` +* Add parameter `clusterAgent.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Agent. +* Add parameter `agents.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Agents. +* Support template expansion for `agents.podAnnotations` ## 2.15.0 -- Bump Agent version to `7.28.0`. +* Bump Agent version to `7.28.0`. ## 2.14.0 -- Improve resources labels with kubermetes/helm standard labels. +* Improve resources labels with kubermetes/helm standard labels. ## 2.13.3 -- Add `datadog.checksCardinality` field to configure `DD_CHECKS_TAG_CARDINALITY`. -- Add a reminder to set the `datadog.site` field if needed. +* Add `datadog.checksCardinality` field to configure `DD_CHECKS_TAG_CARDINALITY`. +* Add a reminder to set the `datadog.site` field if needed. ## 2.13.2 -- Fix `YAML parse error on datadog/templates/daemonset.yaml` when autopilot is enabled. -- Fix "README.md" generation. +* Fix `YAML parse error on datadog/templates/daemonset.yaml` when autopilot is enabled. +* Fix "README.md" generation. ## 2.13.1 -- Fix Kubelet connection on GKE-autopilot environment: force `http` endpoint to retrieves pods information. +* Fix Kubelet connection on GKE-autopilot environment: force `http` endpoint to retrieves pods information. ## 2.13.0 -- Update `kube-state-metrics` chart version to `2.13.2` that include `kubernetes/kube-state-metrics#1442` fix for `helm2`. +* Update `kube-state-metrics` chart version to `2.13.2` that include `kubernetes/kube-state-metrics#1442` fix for `helm2`. ## 2.12.4 -- Fix missing namespaces in chart templates +* Fix missing namespaces in chart templates ## 2.12.3 -- Added `datadog.ignoreAutoConfig` config option to ignore `auto_conf.yaml` configurations. +* Added `datadog.ignoreAutoConfig` config option to ignore `auto_conf.yaml` configurations. ## 2.12.2 -- The Datadog Cluster Agent's Admission Controller now uses a `Role` to watch secrets instead of a `ClusterRole`. (Requires Datadog Cluster Agent v1.12+) +* The Datadog Cluster Agent's Admission Controller now uses a `Role` to watch secrets instead of a `ClusterRole`. (Requires Datadog Cluster Agent v1.12+) ## 2.12.1 -- Add more kube-state-metrics core check documentation +* Add more kube-state-metrics core check documentation ## 2.12.0 -- Update the Cluster Agent version to `1.12.0` -- Support kube-state-metrics core check (Requires Datadog Cluster Agent v1.12+) +* Update the Cluster Agent version to `1.12.0` +* Support kube-state-metrics core check (Requires Datadog Cluster Agent v1.12+) ## 2.11.6 -- Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. - Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. +* Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. + Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. ## 2.11.5 -- Remove comment in the `seccomp` json profile, which is break the json parsing. +* Remove comment in the `seccomp` json profile, which is break the json parsing. ## 2.11.4 -- Add missing system calls to system-probe `seccomp` profile. +* Add missing system calls to system-probe `seccomp` profile. ## 2.11.3 -- Update the documentation with the new path of the `kube-state-metrics` chart +* Update the documentation with the new path of the `kube-state-metrics` chart ## 2.11.2 -- Update `agent.customAgentConfig` config example in the `values.yaml`: removes reference to APM configuration. +* Update `agent.customAgentConfig` config example in the `values.yaml`: removes reference to APM configuration. ## 2.11.1 -- Enable `collectDNSStats` by default +* Enable `collectDNSStats` by default ## 2.11.0 -- Bump Agent version to `7.27.0`. -- Support configuring advanced openmetrics check parameters via `datadog.prometheusScrape.additionalConfigs`. +* Bump Agent version to `7.27.0`. +* Support configuring advanced openmetrics check parameters via `datadog.prometheusScrape.additionalConfigs`. ## 2.10.14 -- Add Kubelet `hostCAPath` and `agentCAPath` parameters to automatically mount and use CA cert from host filesystem for Kubelet connection. -- Fix default value for DCA hostNetwork +* Add Kubelet `hostCAPath` and `agentCAPath` parameters to automatically mount and use CA cert from host filesystem for Kubelet connection. +* Fix default value for DCA hostNetwork ## 2.10.13 -- Fix `security-agent-feature` helper function to support `helm2`. -- Fix `provider-labels` helper function to support `helm2`. -- Fix `provider-env` helper function to support `helm2`. +* Fix `security-agent-feature` helper function to support `helm2`. +* Fix `provider-labels` helper function to support `helm2`. +* Fix `provider-env` helper function to support `helm2`. ## 2.10.12 -- Add the possibility to specify securityContext for cluster-agent containers +* Add the possibility to specify securityContext for cluster-agent containers ## 2.10.11 -- Fix RBAC needed for the external metrics provider for the future release of the DCA. +* Fix RBAC needed for the external metrics provider for the future release of the DCA. ## 2.10.10 -- Fix system-probe version check when using `datadog.networkMonitoring.enabled` +* Fix system-probe version check when using `datadog.networkMonitoring.enabled` ## 2.10.9 -- Add the possibility to specify a priority class name for the cluster checks runner pods. +* Add the possibility to specify a priority class name for the cluster checks runner pods. ## 2.10.8 -- When node agents are joining an existing DCA managed by another Helm release, we must control if they should be eligible to cluster checks dispatch or not depending on whether CLC have been deployed with the external DCA. +* When node agents are joining an existing DCA managed by another Helm release, we must control if they should be eligible to cluster checks dispatch or not depending on whether CLC have been deployed with the external DCA. ## 2.10.7 -- Fix bug regarding using "Metric collection with Prometheus annotations". +* Fix bug regarding using "Metric collection with Prometheus annotations". ## 2.10.6 -- Add provider labels on pods, warning on dogstatsd with UDS on GKE Autopilot. +* Add provider labels on pods, warning on dogstatsd with UDS on GKE Autopilot. ## 2.10.5 -- Increase default `datadog.systemProbe.maxTrackedConnections` to 131072. +* Increase default `datadog.systemProbe.maxTrackedConnections` to 131072. ## 2.10.4 -- Fix several bugs with OpenShift SCC and hostNetwork. +* Fix several bugs with OpenShift SCC and hostNetwork. ## 2.10.3 -- Bump version of KSM chart to get rid of `rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1` warnings +* Bump version of KSM chart to get rid of `rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1` warnings ## 2.10.2 -- Use an EmptyDir volume shared between all the agents for logs so that `agent flare` can gather the logs of all of them. +* Use an EmptyDir volume shared between all the agents for logs so that `agent flare` can gather the logs of all of them. ## 2.10.1 -- Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.25+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). +* Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.25+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). ## 2.10.0 -- Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.26+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). +* Remove the cluster-id configmap mount for process-agent. (Requires Datadog Agent 7.26+ and Datadog Cluster Agent 1.11+, otherwise collection of pods for the Kubernetes Resources page will fail). ## 2.9.11 -- Allow system-probe container to send flares by adding main agent config file to container. +* Allow system-probe container to send flares by adding main agent config file to container. ## 2.9.10 -- Support configuring Prometheus Autodiscovery. (Requires Datadog Agent 7/6.26+ and Datadog Cluster Agent 1.11+). +* Support configuring Prometheus Autodiscovery. (Requires Datadog Agent 7/6.26+ and Datadog Cluster Agent 1.11+). ## 2.9.9 -- Update "agent" image tag to `7.26.0` and "cluster-agent" to `1.11.0`. -- Fix nit comments +* Update "agent" image tag to `7.26.0` and "cluster-agent" to `1.11.0`. +* Fix nit comments ## 2.9.8 -- Make pod collection for the Kubernetes Explorer work with an external Cluster Agent deployment. +* Make pod collection for the Kubernetes Explorer work with an external Cluster Agent deployment. ## 2.9.7 -- Allow cluster-agent to override metrics provider endpoint with `clusterAgent.metricsProvider.endpoint`. +* Allow cluster-agent to override metrics provider endpoint with `clusterAgent.metricsProvider.endpoint`. ## 2.9.6 -- Add missing `NET_RAW` capability to `System-probe` to support `CVE-2020-14386` mitigation. +* Add missing `NET_RAW` capability to `System-probe` to support `CVE-2020-14386` mitigation. ## 2.9.5 -- Fix typo in variable name. `agents.podSecurity.capabilities` replaces `agents.podSecurity.capabilites`. +* Fix typo in variable name. `agents.podSecurity.capabilities` replaces `agents.podSecurity.capabilites`. ## 2.9.4 -- Remove uses of `systemProbe.enabled`. +* Remove uses of `systemProbe.enabled`. ## 2.9.3 -- Enable support for GKE Autopilot. +* Enable support for GKE Autopilot. ## 2.9.2 -- Fixed a bug where `datadog.leaderElection` would not configure the cluster-agent environment variable `DD_LEADER_ELECTION` correctly. +* Fixed a bug where `datadog.leaderElection` would not configure the cluster-agent environment variable `DD_LEADER_ELECTION` correctly. ## 2.9.1 -- add `datadog.systemProbe.conntrackMaxStateSize` and `datadog.systemProbe.maxTrackedConnections`. +* add `datadog.systemProbe.conntrackMaxStateSize` and `datadog.systemProbe.maxTrackedConnections`. ## 2.9.0 -- Remove `systemProbe.enabled` config param in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. -- Fix bug preventing network monitoring to be disabled by setting `datadog.networkMonitoring.enabled` to `false`. +* Remove `systemProbe.enabled` config param in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. +* Fix bug preventing network monitoring to be disabled by setting `datadog.networkMonitoring.enabled` to `false`. ## 2.8.6 -- Add support for Service Topology to target the Datadog Agent via a kubernetes service instead of host ports. This will allow sending traces and custom metrics without using host ports. Note: Service Topology is a new Kubernetes feature, it's still in alpha and disabled by default. +* Add support for Service Topology to target the Datadog Agent via a kubernetes service instead of host ports. This will allow sending traces and custom metrics without using host ports. Note: Service Topology is a new Kubernetes feature, it's still in alpha and disabled by default. ## 2.8.5 -- Allow `namespaces` in RBAC for `kubernetes_namespace_labels_as_tags`. +* Allow `namespaces` in RBAC for `kubernetes_namespace_labels_as_tags`. ## 2.8.4 -- Grant access to the `Lease` objects. - `Lease` objects can be read by the `kube_scheduler` and `kube_controller_manager` checks on agent 7.27+ on Kubernetes clusters 1.14+. +* Grant access to the `Lease` objects. + `Lease` objects can be read by the `kube_scheduler` and `kube_controller_manager` checks on agent 7.27+ on Kubernetes clusters 1.14+. ## 2.8.3 -- Fix potential duplicate `DD_KUBERNETES_KUBELET_TLS_VERIFY` env var due to new parameter `kubelet.tlsVerify`. Parameter has now 3 states and env var won't be added if not set, improving backward compatibility. -- Fix activation of Cluster Checks while Cluster Agent is disabled. -- Change default value for `clusterAgent.metricsProvider.useDatadogMetrics` from `true` to `false` as it may trigger CRD ownership issues in several situations. +* Fix potential duplicate `DD_KUBERNETES_KUBELET_TLS_VERIFY` env var due to new parameter `kubelet.tlsVerify`. Parameter has now 3 states and env var won't be added if not set, improving backward compatibility. +* Fix activation of Cluster Checks while Cluster Agent is disabled. +* Change default value for `clusterAgent.metricsProvider.useDatadogMetrics` from `true` to `false` as it may trigger CRD ownership issues in several situations. ## 2.8.2 -- Open port 5000/TCP for ingress on cluster agent for Prometheus check from the agent. +* Open port 5000/TCP for ingress on cluster agent for Prometheus check from the agent. ## 2.8.1 -- Fix `datadog.kubelet.tlsVerify` value when set to `false` +* Fix `datadog.kubelet.tlsVerify` value when set to `false` ## 2.8.0 -- Enable the orchestrator explorer by default. +* Enable the orchestrator explorer by default. ## 2.7.2 -- Add a new fields `datadog.kubelet.host` (to override `DD_KUBERNETES_KUBELET_HOST`) and `datadog.kubelet.tlsVerify` (to toggle kubelet TLS verification) +* Add a new fields `datadog.kubelet.host` (to override `DD_KUBERNETES_KUBELET_HOST`) and `datadog.kubelet.tlsVerify` (to toggle kubelet TLS verification) ## 2.7.1 -- Open port 8000/TCP for ingress on cluster agent for Admission Controller communication. +* Open port 8000/TCP for ingress on cluster agent for Admission Controller communication. ## 2.7.0 -- Changes default values to activate a maximum of built-in features to ease configuration. - Notable changes: - - Cluster Agent, cluster checks and event collection are activated by default - - DatadogMetrics CRD usage is activated by default if ExternalMetrics are used - - Dogstatsd non-local traffic is activated by default (hostPort usage is not) -- Bump Agent version to `7.25.0` and Cluster Agent version to `1.10.0` -- Introduce `.registry` parameter to quickly change registry for all Datadog images. Image name is retrieved from `.image.name`, however setting `.image.repository` still allows to override per image, ensuring backward compatibility +* Changes default values to activate a maximum of built-in features to ease configuration. + Notable changes: + * Cluster Agent, cluster checks and event collection are activated by default + * DatadogMetrics CRD usage is activated by default if ExternalMetrics are used + * Dogstatsd non-local traffic is activated by default (hostPort usage is not) +* Bump Agent version to `7.25.0` and Cluster Agent version to `1.10.0` +* Introduce `.registry` parameter to quickly change registry for all Datadog images. Image name is retrieved from `.image.name`, however setting `.image.repository` still allows to override per image, ensuring backward compatibility ## 2.6.15 -- Add `ports` options to all Agent containers to allow users to add any binding they'd like for integrations +* Add `ports` options to all Agent containers to allow users to add any binding they'd like for integrations ## 2.6.14 -- Opens port 6443/TCP on kube-state-metrics netpol. +* Opens port 6443/TCP on kube-state-metrics netpol. ## 2.6.13 -- Opens ports 6443/TCP and 53/UDP for egress on cluster agent. -- Adds PodSecurityPolicy support for Cluster Agents. +* Opens ports 6443/TCP and 53/UDP for egress on cluster agent. +* Adds PodSecurityPolicy support for Cluster Agents. ## 2.6.12 -- Mount `/etc/passwd` as `readOnly` in the `process-agent`. +* Mount `/etc/passwd` as `readOnly` in the `process-agent`. ## 2.6.11 -- Adds `unconfined` as a default value for `agents.podSecurity.apparmorProfiles`. It now aligns with `datadog.systemProbe.apparmor` default value. -- Updates `hostPID` for PodSecurityPolicy, bringing it in line with SCC. +* Adds `unconfined` as a default value for `agents.podSecurity.apparmorProfiles`. It now aligns with `datadog.systemProbe.apparmor` default value. +* Updates `hostPID` for PodSecurityPolicy, bringing it in line with SCC. ## 2.6.10 -- Allow cluster-agent to access apps/daemonsets when admissionController is enabled. +* Allow cluster-agent to access apps/daemonsets when admissionController is enabled. ## 2.6.9 -- Add `/tmp` in Agent POD as an emptyDir to allow VOLUME removal from Agent Dockerfile -- Clarify documentation of `datadog.dogstatsd.nonLocalTraffic` +* Add `/tmp` in Agent POD as an emptyDir to allow VOLUME removal from Agent Dockerfile +* Clarify documentation of `datadog.dogstatsd.nonLocalTraffic` ## 2.6.8 -- Fix `helm lint` by renaming YAML files lacking metadata info. +* Fix `helm lint` by renaming YAML files lacking metadata info. ## 2.6.7 -- Change the default agent version to `7.24.1` +* Change the default agent version to `7.24.1` ## 2.6.6 -- Add `agents.containers.systemProbe.securityContext` option. +* Add `agents.containers.systemProbe.securityContext` option. ## 2.6.5 -- Make sure all agents are rolled out on API key update and the Cluster agents on Application key update. +* Make sure all agents are rolled out on API key update and the Cluster agents on Application key update. ## 2.6.4 -- Fix agent container volumeMounts when oom kill check or tcp queue length check is enabled. +* Fix agent container volumeMounts when oom kill check or tcp queue length check is enabled. ## 2.6.3 -- Add a new field `datadog.dogstatsd.tags` to configure `DD_DOGSTATSD_TAGS`. +* Add a new field `datadog.dogstatsd.tags` to configure `DD_DOGSTATSD_TAGS`. ## 2.6.2 -- Make sure KSM deploys on Linux nodes +* Make sure KSM deploys on Linux nodes ## 2.6.1 -- Fix `process-agent` and `trace-agent` communication with the `cluster-agent`: When the `cluster-agent` is activated, - the agents should communicated with the `cluster-agent` to retrived tags like `kube_service` instead of communicating - directly with the Kubernetes API-Server. +* Fix `process-agent` and `trace-agent` communication with the `cluster-agent`: When the `cluster-agent` is activated, + the agents should communicated with the `cluster-agent` to retrived tags like `kube_service` instead of communicating + directly with the Kubernetes API-Server. ## 2.6.0 -- deprecates `systemProbe.enabled` in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. -- fixes a bug where network performance monitoring would be enabled if any systemProbe feature was enabled. +* deprecates `systemProbe.enabled` in favor of `networkMonitoring.enabled`, `securityAgent.runtime.enabled`, `systemProbe.enableOOMKill`, and `systemProbe.enableTCPQueueLength`. +* fixes a bug where network performance monitoring would be enabled if any systemProbe feature was enabled. ## 2.5.5 -- Add CiliumNetworkPolicy +* Add CiliumNetworkPolicy ## 2.5.4 -- Supports `clusterChecksRunner` pod annotations +* Supports `clusterChecksRunner` pod annotations ## 2.5.3 -- Add "datadog-crds" chart as dependency. It is used to install the `DatadogMetrics` CRD if needed. +* Add "datadog-crds" chart as dependency. It is used to install the `DatadogMetrics` CRD if needed. ## 2.5.2 -- Change `datadog.tags` to a `tpl` value +* Change `datadog.tags` to a `tpl` value ## 2.5.0 -- Use `gcr.io` instead of Dockerhub -- Change the default agent version `7.23.1` -- Change the default cluster agent version `1.9.1` -- Change the default cluster checks runner version `7.23.1` +* Use `gcr.io` instead of Dockerhub +* Change the default agent version `7.23.1` +* Change the default cluster agent version `1.9.1` +* Change the default cluster checks runner version `7.23.1` ## 2.4.39 -- Fixed a bug where `networkMonitoring.enabled` would not configure the process-agent correctly, causing network data to not be reported. +* Fixed a bug where `networkMonitoring.enabled` would not configure the process-agent correctly, causing network data to not be reported. ## 2.4.38 -- Move the kube-state-metrics subchart from google's helm registry to charts.helm.sh/stable. +* Move the kube-state-metrics subchart from google's helm registry to charts.helm.sh/stable. ## 2.4.37 -- Fix incorrect link for Event Collection in `values.yaml`. +* Fix incorrect link for Event Collection in `values.yaml`. ## 2.4.36 -- Fix `should-enable-system-probe` helper function to support `helm2`. +* Fix `should-enable-system-probe` helper function to support `helm2`. ## 2.4.35 -- Add options to set pod and container securityContext +* Add options to set pod and container securityContext ## 2.4.34 -- Add `datadog.networkMonitoring` section to allow the system-probe to be run without network performance monitoring. Deprecates `systemProbe.enabled`. +* Add `datadog.networkMonitoring` section to allow the system-probe to be run without network performance monitoring. Deprecates `systemProbe.enabled`. ## 2.4.33 -- Introduce overall cluster-name limit of 80 -- Remove character limit of single parts of the cluster-name +* Introduce overall cluster-name limit of 80 +* Remove character limit of single parts of the cluster-name ## 2.4.32 -- The `agents.volumeMounts` option is now properly propagated to all agent containers. +* The `agents.volumeMounts` option is now properly propagated to all agent containers. ## 2.4.31 -- Support adding labels to the Agent pods and daemonset via `agents.additionalLabels`. -- Support adding labels to the Cluster Agent pods and deployment via `clusterAgent.additionalLabels`. -- Support adding labels to the Cluster Checks Runner pods and deployment via `clusterChecksRunner.additionalLabels`. +* Support adding labels to the Agent pods and daemonset via `agents.additionalLabels`. +* Support adding labels to the Cluster Agent pods and deployment via `clusterAgent.additionalLabels`. +* Support adding labels to the Cluster Checks Runner pods and deployment via `clusterChecksRunner.additionalLabels`. ## 2.4.30 -- Refactor liveness and readiness probes with helpers to allow user overrides with other types of probes or disabling - probes entirely. -- Introduce `clusterChecksRunner.healthPort` default setting. -- Use health port defaults instead of hardcoded values. +* Refactor liveness and readiness probes with helpers to allow user overrides with other types of probes or disabling + probes entirely. +* Introduce `clusterChecksRunner.healthPort` default setting. +* Use health port defaults instead of hardcoded values. ## 2.4.29 -- Add `common-env-vars` to `system-probe` container +* Add `common-env-vars` to `system-probe` container ## 2.4.28 -- Make sure we rollout Agent/CLC/DCA when an upgrade is done (thus triggering a change in token secret) +* Make sure we rollout Agent/CLC/DCA when an upgrade is done (thus triggering a change in token secret) ## 2.4.27 -- Remove port defaults from liveness/readiness probes and show error notices on misconfiguration if user overrides are supplying custom node settings. +* Remove port defaults from liveness/readiness probes and show error notices on misconfiguration if user overrides are supplying custom node settings. ## 2.4.26 -- Revert to Helm2 hash in `requirements.yaml` to retain compatibility with Helm 2 +* Revert to Helm2 hash in `requirements.yaml` to retain compatibility with Helm 2 ## 2.4.25 -- Update default `datadog/agent` image tag to `7.23.0` -- Update default `datadog/cluster-agent` image tag to `1.9.0` +* Update default `datadog/agent` image tag to `7.23.0` +* Update default `datadog/cluster-agent` image tag to `1.9.0` ## 2.4.24 -- Fix the Cluster Agent's network policy (allow ingress from node Agents) -- Add kube-state-metrics network policy +* Fix the Cluster Agent's network policy (allow ingress from node Agents) +* Add kube-state-metrics network policy ## 2.4.23 -- Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment - variables, instead of passing one by one. +* Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment + variables, instead of passing one by one. ## 2.4.22 -- Add automatic README.md generation from `Values.yaml` +* Add automatic README.md generation from `Values.yaml` ## 2.4.21 -- Change `securityContext` variable name to `seLinuxContext` allow setting the PSP/SCC seLinux `type` or `rule`. Backward compatible. +* Change `securityContext` variable name to `seLinuxContext` allow setting the PSP/SCC seLinux `type` or `rule`. Backward compatible. ## 2.4.20 -- Add NetworkPolicy ingress rules for dogstatsd and APM +* Add NetworkPolicy ingress rules for dogstatsd and APM ## 2.4.19 -- Add NetworkPolicy - Add the following parameters to control the creation of NetworkPolicy: - - `agents.networkPolicy.create` - - `clusterAgent.networkPolicy.create` - - `clusterChecksRunner.networkPolicy.create` - The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. - In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted - by IP but the datadog intake IP cannot be guaranteed to be stable. - The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations - that can be dynamically added to them. +* Add NetworkPolicy + Add the following parameters to control the creation of NetworkPolicy: + * `agents.networkPolicy.create` + * `clusterAgent.networkPolicy.create` + * `clusterChecksRunner.networkPolicy.create` + The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. + In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted + by IP but the datadog intake IP cannot be guaranteed to be stable. + The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations + that can be dynamically added to them. ## 2.4.18 -- Fix `config` volume not being mounted in clusterChecksRunner pods. +* Fix `config` volume not being mounted in clusterChecksRunner pods. ## 2.4.17 -- Update default `Agent` and `Cluster-Agent` image tags: `7.22` and `1.18`. +* Update default `Agent` and `Cluster-Agent` image tags: `7.22` and `1.18`. ## 2.4.16 -- Add `External Metric` Aggregator config on Chart. +* Add `External Metric` Aggregator config on Chart. ## 2.4.15 -- Add `agents.podSecurity.apparmor.enabled` flag (defaulted to `true`). +* Add `agents.podSecurity.apparmor.enabled` flag (defaulted to `true`). ## 2.4.14 -- Fix external metrics on GKE due to Google fix on recent versions (introduced in 2.4.1). +* Fix external metrics on GKE due to Google fix on recent versions (introduced in 2.4.1). ## 2.4.13 -- fix Agent `PodSecurityPolicy` with `hostPorts` definition, and missing RBAC. +* fix Agent `PodSecurityPolicy` with `hostPorts` definition, and missing RBAC. ## 2.4.12 -- Add `compliance` and `runtime` `security-agent` support. +* Add `compliance` and `runtime` `security-agent` support. ## 2.4.11 -- Add `NET_BROADCAST` capability for `system-probe`. +* Add `NET_BROADCAST` capability for `system-probe`. ## 2.4.10 -- Add `scrubbing` option for helm charts to "Orchestrator Explorer" support. +* Add `scrubbing` option for helm charts to "Orchestrator Explorer" support. ## 2.4.9 -- Add `DD_DOGSTATSD_TAG_CARDINALITY` capability. +* Add `DD_DOGSTATSD_TAG_CARDINALITY` capability. ## 2.4.8 -- Fix, Only try to mount `/lib/modules` and `/usr/src` when needed. +* Fix, Only try to mount `/lib/modules` and `/usr/src` when needed. ## 2.4.7 -- Add `eventfd` and `eventfd2` to allowed syscalls for `system-probe`. +* Add `eventfd` and `eventfd2` to allowed syscalls for `system-probe`. ## 2.4.6 -- Fix Windows deployment support (fixes #15). +* Fix Windows deployment support (fixes #15). ## 2.4.5 -- Add mount propagation option for `hostVolumes`. +* Add mount propagation option for `hostVolumes`. ## 2.4.4 -- Fix typo in `allowHostPorts`. -- Add support of `MustRunAs` in Agent `PodSecurityPolicy` and `SecurityContextConstraints`. +* Fix typo in `allowHostPorts`. +* Add support of `MustRunAs` in Agent `PodSecurityPolicy` and `SecurityContextConstraints`. ## 2.4.3 -- Fix `Cluster-Agent` RBAC to collect new resources for the "Orchestrator Explorer" support. +* Fix `Cluster-Agent` RBAC to collect new resources for the "Orchestrator Explorer" support. ## 2.4.2 -- Add `install_info` file. +* Add `install_info` file. ## 2.4.1 -- Fix MetricsProvider RBAC setup on GKE clusters +* Fix MetricsProvider RBAC setup on GKE clusters ## 2.4.0 -- First release on github.com/datadog/helm-charts +* First release on github.com/datadog/helm-charts ## 2.3.41 -- Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) +* Fix issue with Kubernetes <= 1.14 and Cluster Agent's External Metrics Provider (must be 443) ## 2.3.40 -- Update documentation for resource requests & limits default values. +* Update documentation for resource requests & limits default values. ## 2.3.39 -- Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. +* Propagate `datadog.checksd` to the clusterchecks runner to support custom checks there. ## 2.3.38 -- Add support of DD_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} +* Add support of DD\_CONTAINER\_{INCLUDE,EXCLUDE}\_{METRICS,LOGS} ## 2.3.37 -- Add NET_BROADCAST capability +* Add NET\_BROADCAST capability ## 2.3.36 -- Bump default Agent version to `7.21.1` +* Bump default Agent version to `7.21.1` ## 2.3.35 -- Add support for configuring the Datadog Admission Controller +* Add support for configuring the Datadog Admission Controller ## 2.3.34 -- Add support for scaling based on `DatadogMetric` CRD +* Add support for scaling based on `DatadogMetric` CRD ## 2.3.33 -- Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. +* Create new `datadog.podSecurity.securityContext` field to fix windows agent daemonset config. ## 2.3.32 -- Always add os in nodeSelector based on `targetSystem` +* Always add os in nodeSelector based on `targetSystem` ## 2.3.31 -- Fixed daemonset template for go 1.14 +* Fixed daemonset template for go 1.14 ## 2.3.29 -- Change the default port for the Cluster Agent's External Metrics Provider - from 443 to 8443. -- Document usage of `clusterAgent.env` +* Change the default port for the Cluster Agent's External Metrics Provider + from 443 to 8443. +* Document usage of `clusterAgent.env` ## 2.3.28 -- fix daemonset template generation if `datadog.securityContext` is set to `nil` +* fix daemonset template generation if `datadog.securityContext` is set to `nil` ## 2.3.27 -- add systemProbe.collectDNSStats option +* add systemProbe.collectDNSStats option ## 2.3.26 -- fix PodSecurityContext configuration +* fix PodSecurityContext configuration ## 2.3.25 -- Use directly .env var YAML block for all agents (was already the case for Cluster Agent) +* Use directly .env var YAML block for all agents (was already the case for Cluster Agent) ## 2.3.24 -- Allow enabling Orchestrator Explorer data collection from the process-agent +* Allow enabling Orchestrator Explorer data collection from the process-agent ## 2.3.23 -- Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. +* Add the possibility to create a `PodSecurityPolicy` or a `SecurityContextConstraints` (Openshift) for the Agent's Daemonset Pods. ## 2.3.22 -- Remove duplicate imagePullSecrets -- Fix DataDog location to useConfigMap in docs -- Adding explanation for metricsProvider.enabled +* Remove duplicate imagePullSecrets +* Fix DataDog location to useConfigMap in docs +* Adding explanation for metricsProvider.enabled ## 2.3.21 -- Fix additional default values in `values.yaml` to prevent errors with Helm 2.x +* Fix additional default values in `values.yaml` to prevent errors with Helm 2.x ## 2.3.20 -- Fix process-agent <> system-probe communication +* Fix process-agent <> system-probe communication ## 2.3.19 -- Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. +* Fix the container-trace-agent.yaml template creates invalid yaml when `useSocketVolume` is enabled. ## 2.3.18 -- Support arguments in the cluster-agent container `command` value +* Support arguments in the cluster-agent container `command` value ## 2.3.17 -- grammar edits to datadog helm docs! -- Typo in log config +* grammar edits to datadog helm docs! +* Typo in log config ## 2.3.16 -- Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. -- Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. +* Add parameter `clusterChecksRunner.rbac.serviceAccountAnnotations` for specifying annotations for dedicated ServiceAccount for Cluster Checks runners. +* Add parameters `clusterChecksRunner.volumes` and `clusterChecksRunner.volumeMounts` that can be used for providing a secret backend to Cluster Checks runners. ## 2.3.15 -- Mount kernel headers in system-probe container -- Fix the mount of the `system-probe` socket in core agent -- Add parameters to enable eBPF based checks +* Mount kernel headers in system-probe container +* Fix the mount of the `system-probe` socket in core agent +* Add parameters to enable eBPF based checks ## 2.3.14 -- Allow overriding the `command` to run in the cluster-agent container +* Allow overriding the `command` to run in the cluster-agent container ## 2.3.13 -- Use two distinct health endpoints for liveness and readiness probes. +* Use two distinct health endpoints for liveness and readiness probes. ## 2.3.12 -- Fix endpoints checks scheduling between agent and cluster check runners -- Cluster Check Runner now runs without s6 (similar to other agents) +* Fix endpoints checks scheduling between agent and cluster check runners +* Cluster Check Runner now runs without s6 (similar to other agents) ## 2.3.11 -- Bump the default version of the agent docker images +* Bump the default version of the agent docker images ## 2.3.10 -- Add dnsConfig options to all containers +* Add dnsConfig options to all containers ## 2.3.9 -- Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) +* Add `clusterAgent.podLabels` variable to add labels to the Cluster Agent Pod(s) ## 2.3.8 -- Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. +* Fix templating errors when `clusterAgent.datadog_cluster_yaml` is being used. ## 2.3.7 -- Fix an agent warning at startup because of a deprecated parameter +* Fix an agent warning at startup because of a deprecated parameter ## 2.3.6 -- Add `affinity` parameter in `values.yaml` for cluster agent deployment +* Add `affinity` parameter in `values.yaml` for cluster agent deployment ## 2.3.5 -- Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers -- Add "Unix Domain Socket" support in trace-agent -- Add new parameter to specify the dogstatsd socket path on the host -- Fix typos in values.yaml -- Update "tags:" example in values.yaml -- Add "rate*limit_queries*\*" in the datadog.cluster-agent prometheus check configuration +* Add `DD_AC_INCLUDE` and `DD_AC_EXCLUDE` to all containers +* Add "Unix Domain Socket" support in trace-agent +* Add new parameter to specify the dogstatsd socket path on the host +* Fix typos in values.yaml +* Update "tags:" example in values.yaml +* Add "rate_limit_queries_*" in the datadog.cluster-agent prometheus check configuration ## 2.3.4 -- Fix default values in `values.yaml` to prevent warnings with Helm 2.x +* Fix default values in `values.yaml` to prevent warnings with Helm 2.x ## 2.3.3 -- Allow pre-release versions as docker image tag +* Allow pre-release versions as docker image tag ## 2.3.2 -- Update the DCA RBAC to allow it to create events in the HPA +* Update the DCA RBAC to allow it to create events in the HPA ## 2.3.1 -- Update the example for `datadog.securityContext` +* Update the example for `datadog.securityContext` ## 2.3.0 -- Mount the directory containing the CRI socket instead of the socket itself - This is to handle the cases where the docker daemon is restarted. - In this case, the docker daemon will recreate its docker socket and, - if the container bind-mounted directly the socket, the container would - still have access to the old socket instead of the one of the new docker - daemon. - ⚠ This version of the chart requires an agent image 7.19.0 or more recent +* Mount the directory containing the CRI socket instead of the socket itself + This is to handle the cases where the docker daemon is restarted. + In this case, the docker daemon will recreate its docker socket and, + if the container bind-mounted directly the socket, the container would + still have access to the old socket instead of the one of the new docker + daemon. + ⚠ This version of the chart requires an agent image 7.19.0 or more recent ## 2.2.12 -- Adding resources for `system-probe` init container +* Adding resources for `system-probe` init container ## 2.2.11 -- Add documentations around secret management in the datadog helm chart. It is to upstream - requested changes in the IBM charts repository: -- update `kube-state-metrics` dependency -- uncomment every values.yaml parameters for IBM chart compliancy +* Add documentations around secret management in the datadog helm chart. It is to upstream + requested changes in the IBM charts repository: +* update `kube-state-metrics` dependency +* uncomment every values.yaml parameters for IBM chart compliancy ## 2.2.10 -- Remove `kubeStateMetrics` section from `values.yaml` as not used anymore +* Remove `kubeStateMetrics` section from `values.yaml` as not used anymore ## 2.2.9 -- Fixing variables description in README and Migration documentation (#22031) -- Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. +* Fixing variables description in README and Migration documentation (#22031) +* Avoid volumes mount conflict between `system-probe` and `logs` volumes in the `agent`. ## 2.2.8 -- Mount `system-probe` socket in `agent` container when system-probe is enabled +* Mount `system-probe` socket in `agent` container when system-probe is enabled ## 2.2.7 -- Add "Cluster-Agent" `Event` `create` RBAC permission +* Add "Cluster-Agent" `Event` `create` RBAC permission ## 2.2.6 -- Ensure the `trace-agent` computes the same hostname as the core `agent`. - by giving it access to all the elements that might be used to compute the hostname: - the `DD_CLUSTER_NAME` environment variable and the docker socket. +* Ensure the `trace-agent` computes the same hostname as the core `agent`. + by giving it access to all the elements that might be used to compute the hostname: + the `DD_CLUSTER_NAME` environment variable and the docker socket. ## 2.2.5 -- Fix RBAC +* Fix RBAC ## 2.2.4 -- Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. -- Fix discrepancies migration-guide and readme reporded in #21806 and #21920. -- Fix EnvVars with integer value due to yaml. serialization, reported by #21853. -- Fix .Values.datadog.tags encoding, reported by #21663. -- Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. +* Move several EnvVars to `common-env-vars` to be accessible by the `trace-agent` #21991. +* Fix discrepancies migration-guide and readme reporded in #21806 and #21920. +* Fix EnvVars with integer value due to yaml. serialization, reported by #21853. +* Fix .Values.datadog.tags encoding, reported by #21663. +* Add Checksum to `xxx-cluster-agent-config` config map, reported by #21622 and contribution #21656. ## 2.2.3 -- Fix `datadog.dockerOrCriSocketPath` helper #21992 +* Fix `datadog.dockerOrCriSocketPath` helper #21992 ## 2.2.2 -- Fix indentation for `clusterAgent.volumes`. +* Fix indentation for `clusterAgent.volumes`. ## 2.2.1 -- Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. +* Updating `agents.useConfigMap` and `agents.customAgentConfig` parameter descriptions in the chart and main readme. ## 2.2.0 -- Add Windows support -- Update documentation to reflect some changes that were made default -- Enable endpoint checks by default in DCA/Agent +* Add Windows support +* Update documentation to reflect some changes that were made default +* Enable endpoint checks by default in DCA/Agent ## 2.1.2 -- Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt - config to this environment variable. +* Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt + config to this environment variable. ## 2.1.1 -- Add option to enable WPA in the Cluster Agent. +* Add option to enable WPA in the Cluster Agent. ## 2.1.0 -- Changed the default for `processAgent.enabled` to `true`. +* Changed the default for `processAgent.enabled` to `true`. ## 2.0.14 -- Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` +* Fixed a bug where the `trace-agent` runs in the same container as `dd-agent` ## 2.0.13 -- Fix `system-probe` startup on latest versions of containerd. - Here is the error that this change fixes: +* Fix `system-probe` startup on latest versions of containerd. + Here is the error that this change fixes: - ```State: Waiting - Reason: CrashLoopBackOff - Last State: Terminated - Reason: StartError - Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown - Exit Code: 128 - ``` + ``` State: Waiting + Reason: CrashLoopBackOff + Last State: Terminated + Reason: StartError + Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown + Exit Code: 128 + ``` ## 2.0.11 -- Add missing syscalls in the `system-probe` seccomp profile +* Add missing syscalls in the `system-probe` seccomp profile ## 2.0.10 -- Do not enable the `cri` check when running on a `docker` setup. +* Do not enable the `cri` check when running on a `docker` setup. ## 2.0.7 -- Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` +* Pass expected `DD_DOGSTATSD_PORT` to datadog-agent rather than invalid `DD_DOGSTATD_PORT` ## 2.0.6 -- Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. +* Introduces `procesAgent.processCollection` to correctly configure `DD_PROCESS_AGENT_ENABLED` for the process agent. ## 2.0.5 -- Honor the `datadog.env` parameter in all containers. +* Honor the `datadog.env` parameter in all containers. ## 2.0.4 -- Honor the image pull policy in init containers. -- Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. +* Honor the image pull policy in init containers. +* Pass the `DD_CRI_SOCKET_PATH` environment variable to the config init container so that it can adapt the agent config based on the CRI. ## 2.0.3 -- Fix templating error when `agents.useConfigMap` is set to true. -- Add DD_APM_ENABLED environment variable to trace agent container. +* Fix templating error when `agents.useConfigMap` is set to true. +* Add DD\_APM\_ENABLED environment variable to trace agent container. ## 2.0.2 -- Revert the docker socket path inside the agent container to its standard location to fix #21223. +* Revert the docker socket path inside the agent container to its standard location to fix #21223. ## 2.0.1 -- Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. -- Update the migration document link in the `Readme.md`. +* Add parameters `datadog.logs.enabled` and `datadog.logs.containerCollectAll` to replace `datadog.logsEnabled` and `datadog.logsConfigContainerCollectAll`. +* Update the migration document link in the `Readme.md`. ### 2.0.0 -- Remove Datadog agent deployment configuration. -- Cleanup resources labels, to fit with recommended labels. -- Cleanup useless or unused values parameters. -- each component have its own RBAC configuration (create,configuration). -- container runtime socket update values configuration simplification. -- `nameOverride` `fullnameOverride` is now optional in values.yaml. +* Remove Datadog agent deployment configuration. +* Cleanup resources labels, to fit with recommended labels. +* Cleanup useless or unused values parameters. +* each component have its own RBAC configuration (create,configuration). +* container runtime socket update values configuration simplification. +* `nameOverride` `fullnameOverride` is now optional in values.yaml. \ No newline at end of file From 099687d615f47684c56ae68c6ecb6fef2669e1c7 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 10 Feb 2025 17:06:58 -0500 Subject: [PATCH 13/20] update baselines --- .../agent-clusterchecks-deployment_default.yaml | 2 +- .../baseline/cluster-agent-deployment_default.yaml | 2 +- ...ent-deployment_default_advanced_AC_injection.yaml | 2 +- ...gent-deployment_default_minimal_AC_injection.yaml | 2 +- test/datadog/baseline/daemonset_default.yaml | 2 +- test/datadog/baseline/gdc_daemonset_default.yaml | 2 +- .../baseline/gdc_daemonset_logs_collection.yaml | 2 +- test/datadog/baseline/other_default.yaml | 12 ++++++------ 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 7c6570c18..84e1254cd 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 247c426a527d3914cf4c9ed1f016b3ba0b4797064af564486f45cd0b2f13174d + checksum/clusteragent_token: ace9da5834c970ccbe64e4c1d26e90d04508cad05f1b0198e37b6aef958b9712 checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 3e5ea25b0..a395cef31 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: a456a0b0db2dcb0a05cc06a3b8cccd630ce47a103199f363970edeb225ed57e7 + checksum/clusteragent_token: b8fb19e71daf9c13ce771ed31ed10563a3fdccdb818dce82989b56cbe7f7af16 checksum/clusteragent-configmap: 04f78cc8c755f4c6debb07948b1bf8318109acb1f32d624857bf409e9e7570c0 checksum/api_key: 657e19756058df21cac9dd8bdb1289cdf8ab0a632155ce5b9cd382881874a62f checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 50822929f..97fbbf4d1 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 8d8f3cd91285a7d6e1507a1f1435fc5fd21778965cf685a462238553841a2daf + checksum/clusteragent_token: d6d5cc3b75e910992b70aceefc6e23fb963430f152d46955a90dc360d855e23a checksum/clusteragent-configmap: 04f78cc8c755f4c6debb07948b1bf8318109acb1f32d624857bf409e9e7570c0 checksum/api_key: 657e19756058df21cac9dd8bdb1289cdf8ab0a632155ce5b9cd382881874a62f checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a6b62bf7d..b8f5120fc 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 443892528b5e1ffddee461bdd9a241aa564cd5126cf4d6f36b7af5d50a94d884 + checksum/clusteragent_token: 657d56ddcd5aff983a20ed91e79a6ef1dd7092745b8dda1d7cdf294f49c61a5d checksum/clusteragent-configmap: 04f78cc8c755f4c6debb07948b1bf8318109acb1f32d624857bf409e9e7570c0 checksum/api_key: 657e19756058df21cac9dd8bdb1289cdf8ab0a632155ce5b9cd382881874a62f checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index b89003e13..537d816c2 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: f9c45c3e8cd387fc09e0d57c3d5395387e3c674a00806e2a8a26e14454a0a262 + checksum/clusteragent_token: 5009f2ddeff5693884134d5a8e46880c0eeb09969b307b89a1749b05cf32b2f6 checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index aa71a7b89..4d484409e 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -30,7 +30,7 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: b1ce037acd1ae38c7dd524a44aa9bab7cab5c3679696633ffcac0dea97152aec + checksum/clusteragent_token: 8a75f345568b6472914bb55b5bedf76f346038cddcb4f081c452339e66d542d1 checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 52a59100e..1cf3745fc 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -30,7 +30,7 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: c477368060c394d653969d3cbce514a56824150a477be33eb4fecaf6e702c9b1 + checksum/clusteragent_token: 415b5eaf576ee79e12a17fb7201c014f2116f3f75b75927e69e41971fa9357a3 checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index ab63ebcf0..405c28892 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "Rjh4VG1qODNFVWdNR0F5RG5RMWs4cWJ3VGU0OWR1S0k=" + token: "MEFMZlA3MjQzS01QakxuakhxSXhRYlFObmlNdTQwR1k=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -193,8 +193,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "a8722398-d4d1-4608-ae54-a267838ef60d" - install_time: "1738887322" + install_id: "e73a0f38-ac6c-48a2-9e58-8a14b776478a" + install_time: "1739225171" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -841,7 +841,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: df5542e15c4a6b2ca3cafa45d4f4dd9885dacbdd3b5e859a78b7eb09a873d3bc + checksum/clusteragent_token: f23352ce6337e397534d60358b952fb37b8c0e0ef9280ef5d374d06d0597a8f4 checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1275,7 +1275,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 5a3ebcf850d185370c74eb30bfc4943a792c0aaff1358543224a8c0a7e1882bb + checksum/clusteragent_token: 15f90e4cabb80a209da1d06f3cb2dd35324b45bd8deff6d3fdf72a0292ec175c checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: serviceAccountName: datadog-cluster-checks @@ -1467,7 +1467,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 2125e0b8c18f02677614776f5826a96ecdf6be8393e9acdc9a096b538337b316 + checksum/clusteragent_token: 5a6fc51e022b01df7c04eeb424a8810c04b991b55069539e9f5cd8af12cee296 checksum/clusteragent-configmap: 86190a6d13b82b58a4a3158761c458fd0009ae0cfd622e7c98e02207e8361074 checksum/install_info: d99057d2f27261db48a091cf5b114431385f7e656a0b4575b81b9ade7b02583d spec: From b6875e30fafa25e456a88caea007996b3489237c Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 10 Feb 2025 17:12:05 -0500 Subject: [PATCH 14/20] fix changelog --- charts/datadog/CHANGELOG.md | 52 ++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 198828c04..401546640 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -46,7 +46,7 @@ ## 3.87.0 -* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. ## 3.86.0 @@ -183,8 +183,8 @@ ## 3.74.0 * Simplify OTel Agent OOTB pipelines: - * Remove `traces/otlp` pipeline from the default OTel Agent config - * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. + * Remove `traces/otlp` pipeline from the default OTel Agent config + * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. ## 3.73.3 @@ -951,14 +951,14 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.17.0 * Add the following configurations which allow environment variables to be defined in a dictionary: - * `agents.containers.agent.envDict` - * `agents.containers.processAgent.envDict` - * `agents.containers.securityAgent.envDict` - * `agents.containers.systemProbe.envDict` - * `agents.containers.traceAgent.envDict` - * `clusterAgent.envDict` - * `clusterChecksRunner.envDict` - * `datadog.envDict` + * `agents.containers.agent.envDict` + * `agents.containers.processAgent.envDict` + * `agents.containers.securityAgent.envDict` + * `agents.containers.systemProbe.envDict` + * `agents.containers.traceAgent.envDict` + * `clusterAgent.envDict` + * `clusterChecksRunner.envDict` + * `datadog.envDict` ## 3.16.2 @@ -2019,7 +2019,7 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.11.6 * Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. - Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. +Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. ## 2.11.5 @@ -2202,9 +2202,9 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A * Changes default values to activate a maximum of built-in features to ease configuration. Notable changes: - * Cluster Agent, cluster checks and event collection are activated by default - * DatadogMetrics CRD usage is activated by default if ExternalMetrics are used - * Dogstatsd non-local traffic is activated by default (hostPort usage is not) + * Cluster Agent, cluster checks and event collection are activated by default + * DatadogMetrics CRD usage is activated by default if ExternalMetrics are used + * Dogstatsd non-local traffic is activated by default (hostPort usage is not) * Bump Agent version to `7.25.0` and Cluster Agent version to `1.10.0` * Introduce `.registry` parameter to quickly change registry for all Datadog images. Image name is retrieved from `.image.name`, however setting `.image.repository` still allows to override per image, ensuring backward compatibility @@ -2376,7 +2376,7 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.4.23 * Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment - variables, instead of passing one by one. +variables, instead of passing one by one. ## 2.4.22 @@ -2394,14 +2394,14 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A * Add NetworkPolicy Add the following parameters to control the creation of NetworkPolicy: - * `agents.networkPolicy.create` - * `clusterAgent.networkPolicy.create` - * `clusterChecksRunner.networkPolicy.create` - The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. - In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted - by IP but the datadog intake IP cannot be guaranteed to be stable. - The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations - that can be dynamically added to them. + * `agents.networkPolicy.create` + * `clusterAgent.networkPolicy.create` + * `clusterChecksRunner.networkPolicy.create` + The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. + In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted + by IP but the datadog intake IP cannot be guaranteed to be stable. + The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations + that can be dynamically added to them. ## 2.4.18 @@ -2731,7 +2731,7 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.1.2 * Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt - config to this environment variable. +config to this environment variable. ## 2.1.1 @@ -2804,4 +2804,4 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A * Cleanup useless or unused values parameters. * each component have its own RBAC configuration (create,configuration). * container runtime socket update values configuration simplification. -* `nameOverride` `fullnameOverride` is now optional in values.yaml. \ No newline at end of file +* `nameOverride` `fullnameOverride` is now optional in values.yaml. From 021c9261ada6ca39dc8d163f763738c92270c464 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Mon, 24 Feb 2025 17:23:08 -0600 Subject: [PATCH 15/20] Revert unnecessary changes --- ...gent-clusterchecks-deployment_default.yaml | 12 +-- .../cluster-agent-deployment_default.yaml | 14 ++-- ...loyment_default_advanced_AC_injection.yaml | 14 ++-- ...ployment_default_minimal_AC_injection.yaml | 14 ++-- test/datadog/baseline/daemonset_default.yaml | 54 ++++++------- .../baseline/gdc_daemonset_default.yaml | 30 +++---- .../gdc_daemonset_logs_collection.yaml | 30 +++---- test/datadog/baseline/other_default.yaml | 80 +++++++++---------- 8 files changed, 124 insertions(+), 124 deletions(-) diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 1aaccf93a..c99a44658 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: clusterchecks-agent - + spec: replicas: 2 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + name: datadog-clusterchecks annotations: checksum/clusteragent_token: d9b3af416ecff4819b57dfe0c64429d869712b3b36f947eb85b9311a05d79192 @@ -76,7 +76,7 @@ spec: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: - + - name: KUBERNETES value: "yes" - name: DD_API_KEY @@ -129,8 +129,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - + + resources: {} volumeMounts: @@ -189,4 +189,4 @@ spec: app: datadog-clusterchecks topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index f153cb030..a37a19a0f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: 771d105929d3021acd21a2f768baaf4bbe522635b4a4184bc0e995f59685b55d @@ -90,7 +90,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -119,8 +119,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -183,7 +183,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -268,4 +268,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 02a94755a..adab2ea3a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: 4eed4c4ff3c9fb2e8477919438698cb7ac0b982f10a744099dd77af952b777c2 @@ -90,7 +90,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -119,8 +119,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED @@ -197,7 +197,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -282,4 +282,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index b4b5e0da0..0f62680f6 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -33,7 +33,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: 50ce670f2c8620a094fa935fdc1b8868a9a96c7e2e79abb0b5ac70b4e382f509 @@ -90,7 +90,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -119,8 +119,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED @@ -193,7 +193,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -278,4 +278,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 652e13ab1..fcb0f3e3f 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -12,7 +12,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: agent - + spec: revisionHistoryLimit: 10 selector: @@ -27,7 +27,7 @@ spec: app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + name: datadog annotations: checksum/clusteragent_token: 63460e3fbf5bf6ce23a5e2e71e18ca3674fe22b92bb3c666c6b2a1ebfdae397d @@ -36,7 +36,7 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 hostPID: true @@ -45,7 +45,7 @@ spec: image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -62,7 +62,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -75,9 +75,9 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - - + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -124,7 +124,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -134,7 +134,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -146,7 +146,7 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - + - name: os-release-file mountPath: /host/etc/os-release readOnly: true @@ -156,12 +156,12 @@ spec: - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + - name: dsdsocket mountPath: /var/run/datadog readOnly: false @@ -209,7 +209,7 @@ spec: - name: trace-agent image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: {} ports: @@ -226,7 +226,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -239,7 +239,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -249,7 +249,7 @@ spec: secretKeyRef: name: datadog-cluster-agent key: token - + - name: DD_LOG_LEVEL value: "INFO" - name: DD_APM_ENABLED @@ -276,7 +276,7 @@ spec: valueFrom: configMapKeyRef: name: datadog-kpi-telemetry-configmap - key: install_type + key: install_type volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -301,12 +301,12 @@ spec: - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + livenessProbe: initialDelaySeconds: 15 periodSeconds: 15 @@ -314,7 +314,7 @@ spec: port: 8126 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -326,7 +326,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: @@ -345,7 +345,7 @@ spec: mountPath: /host/proc mountPropagation: None readOnly: true - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None @@ -360,7 +360,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -373,7 +373,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + resources: {} volumes: @@ -384,7 +384,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -424,4 +424,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 4d4abe691..a6a69a261 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -36,7 +36,7 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 containers: @@ -44,7 +44,7 @@ spec: image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -61,7 +61,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -87,8 +87,8 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - - + + - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -123,7 +123,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -133,7 +133,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -145,15 +145,15 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - + - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - - + + - name: kubelet-cert-volume mountPath: /certs livenessProbe: @@ -187,7 +187,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -199,7 +199,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: @@ -221,7 +221,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -257,7 +257,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -277,4 +277,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 4c279b04f..10f5cf884 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -36,7 +36,7 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 containers: @@ -44,7 +44,7 @@ spec: image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -61,7 +61,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -87,8 +87,8 @@ spec: value: "false" - name: DD_PROVIDER_KIND value: gke-gdc - - + + - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -123,7 +123,7 @@ spec: - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -133,7 +133,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -145,15 +145,15 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - + - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - - + + - name: pointerdir mountPath: /opt/datadog-agent/run mountPropagation: None @@ -199,7 +199,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -211,7 +211,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: @@ -233,7 +233,7 @@ spec: value: "false" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_KUBELET_CLIENT_CRT @@ -269,7 +269,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -298,4 +298,4 @@ spec: updateStrategy: rollingUpdate: maxUnavailable: 10% - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 417478036..7685e8bf4 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -149,7 +149,7 @@ data: {} annotations_as_tags: {} - + kubernetes_apiserver.yaml: |- init_config: instances: @@ -823,7 +823,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: agent - + spec: revisionHistoryLimit: 10 selector: @@ -838,7 +838,7 @@ spec: app.kubernetes.io/component: agent admission.datadoghq.com/enabled: "false" app: datadog - + name: datadog annotations: checksum/clusteragent_token: 76b7e48f3b6f5a69bd69caca36858256aecfe72ae9482cb3cff7176bfba8c1bb @@ -847,7 +847,7 @@ spec: checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a spec: - + securityContext: runAsUser: 0 hostPID: true @@ -856,7 +856,7 @@ spec: image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] - + resources: {} ports: @@ -873,7 +873,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -886,9 +886,9 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - - + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -932,11 +932,11 @@ spec: value: "/var/run/datadog/dsd.socket" - name: DD_EXTRA_CONFIG_PROVIDERS value: "endpointschecks" - + - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" + value: "true" - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: "true" - name: DD_EXPVAR_PORT @@ -946,7 +946,7 @@ spec: - name: DD_CONTAINER_IMAGE_ENABLED value: "true" - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" + value: "true" volumeMounts: - name: logdatadog mountPath: /var/log/datadog @@ -958,7 +958,7 @@ spec: - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - + - name: os-release-file mountPath: /host/etc/os-release readOnly: true @@ -968,12 +968,12 @@ spec: - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + - name: dsdsocket mountPath: /var/run/datadog readOnly: false @@ -1021,7 +1021,7 @@ spec: - name: trace-agent image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: {} ports: @@ -1038,7 +1038,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1051,7 +1051,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -1061,7 +1061,7 @@ spec: secretKeyRef: name: datadog-cluster-agent key: token - + - name: DD_LOG_LEVEL value: "INFO" - name: DD_APM_ENABLED @@ -1088,7 +1088,7 @@ spec: valueFrom: configMapKeyRef: name: datadog-kpi-telemetry-configmap - key: install_type + key: install_type volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -1113,12 +1113,12 @@ spec: - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - + livenessProbe: initialDelaySeconds: 15 periodSeconds: 15 @@ -1126,7 +1126,7 @@ spec: port: 8126 timeoutSeconds: 5 initContainers: - - name: init-volume + - name: init-volume image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1138,7 +1138,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config + - name: init-config image: "gcr.io/datadoghq/agent:7.63.0" imagePullPolicy: IfNotPresent command: @@ -1157,7 +1157,7 @@ spec: mountPath: /host/proc mountPropagation: None readOnly: true - + - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None @@ -1172,7 +1172,7 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1185,7 +1185,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - + resources: {} volumes: @@ -1196,7 +1196,7 @@ spec: name: datadog-installinfo - name: config emptyDir: {} - + - name: logdatadog emptyDir: {} - name: tmpdir @@ -1251,7 +1251,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: clusterchecks-agent - + spec: replicas: 2 revisionHistoryLimit: 10 @@ -1272,7 +1272,7 @@ spec: app.kubernetes.io/component: clusterchecks-agent admission.datadoghq.com/enabled: "false" app: datadog-clusterchecks - + name: datadog-clusterchecks annotations: checksum/clusteragent_token: daa174eddd987c6413de2d94a6369e9241c95486be083fe1a97f1ec6a65e4040 @@ -1315,7 +1315,7 @@ spec: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: - + - name: KUBERNETES value: "yes" - name: DD_API_KEY @@ -1368,8 +1368,8 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - + + resources: {} volumeMounts: @@ -1443,7 +1443,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app.kubernetes.io/component: cluster-agent - + spec: replicas: 1 revisionHistoryLimit: 10 @@ -1464,7 +1464,7 @@ spec: app.kubernetes.io/component: cluster-agent admission.datadoghq.com/enabled: "false" app: datadog-cluster-agent - + name: datadog-cluster-agent annotations: checksum/clusteragent_token: d2e4a6d1ba18dde0aec744258e2bee3527c24715f206a6eb1b14e4c216f30345 @@ -1519,7 +1519,7 @@ spec: name: "datadog-secret" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -1548,8 +1548,8 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - - + + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -1614,7 +1614,7 @@ spec: configMapKeyRef: name: datadog-kpi-telemetry-configmap key: install_type - + livenessProbe: failureThreshold: 6 httpGet: @@ -1699,4 +1699,4 @@ spec: app: datadog-cluster-agent topologyKey: kubernetes.io/hostname nodeSelector: - kubernetes.io/os: linux + kubernetes.io/os: linux \ No newline at end of file From 6ac2dd7f475c5eb22311be99d1ddd60f40e5b634 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Mon, 24 Feb 2025 17:25:30 -0600 Subject: [PATCH 16/20] Update helm docs --- charts/datadog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5a3df46be..e06cbe21a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.96.0](https://img.shields.io/badge/Version-3.96.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.97.0](https://img.shields.io/badge/Version-3.97.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). From f4f4bbc5ac4286c5be4602b642623e08c9f35504 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood <6599778+hmahmood@users.noreply.github.com> Date: Tue, 25 Feb 2025 09:54:24 -0600 Subject: [PATCH 17/20] Update min version Co-authored-by: Fanny Jiang --- charts/datadog/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 59dc19f20..e920873cb 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -2,7 +2,7 @@ ## 3.97.0 -* Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1376000 or later). +* Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1729000 or later). ## 3.96.0 From ee3c93bce266432fd90299021440b6e4061ae2e8 Mon Sep 17 00:00:00 2001 From: Hasan Mahmood Date: Tue, 25 Feb 2025 15:48:45 -0600 Subject: [PATCH 18/20] Fix tests --- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- .../baseline/gdc_daemonset_default.yaml | 6 +- .../gdc_daemonset_logs_collection.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- test/datadog/process_agent_test.go | 16 ++-- 9 files changed, 77 insertions(+), 77 deletions(-) diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index c99a44658..ec6c3879d 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: d9b3af416ecff4819b57dfe0c64429d869712b3b36f947eb85b9311a05d79192 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: fb38be7bf9d3ccd1b3131533f546bd19a988c7c14782de927c17961d1424187e + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a37a19a0f..7bdb0fe90 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 771d105929d3021acd21a2f768baaf4bbe522635b4a4184bc0e995f59685b55d - checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 - checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 + checksum/clusteragent_token: b65ee414914b9a6ee392eca0e75954dd0c82392e928ba5c132bc3b8d87289e84 + checksum/clusteragent-configmap: a8d8407b30d9607920c5264e9d9ad3168a9033c1199ac4a3ba9432a8170cac9e + checksum/api_key: 519ab774188b96a29d063e37d0c61441711c5724c813c97523b3d6014df97d4b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index adab2ea3a..1a64494a9 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4eed4c4ff3c9fb2e8477919438698cb7ac0b982f10a744099dd77af952b777c2 - checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 - checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 + checksum/clusteragent_token: 9032b9fdb5cc14cbd067e476fce330a14c0664a485b0ae25026c87803d07e888 + checksum/clusteragent-configmap: a8d8407b30d9607920c5264e9d9ad3168a9033c1199ac4a3ba9432a8170cac9e + checksum/api_key: 519ab774188b96a29d063e37d0c61441711c5724c813c97523b3d6014df97d4b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 0f62680f6..e1418f4c1 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 50ce670f2c8620a094fa935fdc1b8868a9a96c7e2e79abb0b5ac70b4e382f509 - checksum/clusteragent-configmap: 526621b6025adf66ae46fbbd8477ca9f9683c7db50f65e84d449c5d8c8a66f02 - checksum/api_key: 8122e1d841c3b3d38f070ddb0ea377f20a7c47efd4f50cc2107281eacd6b6bb0 + checksum/clusteragent_token: 5cc575cb39b2a9ccfe79888a8b906208076800cd3f718a14e4f7b39166c3d355 + checksum/clusteragent-configmap: a8d8407b30d9607920c5264e9d9ad3168a9033c1199ac4a3ba9432a8170cac9e + checksum/api_key: 519ab774188b96a29d063e37d0c61441711c5724c813c97523b3d6014df97d4b checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index fcb0f3e3f..371efdd72 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 63460e3fbf5bf6ce23a5e2e71e18ca3674fe22b92bb3c666c6b2a1ebfdae397d - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 99b4ace0c270320a0217053f44e424ed723323034d143263080b4b1f93e93fb9 + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index a6a69a261..a260ec65b 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 7ea7ba292c47ff4bb9428c79db844d419821934dd23f00ab15178a294a24eea6 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 105e8cc4d536a0658f36f759d97d493705870c05b78461666c9f9b29aa8580d3 + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 10f5cf884..8e49bcdd9 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: ecd2ba8ac890860d56ebbef729ec7282e9c0ca9d71fc1f1b4308a5bd898ea809 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: be3e8129c247c84c5304e5b859623e7fdbdfed24013e12aca56545a9fcf14353 + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 7685e8bf4..2eee92ede 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.97.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.97.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "Z3RQU2hXVXl6RUIxUXRoMnQ3OVNwNk9PaDJHSXZ6TFk=" + token: "WGc4bm1oOHBJejJuSWVPek5vTEM2ZUtIY0xWS0IxS1M=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -164,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.94.0 + installer_version: datadog-3.97.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -186,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "7ab6981b-5b1d-4490-82ec-22b25031e1ef" - install_time: "1739998016" + install_id: "b88ae58a-e603-4a63-8180-6a07cd946dc0" + install_time: "1740520073" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -426,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -522,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -577,7 +577,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -597,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -617,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -674,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -696,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -717,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -740,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -762,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.97.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -788,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.94.0" + chart: "datadog-3.97.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,7 +817,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -841,8 +841,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 76b7e48f3b6f5a69bd69caca36858256aecfe72ae9482cb3cff7176bfba8c1bb - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: abed9634f153b43d8f6a2a847f92908dc28c859f2f05be7db93086cae7102a42 + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1245,7 +1245,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1275,8 +1275,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: daa174eddd987c6413de2d94a6369e9241c95486be083fe1a97f1ec6a65e4040 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 5a73800c3ba828c875693364360b67c25372e20ae7a48a25476773bd0b6a1aeb + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1437,7 +1437,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.94.0' + helm.sh/chart: 'datadog-3.97.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1467,9 +1467,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d2e4a6d1ba18dde0aec744258e2bee3527c24715f206a6eb1b14e4c216f30345 - checksum/clusteragent-configmap: 3e1d28b00f05be6ed53a01f58794b605d25fcc847c2348f7ede166ee0f2ee128 - checksum/install_info: f22e5b8c2c7eff515e831f89ce1cba51ae3b2b4280f08c7dbacca373c3ac097f + checksum/clusteragent_token: 8373c51ebd10f30bb11db673eb77e1a713fecd61042904d698c1c3fcd10d6ebd + checksum/clusteragent-configmap: 7f2e5c02f010b0f49203e9afe6746da43f055e6693668bd31879185a3074e2b8 + checksum/install_info: 5281315a22fb7bc4476bc77fbd49194b5b7e7586f06bb8dfb1851492d28dfc64 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 10946f82d..9f1e986d7 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -179,10 +179,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.tag": "7.52.0", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -195,10 +195,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", }, }, assertions: verifyLinuxRunInCoreAgentOld, From 64df0bc8f56f0a4af4bfd6e9dca1196254d71602 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 27 Feb 2025 20:03:26 -0500 Subject: [PATCH 19/20] Handle older GKE versions (#1720) * handle gke autopilot < GKE 1.32.1-gke.1729000 * fix autopilot test * fix and condition to or * fixes --- .../ci/gke-autopilot-cri-less-values.yaml | 2 ++ charts/datadog/ci/gke-autopilot-values.yaml | 2 ++ charts/datadog/templates/NOTES.txt | 10 ++++++- .../_container-host-release-volumemounts.yaml | 4 +-- .../templates/_daemonset-volumes-linux.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 29 +++++++++++++++++-- .../gke_autopilot_allowlist_synchronizer.yaml | 2 ++ test/datadog/autopilot_test.go | 1 + 8 files changed, 45 insertions(+), 7 deletions(-) diff --git a/charts/datadog/ci/gke-autopilot-cri-less-values.yaml b/charts/datadog/ci/gke-autopilot-cri-less-values.yaml index be7beadf1..5ac38cbd8 100644 --- a/charts/datadog/ci/gke-autopilot-cri-less-values.yaml +++ b/charts/datadog/ci/gke-autopilot-cri-less-values.yaml @@ -2,6 +2,8 @@ datadog: apiKey: "00000000000000000000000000000000" appKey: "0000000000000000000000000000000000000000" + envDict: + DD_CI: true logs: enabled: true diff --git a/charts/datadog/ci/gke-autopilot-values.yaml b/charts/datadog/ci/gke-autopilot-values.yaml index 8be7f339f..87a904cbe 100644 --- a/charts/datadog/ci/gke-autopilot-values.yaml +++ b/charts/datadog/ci/gke-autopilot-values.yaml @@ -5,6 +5,8 @@ providers: datadog: apiKey: "00000000000000000000000000000000" appKey: "0000000000000000000000000000000000000000" + envDict: + DD_CI: true logs: enabled: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index ebbc04e51..084949e10 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -337,7 +337,7 @@ You are using datadog.orchestratorExplorer.enabled but you disabled the cluster To enable it please set clusterAgent.enabled to 'true'. {{- end }} -{{- if .Values.providers.gke.autopilot}} +{{- if and (.Values.providers.gke.autopilot) (not .Values.datadog.envDict.DD_CI)}} ########################################################################################### #### WARNING: Only one Datadog chart release allowed by namespace on GKE Autopilot #### @@ -347,6 +347,14 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes * The serviceAccountName must be "datadog-agent". * All ConfigMap names mounted must be hardcode. +{{- if and (eq (include "system-probe-feature" .) "true") (eq (include "gke-autopilot-workloadallowlists-enabled" .) "false") }} + +############################################################################################## +#### WARNING: System Probe on GKE Autopilot requires GKE v1.32.1-gke.1729000 or later #### +############################################################################################## +{{- fail "System Probe on GKE Autopilot environments requires GKE v1.32.1-gke.1729000 or later. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} + +{{- end }} {{- if and .Values.providers.gke.cos .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} ################################################################################# diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 274b176af..189a06f10 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,6 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} -{{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} - {{- if not .Values.providers.gke.gdc }} +{{- if eq (include "should-add-host-path-for-os-release-file" .) "true" }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -12,4 +11,3 @@ {{- end }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 9e4415d91..da78a43ba 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -17,7 +17,7 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- if eq (include "should-add-host-path-for-os-release-file" .) "true"}} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 80d2252f9..db31eb837 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -53,6 +53,7 @@ false Check if target cluster is running GKE Autopilot. */}} {{- define "is-autopilot" -}} +{{- if .Values.providers.gke.autopilot -}} {{- $nodes := (lookup "v1" "Node" "" "").items }} {{- if and $nodes (gt (len $nodes) 0) -}} {{- $node := index $nodes 0 -}} @@ -64,6 +65,9 @@ false {{- else -}} false {{- end -}} +{{- else -}} +false +{{- end -}} {{- end -}} {{/* @@ -374,7 +378,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} +{{- if or (and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc)) (eq (include "gke-autopilot-workloadallowlists-enabled" . ) "true") -}} true {{- else -}} false @@ -1058,7 +1062,7 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} - {{- if .Values.providers.gke.gdc -}} + {{- if or (.Values.providers.gke.gdc) (and (.Values.providers.gke.autopilot) (not (eq (include "gke-autopilot-workloadallowlists-enabled" .) "true"))) -}} false {{- else if ne .Values.targetSystem "linux" -}} false @@ -1099,6 +1103,27 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Returns true if Host path for os-release-file needs to be added to the volumes. +*/}} +{{- define "should-add-host-path-for-os-release-file" -}} +{{- if .Values.providers.gke.gdc -}} +false +{{- end }} +{{- if or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled -}} +{{- if .Values.providers.gke.autopilot -}} +{{- if eq (include "gke-autopilot-workloadallowlists-enabled" .) "true" -}} +true +{{- else -}} +false +{{- end -}} +{{- else -}} +true +{{- end -}} +{{- else -}} +false +{{- end -}} +{{- end -}} {{/* Returns true if Host paths for default OS Release Paths need to be added to the volumes. diff --git a/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml index 013a84cc6..ff19473c9 100644 --- a/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml +++ b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml @@ -3,6 +3,8 @@ apiVersion: auto.gke.io/v1 kind: AllowlistSynchronizer metadata: name: datadog-synchronizer + annotations: + helm.sh/hook: "pre-install,pre-upgrade" spec: allowlistPaths: - Datadog/datadog/datadog-datadog-daemonset-exemption-v1.0.1.yaml diff --git a/test/datadog/autopilot_test.go b/test/datadog/autopilot_test.go index 3a7abade6..83c27df74 100644 --- a/test/datadog/autopilot_test.go +++ b/test/datadog/autopilot_test.go @@ -34,6 +34,7 @@ func Test_autopilotConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ + "DD_CI": "true", "datadog.apiKeyExistingSecret": "datadog-secret", "datadog.appKeyExistingSecret": "datadog-secret", "providers.gke.autopilot": "true", From caf9e6534f211df0e83fd5d90766769b84c39a4f Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 28 Feb 2025 15:05:14 -0500 Subject: [PATCH 20/20] bump chart version --- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index aea08f036..eefcb5779 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.99.0 +version: 3.100.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index ef3c8dd29..5991225e6 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.99.0](https://img.shields.io/badge/Version-3.99.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.100.0](https://img.shields.io/badge/Version-3.100.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).