From 869bec77ee62d97c98acdda672f78af5a28a500d Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 6 Sep 2024 14:48:58 -0400 Subject: [PATCH 01/14] wip --- charts/datadog/templates/NOTES.txt | 82 +++++++++++-------- .../datadog/templates/_container-agent.yaml | 14 ++-- .../_container-host-release-volumemounts.yaml | 2 +- .../templates/_container-otel-agent.yaml | 6 +- .../templates/_container-process-agent.yaml | 8 +- .../templates/_container-security-agent.yaml | 2 + .../templates/_container-trace-agent.yaml | 4 +- .../templates/_containers-init-linux.yaml | 8 +- charts/datadog/templates/_helpers.tpl | 25 +++--- .../templates/cluster-agent-deployment.yaml | 2 +- charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 3 + 12 files changed, 97 insertions(+), 61 deletions(-) diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 9201c6a04..fb14226e5 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -323,7 +323,9 @@ You are using datadog.orchestratorExplorer.enabled but you disabled the cluster To enable it please set clusterAgent.enabled to 'true'. {{- end }} -{{- if .Values.providers.gke.autopilot}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc}} + +{{- if not .Values.providers.gke.gdc}} ########################################################################################### #### WARNING: Only one Datadog chart release allowed by namespace on GKE Autopilot #### @@ -333,12 +335,23 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes * The serviceAccountName must be "datadog-agent". * All ConfigMap names mounted must be hardcode. +{{- end }} + +{{- if and (not .Values.providers.gke.autopilot) (not .Values.datadog.clusterName)}} + +########################################################################### +#### WARNING: Cluster name must be set on Google Distributed Cloud #### +########################################################################### +{{- fail "On Google Distributed Cloud environments, cluster name must be set with `datadog.clusterName`." }} + +{{- end }} + {{- if eq (include "system-probe-feature" .) "true" }} -##################################################################### -#### WARNING: System Probe is not supported on GKE Autopilot #### -##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} +################################################################################################## +#### WARNING: System Probe is not supported on GKE Autopilot nor Google Distributed Cloud #### +################################################################################################## +{{- fail "On GKE Autopilot and Google Distributed Cloud environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} {{- end }} @@ -354,57 +367,67 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled }} -###################################################################################### -#### WARNING: Cloud Workload Security (CWS) is not supported on GKE Autopilot #### -###################################################################################### +################################################################################################################### +#### WARNING: Cloud Workload Security (CWS) is not supported on GKE Autopilot nor Google Distributed Cloud #### +################################################################################################################### -{{- fail "On GKE Autopilot environments, Cloud Workload Security (CWS) is not supported. The options 'datadog.securityAgent.runtime.enabled' and 'datadog.securityAgent.runtime.fimEnabled' must be set 'false'" }} +{{- fail "On GKE Autopilot and Google Distributed Cloud environments, Cloud Workload Security (CWS) is not supported. The options 'datadog.securityAgent.runtime.enabled' and 'datadog.securityAgent.runtime.fimEnabled' must be set 'false'" }} {{- end }} {{- if .Values.agents.containers.initContainers.securityContext }} ###################################################################################################### -#### WARNING: Overwriting security contexts at container level not supported on GKE autopilot #### +#### WARNING: Overwriting security contexts at container level not supported on GKE Autopilot nor Google Distributed Cloud #### ###################################################################################################### -{{- fail "On GKE autopilot environments, overwriting default security context is not supported, these options will be ignored" }} +{{- fail "On GKE Autopilot and Google Distributed Cloud environments, overwriting default security context is not supported, these options will be ignored" }} {{- end }} {{- if .Values.datadog.securityAgent.compliance.enabled }} -################################################################################################# -#### WARNING: Cloud Security Posture Management (CSPM) is not supported on GKE Autopilot #### -################################################################################################# +############################################################################################################################## +#### WARNING: Cloud Security Posture Management (CSPM) is not supported on GKE Autopilot nor Google Distributed Cloud #### +############################################################################################################################## -{{- fail "On GKE autopilot environments, Cloud Security Posture Management (CSPM) is not supported. The option 'datadog.securityAgent.compliance.enabled' must be set to 'false'" }} +{{- fail "On GKE Autopilot and Google Distributed Cloud environments, Cloud Security Posture Management (CSPM) is not supported. The option 'datadog.securityAgent.compliance.enabled' must be set to 'false'" }} {{- end }} {{- if .Values.datadog.dogstatsd.useSocketVolume }} -################################################################################### -#### WARNING: dogstatsd with Unix socket is not supported on GKE Autopilot #### -################################################################################### +################################################################################################################ +#### WARNING: dogstatsd with Unix socket is not supported on GKE Autopilot nor Google Distributed Cloud #### +################################################################################################################ {{- end }} {{- if .Values.datadog.apm.socketEnabled }} -############################################################################## -#### WARNING: APM with Unix socket is not supported on GKE Autopilot #### -############################################################################## +########################################################################################################## +#### WARNING: APM with Unix socket is not supported on GKE Autopilot nor Google Distributed Cloud #### +########################################################################################################## {{- end }} {{- if .Values.datadog.networkMonitoring.enabled }} -####################################################################################### -#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### -####################################################################################### +#################################################################################################################### +#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot nor Google Distributed Cloud #### +#################################################################################################################### + +{{- fail "On GKE Autopilot and Google Distributed Cloud environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} -{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} +{{- end }} + +{{- if eq (include "should-enable-otel-agent" .) "true" }} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# +OTel collector is not supported on GKE Autopilot nor Google Distributed Cloud. +{{- fail "The OTel collector cannot be run on GKE Autopilot nor Google Distributed Cloud." }} {{- end }} @@ -592,15 +615,6 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ {{- end }} -{{- if and (eq (include "should-enable-otel-agent" .) "true") .Values.providers.gke.autopilot }} -################################################################# -#### WARNING: Configuration notice #### -################################################################# -OTel collector is not supported on GKE Autopilot. -{{- fail "The OTel collector cannot be run on GKE Autopilot." }} -{{- end }} - - {{- if (eq (include "should-enable-otel-agent" .) "true") }} ################################################################# #### WARNING: Private Beta notice #### diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 90200d49e..4bc77add8 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -198,17 +198,16 @@ {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: + {{- if not .Values.providers.gke.gdc }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs + {{- end }} {{- if eq .Values.targetSystem "linux" }} - name: installinfo subPath: install_info mountPath: /etc/datadog-agent/install_info readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} {{- if eq (include "should-mount-fips-configmap" .) "true" }} {{- include "linux-container-fips-proxy-cfg-volumemount" . | nindent 4 }} @@ -222,7 +221,12 @@ mountPath: {{ template "datadog.confPath" . }}/auth readOnly: false # Need RW to write auth token {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if and .Values.agents.useConfigMap (eq .Values.targetSystem "linux")}} - name: datadog-yaml @@ -230,7 +234,7 @@ subPath: datadog.yaml readOnly: true {{- end }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc)}} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -256,7 +260,7 @@ mountPath: /etc/passwd readOnly: true {{- end }} - {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} + {{- if and (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled) (not .Values.providers.gke.gdc)}} - name: pointerdir mountPath: /opt/datadog-agent/run mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..49d513810 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -3,7 +3,7 @@ - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} readOnly: true -{{- else if not .Values.providers.gke.autopilot}} +{{- else if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} readOnly: true diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml index 16e56bbe2..bae21907f 100644 --- a/charts/datadog/templates/_container-otel-agent.yaml +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -44,7 +44,7 @@ - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs - {{- if (not .Values.providers.gke.autopilot) }} + {{- if (not .Values.providers.gke.autopilot) }} # TODO GDC? - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true @@ -53,7 +53,7 @@ mountPath: {{ template "datadog.otelconfPath" . }} readOnly: true {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -70,7 +70,9 @@ mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index baeccc41a..b2d2624ee 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -49,6 +49,7 @@ - name: config mountPath: {{ template "datadog.confPath" . }} readOnly: true + {{- if not .Values.providers.gke.gdc }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs @@ -57,16 +58,17 @@ - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket - {{- end }} + {{- include "container-crisocket-volumemounts" . | nindent 4 }} - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to tmp directory {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} {{- end }} - {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if and .Values.agents.useConfigMap (eq .Values.targetSystem "linux")}} - name: datadog-yaml @@ -74,6 +76,7 @@ subPath: datadog.yaml readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} {{- if eq .Values.targetSystem "linux" }} - name: cgroups mountPath: /host/sys/fs/cgroup @@ -88,6 +91,7 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-socket-dir mountPath: /var/run/sysprobe diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml index 0a6be843e..a235f6eae 100644 --- a/charts/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/templates/_container-security-agent.yaml @@ -68,6 +68,8 @@ - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index c14094a09..21b2e2ddc 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -86,7 +86,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -96,6 +96,7 @@ mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory @@ -109,6 +110,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 089555505..04ab2e39b 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -26,9 +26,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -42,11 +39,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a67ce9c9b..b7a40d791 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -338,7 +338,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -361,7 +361,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -383,7 +383,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -394,7 +394,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -405,7 +405,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -418,7 +418,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -472,10 +472,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -486,10 +486,10 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} @@ -540,6 +540,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -852,7 +855,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 134f8a3c6..bef971154 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -208,7 +208,7 @@ spec: value: {{ .Values.clusterAgent.admissionController.mutateUnlabelled | quote }} - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service {{- if .Values.clusterAgent.admissionController.configMode }} value: {{ .Values.clusterAgent.admissionController.configMode }} {{- else if eq (include "trace-agent-use-uds" .) "true" }} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ba95268cf..ab01e002e 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -167,7 +167,7 @@ spec: {{- if eq .Values.targetSystem "windows" }} {{ include "daemonset-volumes-windows" . | nindent 6 }} {{- end }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} {{ include "daemonset-volumes-linux" . | nindent 6 }} {{- end }} {{- if eq (include "should-enable-otel-agent" .) "true" }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 08c514e49..8069871ff 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -2214,6 +2214,9 @@ providers: # providers.gke.cos -- Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) cos: false + # providers.gke.gdc -- Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) + gdc: false + eks: ec2: # providers.eks.ec2.useHostnameFromFile -- Use hostname from EC2 filesystem instead of fetching from metadata endpoint. From 69581602a00839b3d15dfa5cf82c0097735181e7 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 11 Sep 2024 17:11:24 -0400 Subject: [PATCH 02/14] add providers.gke.gdc option to datadog chart --- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 +- charts/datadog/templates/NOTES.txt | 2 +- .../datadog/templates/_container-agent.yaml | 11 +- .../templates/_containers-common-env.yaml | 6 + .../templates/_containers-init-linux.yaml | 4 +- .../templates/_daemonset-volumes-linux.yaml | 19 ++- charts/datadog/templates/_helpers.tpl | 10 +- .../templates/_processes-common-env.yaml | 4 +- charts/datadog/templates/daemonset.yaml | 4 +- ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 16 +- ...loyment_default_advanced_AC_injection.yaml | 16 +- ...ployment_default_minimal_AC_injection.yaml | 18 +-- test/datadog/baseline/daemonset_default.yaml | 52 +++---- test/datadog/baseline/other_default.yaml | 142 +++++++++--------- test/datadog/gdc_test.go | 81 ++++++++++ 17 files changed, 251 insertions(+), 151 deletions(-) create mode 100644 test/datadog/gdc_test.go diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9f0b0f3a0..ffcab874d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.7 +version: 3.71.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0edef6a9e..fc773bf14 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.7](https://img.shields.io/badge/Version-3.70.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.0](https://img.shields.io/badge/Version-3.71.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -871,6 +871,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index fb14226e5..1e2ac127a 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -337,7 +337,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes {{- end }} -{{- if and (not .Values.providers.gke.autopilot) (not .Values.datadog.clusterName)}} +{{- if and (not .Values.providers.gke.gdc) (not .Values.datadog.clusterName)}} ########################################################################### #### WARNING: Cluster name must be set on Google Distributed Cloud #### diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 4bc77add8..348f3efdf 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -57,9 +57,8 @@ {{- end }} env: {{- include "containers-common-env" . | nindent 4 }} - {{- include "fips-envvar" . | nindent 4 }} - {{- include "processes-common-envs" . | nindent 4 }} - + {{- include "fips-envvar" . | indent 4 }} + {{- include "processes-common-envs" . | indent 4 }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} @@ -121,7 +120,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -208,7 +207,7 @@ subPath: install_info mountPath: /etc/datadog-agent/install_info readOnly: true - {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} + {{- include "linux-container-host-release-volumemounts" . | indent 4 }} {{- if eq (include "should-mount-fips-configmap" .) "true" }} {{- include "linux-container-fips-proxy-cfg-volumemount" . | nindent 4 }} {{- end }} @@ -220,7 +219,7 @@ - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: false # Need RW to write auth token - {{- end }} + {{- end -}} {{- if not .Values.providers.gke.gdc }} - name: tmpdir mountPath: /tmp diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index dfb27ea2d..11dc763e1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -29,6 +29,12 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 04ab2e39b..fd0636250 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -16,7 +16,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 39ce80f63..f088eb837 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,13 +3,15 @@ emptyDir: {} - name: tmpdir emptyDir: {} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- end }} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file @@ -181,6 +183,18 @@ {{- end }} {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} +{{- if .Values.providers.gke.gdc }} +- name: pointerdir + emptyDir: {} +- name: logpodpath + emptyDir: {} +- name: logscontainerspath + emptyDir: {} +{{- if not .Values.datadog.criSocketPath }} +- name: logdockercontainerpath + emptyDir: {} +{{- end }} +{{ else }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs name: pointerdir @@ -196,7 +210,8 @@ name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- end }} +{{- if and (.Values.datadog.containerRuntimeSupport.enabled) (not .Values.providers.gke.gdc) }} - hostPath: path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} name: runtimesocketdir diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index b7a40d791..eaae463a8 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -869,7 +869,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -946,7 +946,7 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} - {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} + {{- if and (or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true")) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -974,6 +974,8 @@ Create RBACs for custom resources {{- include "get-process-checks-in-core-agent-envvar" . -}} {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} true + {{- else if .Values.providers.gke.gdc }} + false {{- else -}} false {{- end -}} @@ -989,8 +991,10 @@ Create RBACs for custom resources true {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} false - {{- else -}} + {{- else if (not .Values.providers.gke.gdc) -}} {{- include "process-checks-enabled" . -}} + {{- else -}} + false {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 41f723d26..65fcd07f8 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -1,5 +1,6 @@ # Defines set of environment variables for Processes-related checks. {{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: {{ .Values.datadog.processAgent.processCollection | quote }} - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -11,5 +12,6 @@ {{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} -{{- end }} +{{- end }} +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ab01e002e..755c5b0a4 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} @@ -167,7 +167,7 @@ spec: {{- if eq .Values.targetSystem "windows" }} {{ include "daemonset-volumes-windows" . | nindent 6 }} {{- end }} - {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} + {{- if and (eq .Values.targetSystem "linux") }} {{ include "daemonset-volumes-linux" . | nindent 6 }} {{- end }} {{- if eq (include "should-enable-otel-agent" .) "true" }} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 4cf8b1f8e..114311aed 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 898b7de0d59fe1803c9e99f2010332dae52edfc36ef050f7f77c7ab12b8709c5 - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: aef8984efc84cc91de09614a3205ae0cbceb4030d7de330710eaf9b3a0812840 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a7858e1f3..798d9de38 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1e89899244fb44ae50129b361b512027fd59eeec723dc4e43ec8c54084de2f92 - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: abc7cadd5ae687b721039e699d67fb4033862965624436a3e02b90c6840be068 + checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4 + checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent resources: {} @@ -100,7 +100,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 32656490f..50754c434 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7991408bb52fa0f7419e6e11edf9a98b11a769fe9fd4574652c99d896a836f3a - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: 5119315b86cd6b16ea696fa313fa8f63aeffc70c1bea6abaffacbfcf1692b436 + checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4 + checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent resources: {} @@ -100,7 +100,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 25417c0a1..a3ec5a5c1 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1c7f1ed04182e5250ad3cdd92f5e0549d68b792b85514efd1343d473b4b0ed31 - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: 271bdd2e707b2773c1a35a8d638a42d3aabfcb8e3f89e0d87f9c92b363be1fa8 + checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4 + checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent resources: {} @@ -100,7 +100,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.55.2 + value: 7.56.2 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 4b877c588..7ced7a280 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: de542da9e3ea422b2ed413961187c1fe5bd28d1608c78a8bb16a4bc64b508e9b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 8f4f65b43d7e9972571c43d520ee4d9bdf657c7636f6a7fa82642f5817f113d8 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -74,8 +74,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -140,11 +139,7 @@ spec: - name: installinfo subPath: install_info mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - + readOnly: true - name: os-release-file mountPath: /host/etc/os-release readOnly: true @@ -154,6 +149,9 @@ spec: - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory - name: runtimesocketdir mountPath: /host/var/run @@ -202,7 +200,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -308,7 +306,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -346,6 +344,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -377,6 +376,11 @@ spec: - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to tmp directory @@ -385,11 +389,6 @@ spec: mountPath: /host/etc/os-release readOnly: true - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - name: cgroups mountPath: /host/sys/fs/cgroup mountPropagation: None @@ -402,10 +401,8 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - - image: "gcr.io/datadoghq/agent:7.55.2" + - name: init-volume + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -416,9 +413,8 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - - image: "gcr.io/datadoghq/agent:7.55.2" + - name: init-config + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: - bash @@ -426,12 +422,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index cdb527639..00efbdfcc 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.71.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.71.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "Y2NkeDBJRG50UWdHTlRiUWtIMTNRV2x2Wkk2VVA5VEE=" + token: "b0pPTE1Od1RZSURkVFp4NVR0RG10TEI0MUpKQzhSbFA=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -157,20 +157,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.69.3 + installer_version: datadog-3.71.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +179,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "ea017c66-3746-4347-86ef-32a14ddda1c7" - install_time: "1723838680" + install_id: "effc053e-24e3-4f67-b3fd-43589e497c1e" + install_time: "1726089070" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +409,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +505,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +553,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +573,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +593,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +614,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +633,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +650,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +672,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +693,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +716,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +738,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.71.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +764,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.71.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +793,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +817,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 2eda47b55579b010297762c6bc060f2992f6c3663c187124b71071457e50321d - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 763435887854a2bbc75b5b4c63d94aa650e06076bc3130a431dae364bdb87911 + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -829,7 +829,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -861,8 +861,7 @@ spec: fieldPath: status.hostIP - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -928,11 +927,7 @@ spec: - name: installinfo subPath: install_info mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - + readOnly: true - name: os-release-file mountPath: /host/etc/os-release readOnly: true @@ -942,6 +937,9 @@ spec: - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory - name: runtimesocketdir mountPath: /host/var/run @@ -990,7 +988,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1096,7 +1094,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1134,6 +1132,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1165,6 +1164,11 @@ spec: - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to tmp directory @@ -1173,11 +1177,6 @@ spec: mountPath: /host/etc/os-release readOnly: true - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - name: cgroups mountPath: /host/sys/fs/cgroup mountPropagation: None @@ -1190,10 +1189,8 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - - image: "gcr.io/datadoghq/agent:7.55.2" + - name: init-volume + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1204,9 +1201,8 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - - image: "gcr.io/datadoghq/agent:7.55.2" + - name: init-config + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: - bash @@ -1214,12 +1210,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1311,7 +1307,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1341,8 +1337,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: df513ccb46ac6f45f78030ba267aede6b25632a9d5beda28d8d1e3edf07a1601 - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: fb0b185492452707806a81b1383a7711d2bb5277c31eb7e3af7d261341d7492c + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1350,7 +1346,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1362,7 +1358,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1375,7 +1371,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.56.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1502,7 +1498,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.71.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1532,15 +1528,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 61cab1de9ffa31fa392576b66b69e7fef5e5918ac8257f49fa119b96c0941f34 - checksum/clusteragent-configmap: 7d7437f233eef67301769d5141b59f31f12ac10c0354e17bf5ae9405058ea53b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 5091098b02bc9869be64467fc807c48625a2a2103320db6d2f61c987f8fa36e2 + checksum/clusteragent-configmap: f8ac56b7fb460daf68883ae9c5b53472bf479e5d1d6ba0d7731e9287d48b4f5c + checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent command: - cp @@ -1553,7 +1549,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.56.2" imagePullPolicy: IfNotPresent resources: {} @@ -1594,7 +1590,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go new file mode 100644 index 000000000..ab2d66493 --- /dev/null +++ b/test/datadog/gdc_test.go @@ -0,0 +1,81 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +func Test_gdcConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.clusterName": "test-gdce", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "providers.gke.gdc": "true", + }, + }, + assertions: verifyDaemonsetGDCMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + + assert.Equal(t, 1, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + + hasHostPathVolume := false + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + hasHostPathVolume = true + break + } + } + assert.False(t, hasHostPathVolume, "Daemonset has restricted hostPath mounted") + + hasHostPort := false + for _, container := range ds.Spec.Template.Spec.Containers { + for _, port := range container.Ports { + if port.HostPort > 0 { + hasHostPort = true + break + } + } + } + assert.False(t, hasHostPort, fmt.Sprintf("Daemonset has restricted hostPort mounted.")) +} From 1655869cd4f2bb14e78d449dc4139b77ad0e0cfe Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 11 Sep 2024 17:18:05 -0400 Subject: [PATCH 03/14] update test baselines --- .../agent-clusterchecks-deployment_default.yaml | 2 +- .../baseline/cluster-agent-deployment_default.yaml | 2 +- ...ent-deployment_default_advanced_AC_injection.yaml | 2 +- ...gent-deployment_default_minimal_AC_injection.yaml | 2 +- test/datadog/baseline/daemonset_default.yaml | 2 +- test/datadog/baseline/other_default.yaml | 12 ++++++------ 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 114311aed..2f55489c2 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: aef8984efc84cc91de09614a3205ae0cbceb4030d7de330710eaf9b3a0812840 + checksum/clusteragent_token: 7bfcacce3851bd3d191ceb05a9819900068f13f16b90db1cf88a71093bd55316 checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 798d9de38..5b5590a1e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: abc7cadd5ae687b721039e699d67fb4033862965624436a3e02b90c6840be068 + checksum/clusteragent_token: 73b27f1015d52bda3462e4f98d07ae94c503fe68efca5d8f5bb28b157fb528de checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4 checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 50754c434..fd848b01c 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5119315b86cd6b16ea696fa313fa8f63aeffc70c1bea6abaffacbfcf1692b436 + checksum/clusteragent_token: 794628a422d8e7016d2e151e0a354d52bd915f3e60556c0fe73e4291b6b56888 checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4 checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a3ec5a5c1..7bdcead40 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 271bdd2e707b2773c1a35a8d638a42d3aabfcb8e3f89e0d87f9c92b363be1fa8 + checksum/clusteragent_token: 27b3512843ed48cbc5fa9c68c6ead4f8b9968d9af9701100fe05c844bbd9228c checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4 checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 7ced7a280..a9a138998 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 8f4f65b43d7e9972571c43d520ee4d9bdf657c7636f6a7fa82642f5817f113d8 + checksum/clusteragent_token: eb4d70af702cc62d587780f0ef49d1cced594ed4e5cf01fc74a9ccc4030d7cb0 checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 00efbdfcc..2bb558b65 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "b0pPTE1Od1RZSURkVFp4NVR0RG10TEI0MUpKQzhSbFA=" + token: "N2NFQ2R5cmk1a21RT3VjMTdIREtZSFpxN0pHOTdlZW0=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -186,8 +186,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "effc053e-24e3-4f67-b3fd-43589e497c1e" - install_time: "1726089070" + install_id: "13c4debd-eba7-4246-aaf9-6ccd90355d13" + install_time: "1726089372" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -817,7 +817,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 763435887854a2bbc75b5b4c63d94aa650e06076bc3130a431dae364bdb87911 + checksum/clusteragent_token: dcbe0c40eb34e462cbfb38d064cf9e06b1738c3cd4cab3f1ff0db51fc9986e31 checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1337,7 +1337,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: fb0b185492452707806a81b1383a7711d2bb5277c31eb7e3af7d261341d7492c + checksum/clusteragent_token: 473b5d4cec61b5c5f6f252adff91d0be7171eb69a34d9da87853bf247c00494f checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: serviceAccountName: datadog-cluster-checks @@ -1528,7 +1528,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5091098b02bc9869be64467fc807c48625a2a2103320db6d2f61c987f8fa36e2 + checksum/clusteragent_token: 2913db5b97f7ad436d7f2846351e211c715874b756e87db98ca12ad1ab538af7 checksum/clusteragent-configmap: f8ac56b7fb460daf68883ae9c5b53472bf479e5d1d6ba0d7731e9287d48b4f5c checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41 spec: From 398fc4e2b31e93f00f36fb4bd516f26b2123bee9 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 11 Sep 2024 17:19:15 -0400 Subject: [PATCH 04/14] syntax fix --- test/datadog/gdc_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index ab2d66493..d846a87fe 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -1,7 +1,6 @@ package datadog import ( - "fmt" "github.com/DataDog/helm-charts/test/common" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" @@ -77,5 +76,5 @@ func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { } } } - assert.False(t, hasHostPort, fmt.Sprintf("Daemonset has restricted hostPort mounted.")) + assert.False(t, hasHostPort, "Daemonset has restricted hostPort mounted.") } From 251c84d65bfd546c5b14bec91903f92f2f9864b5 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 31 Oct 2024 15:15:14 -0400 Subject: [PATCH 05/14] add back logs hostPaths --- .../templates/_components-common-env.yaml | 6 ++++ .../datadog/templates/_container-agent.yaml | 33 ++++++++++--------- .../_container-cri-volumemounts.yaml | 2 +- .../templates/_containers-common-env.yaml | 8 +++-- .../templates/_daemonset-volumes-linux.yaml | 32 +++++++----------- charts/datadog/templates/_helpers.tpl | 19 ++++++++++- 6 files changed, 60 insertions(+), 40 deletions(-) diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 0a58d9114..0ca7b0363 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -64,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 9255f9a18..64ef5c59e 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -57,8 +57,9 @@ {{- end }} env: {{- include "containers-common-env" . | nindent 4 }} - {{- include "fips-envvar" . | indent 4 }} - {{- include "processes-common-envs" . | indent 4 }} + {{- include "fips-envvar" . | nindent 4 }} + {{- include "processes-common-envs" . | nindent 4 }} + {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} @@ -203,17 +204,18 @@ {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: - {{- if not .Values.providers.gke.gdc }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs - {{- end }} {{- if eq .Values.targetSystem "linux" }} - name: installinfo subPath: install_info mountPath: /etc/datadog-agent/install_info readOnly: true - {{- include "linux-container-host-release-volumemounts" . | indent 4 }} + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} {{- if eq (include "should-mount-fips-configmap" .) "true" }} {{- include "linux-container-fips-proxy-cfg-volumemount" . | nindent 4 }} {{- end }} @@ -225,13 +227,8 @@ - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: false # Need RW to write auth token - {{- end -}} - {{- if not .Values.providers.gke.gdc }} - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - {{- include "container-crisocket-volumemounts" . | nindent 4 }} {{- end }} + {{- include "container-crisocket-volumemounts" . | nindent 4 }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if and .Values.agents.useConfigMap (eq .Values.targetSystem "linux")}} - name: datadog-yaml @@ -239,7 +236,8 @@ subPath: datadog.yaml readOnly: true {{- end }} - {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc)}} + {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -265,9 +263,10 @@ mountPath: /etc/passwd readOnly: true {{- end }} - {{- if and (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled) (not .Values.providers.gke.gdc)}} + {{- end }} + {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir - mountPath: /opt/datadog-agent/run + mountPath: {{ include "linux-logs-run-path" . }} mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: false # Need RW for logs pointer - name: logpodpath @@ -278,7 +277,7 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -341,6 +340,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..e28e25c72 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if and (.Values.datadog.containerRuntimeSupport.enabled) (not .Values.providers.gke.gdc) }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index cd82d41d9..d6f580fef 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -32,9 +32,7 @@ {{- end }} {{- if .Values.providers.gke.gdc }} - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" {{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} @@ -134,6 +132,10 @@ {{- if eq .Values.targetSystem "windows" }} value: npipe://{{ (include "datadog.dockerOrCriSocketPath" .) | replace "\\" "/" }} {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_LOGS_CONFIG_RUN_PATH + value: {{ include "datadog.hostMountRoot" . }} +{{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 853cab765..9a91a297b 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -10,8 +10,7 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- end }} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file @@ -185,19 +184,13 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} -{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} -{{- if .Values.providers.gke.gdc }} -- name: pointerdir - emptyDir: {} -- name: logpodpath - emptyDir: {} -- name: logscontainerspath - emptyDir: {} -{{- if not .Values.datadog.criSocketPath }} -- name: logdockercontainerpath - emptyDir: {} +{{- if .Values.datadog.containerRuntimeSupport.enabled }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} {{- end }} -{{ else }} +{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs name: pointerdir @@ -207,16 +200,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- end }} -{{- if and (.Values.datadog.containerRuntimeSupport.enabled) (not .Values.providers.gke.gdc) }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index b33da4567..c705a3ad6 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -199,12 +199,27 @@ Return the container runtime socket Return agent log directory path */}} {{- define "datadog.logDirectoryPath" -}} -{{- if eq .Values.targetSystem "linux" -}} +{{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} /var/log/datadog {{- end -}} {{- if eq .Values.targetSystem "windows" -}} C:/ProgramData/Datadog/logs {{- end -}} +{{- if .Values.providers.gke.gdc -}} +/var/datadog/log +{{- end -}} +{{- end -}} + +{{/* +Return linux agent logs run path +*/}} +{{- define "linux-logs-run-path" -}} +{{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} +/opt/datadog-agent/run +{{- end -}} +{{- if .Values.providers.gke.gdc -}} +/var/datadog +{{- end -}} {{- end -}} {{/* @@ -237,6 +252,8 @@ Return agent host mount root {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} From baa2e7f7cebc2dcf49879ec8832972fcba8ab848 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 31 Oct 2024 16:29:07 -0400 Subject: [PATCH 06/14] cleanup/wip --- charts/datadog/templates/_container-agent.yaml | 2 +- .../_container-host-release-volumemounts.yaml | 4 +++- charts/datadog/templates/_container-otel-agent.yaml | 6 ++---- .../datadog/templates/_container-process-agent.yaml | 8 ++------ .../datadog/templates/_container-security-agent.yaml | 2 -- charts/datadog/templates/_helpers.tpl | 12 ++++++------ 6 files changed, 14 insertions(+), 20 deletions(-) diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 64ef5c59e..5219db7ed 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -266,7 +266,7 @@ {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir - mountPath: {{ include "linux-logs-run-path" . }} + mountPath: /opt/datadog-agent/run mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: false # Need RW for logs pointer - name: logpodpath diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 49d513810..b775b7953 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,11 +1,13 @@ {{- define "linux-container-host-release-volumemounts" -}} +{{- if not .Values.providers.gke.gdc }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} readOnly: true -{{- else if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} +{{- else if not .Values.providers.gke.autopilot}} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} readOnly: true {{- end }} {{- end }} +{{- end }} diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml index bae21907f..16e56bbe2 100644 --- a/charts/datadog/templates/_container-otel-agent.yaml +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -44,7 +44,7 @@ - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs - {{- if (not .Values.providers.gke.autopilot) }} # TODO GDC? + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true @@ -53,7 +53,7 @@ mountPath: {{ template "datadog.otelconfPath" . }} readOnly: true {{- if eq .Values.targetSystem "linux" }} - {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} + {{- if not .Values.providers.gke.autopilot }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -70,9 +70,7 @@ mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: true {{- end }} - {{- if not .Values.providers.gke.gdc }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} - {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index b2d2624ee..baeccc41a 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -49,7 +49,6 @@ - name: config mountPath: {{ template "datadog.confPath" . }} readOnly: true - {{- if not .Values.providers.gke.gdc }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs @@ -58,17 +57,16 @@ - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true - {{- end }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket - {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to tmp directory {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} {{- end }} - {{- end }} + {{- include "container-crisocket-volumemounts" . | nindent 4 }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if and .Values.agents.useConfigMap (eq .Values.targetSystem "linux")}} - name: datadog-yaml @@ -76,7 +74,6 @@ subPath: datadog.yaml readOnly: true {{- end }} - {{- if not .Values.providers.gke.gdc }} {{- if eq .Values.targetSystem "linux" }} - name: cgroups mountPath: /host/sys/fs/cgroup @@ -91,7 +88,6 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-socket-dir mountPath: /var/run/sysprobe diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml index a235f6eae..0a6be843e 100644 --- a/charts/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/templates/_container-security-agent.yaml @@ -68,8 +68,6 @@ - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true - {{- end }} - {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index c705a3ad6..b5d0db4a5 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -110,7 +110,7 @@ Create chart name and version as used by the chart label. Return true if the OTelAgent needs to be deployed */}} {{- define "should-enable-otel-agent" -}} -{{- if and .Values.datadog.otelCollector.enabled -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -211,7 +211,7 @@ C:/ProgramData/Datadog/logs {{- end -}} {{/* -Return linux agent logs run path +Return linux agent logs run path TODO: GDCE maybe remove this */}} {{- define "linux-logs-run-path" -}} {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} @@ -899,7 +899,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -926,7 +926,7 @@ Create RBACs for custom resources Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) (not .Values.providers.gke.gdc) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -1010,8 +1010,8 @@ Create RBACs for custom resources true {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} false - {{- else if (not .Values.providers.gke.gdc) -}} - {{- include "process-checks-enabled" . -}} + {{- else if .Values.providers.gke.gdc }} + false {{- else -}} false {{- end -}} From 20b93ee1fb140a73d5550ca212fdbc2e1f69556c Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 31 Oct 2024 19:09:56 -0400 Subject: [PATCH 07/14] fixes, add test, update baselines --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/ci/gke-gdc-values.yaml | 20 ++++ charts/datadog/templates/_helpers.tpl | 16 +-- charts/datadog/templates/daemonset.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 8 +- .../cluster-agent-deployment_default.yaml | 16 +-- ...loyment_default_advanced_AC_injection.yaml | 16 +-- ...ployment_default_minimal_AC_injection.yaml | 12 +-- test/datadog/baseline/daemonset_default.yaml | 21 ++-- test/datadog/baseline/other_default.yaml | 101 +++++++++--------- test/datadog/gdc_test.go | 24 +++-- 12 files changed, 131 insertions(+), 111 deletions(-) create mode 100644 charts/datadog/ci/gke-gdc-values.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index beda40817..0c5ec8e4d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.78.0 + +* Add Logs Collection support for Google GKE on GDC + ## 3.77.0 * Add experimental support for overlayfs direct scan for SBOMs diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 86efc78eb..d304475d8 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.0 +version: 3.77.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1fa52c369 --- /dev/null +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true \ No newline at end of file diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index b5d0db4a5..dad12d925 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -210,18 +210,6 @@ C:/ProgramData/Datadog/logs {{- end -}} {{- end -}} -{{/* -Return linux agent logs run path TODO: GDCE maybe remove this -*/}} -{{- define "linux-logs-run-path" -}} -{{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} -/opt/datadog-agent/run -{{- end -}} -{{- if .Values.providers.gke.gdc -}} -/var/datadog -{{- end -}} -{{- end -}} - {{/* Return agent config path */}} @@ -511,7 +499,7 @@ Return true if a APM over UDS is configured. Return always false on GKE Autopilo {{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -1013,7 +1001,7 @@ Create RBACs for custom resources {{- else if .Values.providers.gke.gdc }} false {{- else -}} - false + {{- include "process-checks-enabled" . -}} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index d5822078e..45dc64663 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -167,7 +167,7 @@ spec: {{- if eq .Values.targetSystem "windows" }} {{ include "daemonset-volumes-windows" . | nindent 6 }} {{- end }} - {{- if and (eq .Values.targetSystem "linux") }} + {{- if eq .Values.targetSystem "linux" }} {{ include "daemonset-volumes-linux" . | nindent 6 }} {{- end }} {{- if eq (include "should-enable-otel-agent" .) "true" }} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 44e947585..a3622d3dc 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 46b1bd3e5501a2cfdd3d34f9f346042c26b3fcee8e32d95327c20a5101c1db66 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 2ce8b028cf95f2687b1cacdca90e200e44b269e92daadba85e1c02c09ce03129 + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -76,7 +76,7 @@ spec: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: - + - name: KUBERNETES value: "yes" - name: DD_API_KEY diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 091b3b169..5fc53211f 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: cca640a4dc199e529b846e953a6d37e8080ab2aeb4791125777661712c161032 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: 5fad34b0ce14762250b597db3379fd5fd781846665b68ce17e3e8ab64a79f9ac + checksum/clusteragent-configmap: 5b0b529782d92bbdfb9e82827a0390b221b451ba878ca88f3b8d3331e6bff0b2 + checksum/api_key: 5027443ab0bfa48f073c442ef27ef6cb33aa31a1a30ee4383749f536e3489aee checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -86,7 +86,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -101,7 +101,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog @@ -111,7 +111,7 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index e4ffd1097..0c4a2a0a8 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7761a2e69537a90814c4a56ca749333ab0c0a9c23ca77b27bd22d8c58ac75da2 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: da850f7bbf8b45e32555e6d1aaac0c92519b4b8708e6ea23fcd21058ad113f20 + checksum/clusteragent-configmap: 5b0b529782d92bbdfb9e82827a0390b221b451ba878ca88f3b8d3331e6bff0b2 + checksum/api_key: 5027443ab0bfa48f073c442ef27ef6cb33aa31a1a30ee4383749f536e3489aee checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -86,7 +86,7 @@ spec: name: "datadog" key: api-key optional: true - + - name: KUBERNETES value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED @@ -101,7 +101,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog @@ -111,7 +111,7 @@ spec: value: "8000" - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY value: "gcr.io/datadoghq" - + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 94bb3e583..d6d553b34 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 33dc54d9eba52c54cc95d41ac63222d92496535dd9905c88cadef49b1c994273 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: 0088af3c6c9e74de961aa3416d59d009341235f202abff37edf451351ce0949e + checksum/clusteragent-configmap: 5b0b529782d92bbdfb9e82827a0390b221b451ba878ca88f3b8d3331e6bff0b2 + checksum/api_key: 5027443ab0bfa48f073c442ef27ef6cb33aa31a1a30ee4383749f536e3489aee checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -101,7 +101,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 6f081c160..c8ae74956 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 961ab185a6d0f5b70b0e18b9c259c1ba532a15755b92a76561d20d95aac3787c - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: c860e39c91a48d5a7554391e6a1987a4324d0d0adc01e9ef9604c9add4b7064d + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -77,6 +77,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -349,6 +350,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -405,9 +407,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -419,8 +419,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: @@ -429,12 +428,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 50fcce917..e4d9a06de 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.77.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.77.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "ZDFCOWlKUnBzU0pDdTBWd3Azd05jb0MyRmdFVmhLazc=" + token: "WlRwa3p6SkFIWmU5TkZhb0M0ZFczdDVvQ3NoTzlHdG4=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.75.1 + installer_version: datadog-3.77.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "cf6e5120-49d5-4b2f-be9d-c98048e12dd5" - install_time: "1729688107" + install_id: "24b810d6-77b5-4ae6-a4a6-3904da66b12e" + install_time: "1730414660" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.77.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.77.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 16f78b0857551ecbe0b56ecfeff09fd304028ca6bc7d85c76cd570c1e358a1e1 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: fbb534b98eafc5fc2dbc9e84169e62e248727a4879c449739aa7c91c90cc62f9 + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -871,6 +871,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1144,6 +1145,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1200,9 +1202,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1214,8 +1214,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: @@ -1224,12 +1223,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1322,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0813165fbc88838d7f439a67c19f9763b02261cca6c1198511e016fb493693ef - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 80629bf323fabd52b5d2421f74985c03851c01f9161fd999abee0c0cc2a15aef + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.77.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1543,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 052652147b1153e4103954253b1024b9dd07c6f3ab5701c830f23fbf9522642f - checksum/clusteragent-configmap: 44f5f79f4dc291597183d81712b6beb73c2975ab3607e49f6e31c3290e5bef82 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: d1e9fed8e8d747e6aca51fb93fbd914282d682c80cc5fb5dbd50da4215a8111e + checksum/clusteragent-configmap: baee9dd4acce7aaccd96dd0f18dd8618df6f672849638e9dc3f82e13342dae8b + checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true @@ -1607,7 +1606,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index d846a87fe..519a74b63 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -8,6 +8,12 @@ import ( "testing" ) +var allowedHostPaths = []string{ + "/var/datadog/logs", + "/var/log/pods", + "/var/log/containers", +} + func Test_gdcConfigs(t *testing.T) { tests := []struct { name string @@ -58,23 +64,27 @@ func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { assert.NotNil(t, agentContainer) - hasHostPathVolume := false + var validHostPaths = true for _, volume := range ds.Spec.Template.Spec.Volumes { if volume.HostPath != nil { - hasHostPathVolume = true - break + for _, path := range allowedHostPaths { + if volume.HostPath.Path != path { + validHostPaths = false + break + } + } } } - assert.False(t, hasHostPathVolume, "Daemonset has restricted hostPath mounted") + assert.True(t, validHostPaths, "Daemonset has restricted hostPath mounted") - hasHostPort := false + validPorts := true for _, container := range ds.Spec.Template.Spec.Containers { for _, port := range container.Ports { if port.HostPort > 0 { - hasHostPort = true + validPorts = false break } } } - assert.False(t, hasHostPort, "Daemonset has restricted hostPort mounted.") + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") } From 0afeb1d6b563b637b725c3232f0967769cf4aebe Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 31 Oct 2024 19:15:42 -0400 Subject: [PATCH 08/14] fix dd_nodename --- charts/datadog/templates/_containers-common-env.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index d6f580fef..2c2e5ae1a 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -31,8 +31,15 @@ value: "0" {{- end }} {{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName - name: DD_HOSTNAME value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +- name: DD_LOGS_CONFIG_RUN_PATH # todo: gdc remove this? + value: {{ include "datadog.hostMountRoot" . }} {{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} @@ -132,10 +139,6 @@ {{- if eq .Values.targetSystem "windows" }} value: npipe://{{ (include "datadog.dockerOrCriSocketPath" .) | replace "\\" "/" }} {{- end }} -{{- if .Values.providers.gke.gdc }} -- name: DD_LOGS_CONFIG_RUN_PATH - value: {{ include "datadog.hostMountRoot" . }} -{{- end }} {{- end }} {{- end }} {{- end }} From b34a02d68fd436e147f5d500b4acc696356c0728 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 31 Oct 2024 19:31:16 -0400 Subject: [PATCH 09/14] fix test, bump version, update baselines --- charts/datadog/Chart.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- test/datadog/gdc_test.go | 20 ++--- 8 files changed, 72 insertions(+), 76 deletions(-) diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d304475d8..a35ac09d1 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.1 +version: 3.78.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index a3622d3dc..0a045ae23 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 2ce8b028cf95f2687b1cacdca90e200e44b269e92daadba85e1c02c09ce03129 - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/clusteragent_token: 958753e1fe79f9ea7c2481c4be047646de2bc7e26faac865bb87d3571092b9e4 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 5fc53211f..99edea661 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5fad34b0ce14762250b597db3379fd5fd781846665b68ce17e3e8ab64a79f9ac - checksum/clusteragent-configmap: 5b0b529782d92bbdfb9e82827a0390b221b451ba878ca88f3b8d3331e6bff0b2 - checksum/api_key: 5027443ab0bfa48f073c442ef27ef6cb33aa31a1a30ee4383749f536e3489aee + checksum/clusteragent_token: ffc1fc0eddc12182f0fdb37b5085e397ddf02b94d9dba1c1ce99876726b502c2 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 0c4a2a0a8..cf73b8cc1 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: da850f7bbf8b45e32555e6d1aaac0c92519b4b8708e6ea23fcd21058ad113f20 - checksum/clusteragent-configmap: 5b0b529782d92bbdfb9e82827a0390b221b451ba878ca88f3b8d3331e6bff0b2 - checksum/api_key: 5027443ab0bfa48f073c442ef27ef6cb33aa31a1a30ee4383749f536e3489aee + checksum/clusteragent_token: d4a70637a0362ed908c37225557e09840fb10ba104ffeaaaa97ee261d40e260c + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index d6d553b34..9dea1c1bf 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 0088af3c6c9e74de961aa3416d59d009341235f202abff37edf451351ce0949e - checksum/clusteragent-configmap: 5b0b529782d92bbdfb9e82827a0390b221b451ba878ca88f3b8d3331e6bff0b2 - checksum/api_key: 5027443ab0bfa48f073c442ef27ef6cb33aa31a1a30ee4383749f536e3489aee + checksum/clusteragent_token: 61eccb930e05f4e199694fb8e88bb96df1d50b60c07cb3a5624a2ca6511c3afa + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index c8ae74956..6674b13f6 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: c860e39c91a48d5a7554391e6a1987a4324d0d0adc01e9ef9604c9add4b7064d - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/clusteragent_token: 8d640e0cdf79dd1a3d1bcd788f1d886fe42ff2a84388d55efe9da8a61ce436e2 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index e4d9a06de..7562c445e 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.77.1" + chart: "datadog-3.78.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.77.1" + chart: "datadog-3.78.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "WlRwa3p6SkFIWmU5TkZhb0M0ZFczdDVvQ3NoTzlHdG4=" + token: "eTBKSzJZQmltRXFGbHplRTR6YmVhZG9Bd3RXc2loOTI=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.77.1 + installer_version: datadog-3.78.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "24b810d6-77b5-4ae6-a4a6-3904da66b12e" - install_time: "1730414660" + install_id: "29f1c2bd-eaa9-49cc-b83d-abd2debcbb58" + install_time: "1730416779" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.77.1" + chart: "datadog-3.78.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.77.1" + chart: "datadog-3.78.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: fbb534b98eafc5fc2dbc9e84169e62e248727a4879c449739aa7c91c90cc62f9 - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/clusteragent_token: ce725c1500e06204ecabc4d8920440fec246dc988ecd2a011c1bf96b513d6b19 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1321,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1351,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 80629bf323fabd52b5d2421f74985c03851c01f9161fd999abee0c0cc2a15aef - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/clusteragent_token: a135a79c414be084bc346e3ea1de06bae1f40767dbfd7156dc277840e0c41306 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1513,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.77.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1543,9 +1543,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d1e9fed8e8d747e6aca51fb93fbd914282d682c80cc5fb5dbd50da4215a8111e - checksum/clusteragent-configmap: baee9dd4acce7aaccd96dd0f18dd8618df6f672849638e9dc3f82e13342dae8b - checksum/install_info: dfd3ac8b35780ebef49adb181816db97dc19b20dec1af7f581176d260dbed2c8 + checksum/clusteragent_token: e66d8ebada164ec21d7da9e8c6a3eb66ef3d8ae3d15cd7f12aee87c126d6804c + checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index 519a74b63..127887baf 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -1,6 +1,7 @@ package datadog import ( + "fmt" "github.com/DataDog/helm-charts/test/common" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" @@ -8,10 +9,10 @@ import ( "testing" ) -var allowedHostPaths = []string{ - "/var/datadog/logs", - "/var/log/pods", - "/var/log/containers", +var allowedHostPaths = map[string]interface{}{ + "/var/datadog/logs": nil, + "/var/log/pods": nil, + "/var/log/containers": nil, } func Test_gdcConfigs(t *testing.T) { @@ -64,18 +65,13 @@ func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { assert.NotNil(t, agentContainer) - var validHostPaths = true + var validHostPath = true for _, volume := range ds.Spec.Template.Spec.Volumes { if volume.HostPath != nil { - for _, path := range allowedHostPaths { - if volume.HostPath.Path != path { - validHostPaths = false - break - } - } + _, validHostPath = allowedHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) } } - assert.True(t, validHostPaths, "Daemonset has restricted hostPath mounted") validPorts := true for _, container := range ds.Spec.Template.Spec.Containers { From 74c8c6be5a4ef254780eecfedb9e7f0a7b0a4445 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 31 Oct 2024 19:42:36 -0400 Subject: [PATCH 10/14] update readme, fix test --- charts/datadog/README.md | 3 ++- charts/datadog/ci/gke-gdc-values.yaml | 2 +- test/datadog/gdc_test.go | 10 ++++++---- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c7db99b0e..ae2885a18 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.1](https://img.shields.io/badge/Version-3.77.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -877,6 +877,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml index 1fa52c369..1c6fcc087 100644 --- a/charts/datadog/ci/gke-gdc-values.yaml +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -17,4 +17,4 @@ datadog: autoMultiLineDetection: true kubeStateMetricsCore: - enabled: true \ No newline at end of file + enabled: true diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index 127887baf..27fcab2ce 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -75,10 +75,12 @@ func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { validPorts := true for _, container := range ds.Spec.Template.Spec.Containers { - for _, port := range container.Ports { - if port.HostPort > 0 { - validPorts = false - break + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } } } } From 1bbab983ebb02cb7cf1a040d87428a16c129cb90 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 1 Nov 2024 18:00:04 -0400 Subject: [PATCH 11/14] cleanup/refactor --- .../_container-cri-volumemounts.yaml | 2 +- .../templates/_container-trace-agent.yaml | 2 +- .../templates/_containers-common-env.yaml | 4 +--- .../templates/_daemonset-volumes-linux.yaml | 16 +++++++-------- .../templates/_daemonset-volumes-windows.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 18 ++++++++++++----- .../templates/cluster-agent-deployment.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 4 ++-- .../cluster-agent-deployment_default.yaml | 4 ++-- ...loyment_default_advanced_AC_injection.yaml | 4 ++-- ...ployment_default_minimal_AC_injection.yaml | 4 ++-- test/datadog/baseline/daemonset_default.yaml | 6 +++--- test/datadog/baseline/other_default.yaml | 20 +++++++++---------- 13 files changed, 47 insertions(+), 41 deletions(-) diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index e28e25c72..af88ed5f3 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if and (.Values.datadog.containerRuntimeSupport.enabled) (not .Values.providers.gke.gdc) }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index 21b2e2ddc..66130e2f1 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -96,10 +96,10 @@ mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} - {{- if not .Values.providers.gke.gdc }} - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index 2c2e5ae1a..84428aeb1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -38,8 +38,6 @@ fieldPath: spec.nodeName - name: DD_HOSTNAME value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" -- name: DD_LOGS_CONFIG_RUN_PATH # todo: gdc remove this? - value: {{ include "datadog.hostMountRoot" . }} {{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} @@ -127,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 9a91a297b..de1e13924 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,13 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} {{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc @@ -59,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -184,7 +184,7 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} name: runtimesocketdir diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/charts/datadog/templates/_daemonset-volumes-windows.yaml +++ b/charts/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index dad12d925..d8f743ee0 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -199,15 +199,12 @@ Return the container runtime socket Return agent log directory path */}} {{- define "datadog.logDirectoryPath" -}} -{{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) -}} +{{- if eq .Values.targetSystem "linux" -}} /var/log/datadog {{- end -}} {{- if eq .Values.targetSystem "windows" -}} C:/ProgramData/Datadog/logs {{- end -}} -{{- if .Values.providers.gke.gdc -}} -/var/datadog/log -{{- end -}} {{- end -}} {{/* @@ -910,11 +907,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) (not .Values.providers.gke.gdc) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index e1e75544b..b82fbcc6a 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -209,7 +209,7 @@ spec: value: {{ .Values.clusterAgent.admissionController.mutateUnlabelled | quote }} - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE {{- if .Values.clusterAgent.admissionController.configMode }} value: {{ .Values.clusterAgent.admissionController.configMode }} {{- else if eq (include "trace-agent-use-uds" .) "true" }} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 0a045ae23..00fc52a85 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 958753e1fe79f9ea7c2481c4be047646de2bc7e26faac865bb87d3571092b9e4 + checksum/clusteragent_token: 7efa976c3ddd33fc2ff377977f40ac10df5f1d1d33765124d029f4190c34ce5c checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks @@ -73,7 +73,7 @@ spec: image: "gcr.io/datadoghq/agent:7.58.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 99edea661..60b5ff4f3 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: ffc1fc0eddc12182f0fdb37b5085e397ddf02b94d9dba1c1ce99876726b502c2 + checksum/clusteragent_token: a927dc2589059ac22a8567b9a9f13be5b564e116bad931f59fdb5cc7cf187b76 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -101,7 +101,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index cf73b8cc1..2b3280d55 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d4a70637a0362ed908c37225557e09840fb10ba104ffeaaaa97ee261d40e260c + checksum/clusteragent_token: d390c9a42ef29dbf3debb9e8d7d2db5cf849f3b3aaba4059f841b11e722f50b4 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -101,7 +101,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 9dea1c1bf..687874ee3 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 61eccb930e05f4e199694fb8e88bb96df1d50b60c07cb3a5624a2ca6511c3afa + checksum/clusteragent_token: 7c9b6064a5a3375d3a93d47d778bb84c5b82fbfcf2348419ec98f8edb0af0960 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -101,7 +101,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 6674b13f6..87d57f8bc 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 8d640e0cdf79dd1a3d1bcd788f1d886fe42ff2a84388d55efe9da8a61ce436e2 + checksum/clusteragent_token: 4a8a74c801aa18f91ab9ce4b074e6ad48234d98fd5513697eff57595f9ad030a checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -482,6 +482,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -499,8 +501,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 7562c445e..c96ddd7f5 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "eTBKSzJZQmltRXFGbHplRTR6YmVhZG9Bd3RXc2loOTI=" + token: "TnlnSHRsTXpxUkFtN0tEVGtSZEVvanh2bWFmNG5ydEs=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -191,8 +191,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "29f1c2bd-eaa9-49cc-b83d-abd2debcbb58" - install_time: "1730416779" + install_id: "01fc96f2-1345-4d2c-a7f3-052fbe71e3dc" + install_time: "1730498377" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -824,7 +824,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: ce725c1500e06204ecabc4d8920440fec246dc988ecd2a011c1bf96b513d6b19 + checksum/clusteragent_token: 7452f44c9c0c4dd0218a1ebe0f124f83cb7df2985ba704ba507910212ec6dbf8 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1277,6 +1277,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -1294,8 +1296,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd @@ -1351,7 +1351,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: a135a79c414be084bc346e3ea1de06bae1f40767dbfd7156dc277840e0c41306 + checksum/clusteragent_token: 453c30f5e539cb034a3d38f5d735a6ca5df8594bf52010d8cff233efc89fb544 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks @@ -1388,7 +1388,7 @@ spec: image: "gcr.io/datadoghq/agent:7.58.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: @@ -1543,7 +1543,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: e66d8ebada164ec21d7da9e8c6a3eb66ef3d8ae3d15cd7f12aee87c126d6804c + checksum/clusteragent_token: afefc7bc0324ab935909d2d605cba76470834c32c9c77e1a21ffd53ff6be67b7 checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: @@ -1606,7 +1606,7 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE value: socket - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME value: datadog From c58dbaabf64b42e2a9cbb650de21266dd9afb1da Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 11 Nov 2024 16:17:51 -0500 Subject: [PATCH 12/14] apply review suggestions --- charts/datadog/templates/_helpers.tpl | 15 +- template.yaml | 521 ++++++++++++++++++ .../baseline/Operator_Deployment_default.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 2 +- .../cluster-agent-deployment_default.yaml | 2 +- ...loyment_default_advanced_AC_injection.yaml | 2 +- ...ployment_default_minimal_AC_injection.yaml | 2 +- test/datadog/baseline/daemonset_default.yaml | 2 +- .../baseline/gdc_daemonset_default.yaml | 280 ++++++++++ .../gdc_daemonset_logs_collection.yaml | 301 ++++++++++ test/datadog/baseline/other_default.yaml | 12 +- test/datadog/baseline_test.go | 36 ++ test/datadog/gdc_test.go | 14 +- 13 files changed, 1168 insertions(+), 23 deletions(-) create mode 100644 template.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_default.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_logs_collection.yaml diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index d8f743ee0..5622b42e6 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -961,7 +961,10 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} - {{- if and (or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true")) (not .Values.providers.gke.gdc) -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} + {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} false @@ -983,14 +986,15 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} true - {{- else if .Values.providers.gke.gdc }} - false {{- else -}} false {{- end -}} @@ -1000,14 +1004,15 @@ Create RBACs for custom resources Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} true {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} false - {{- else if .Values.providers.gke.gdc }} - false {{- else -}} {{- include "process-checks-enabled" . -}} {{- end -}} diff --git a/template.yaml b/template.yaml new file mode 100644 index 000000000..e7ef90ae2 --- /dev/null +++ b/template.yaml @@ -0,0 +1,521 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: system + labels: + helm.sh/chart: 'datadog-3.78.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + + name: datadog + annotations: + checksum/clusteragent_token: 3a5278796ed08063bd1da0e97f08cc16bb3bd3a0ee73fc51a3b23d940a853976 + checksum/api_key: fd213c757088a1f4752772505883aa679ff511a8c8abb187d2ae952ba3171238 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + hostPID: true + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: + {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + - name: process-agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] + resources: + {} + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "false" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_SYSTEM_PROBE_ENABLED + value: "false" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 48ea073c0..1c051983d 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.1.0 + helm.sh/chart: datadog-operator-2.2.0 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.9.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 00fc52a85..6f548e14f 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 7efa976c3ddd33fc2ff377977f40ac10df5f1d1d33765124d029f4190c34ce5c + checksum/clusteragent_token: 97908fd5bd80584873b67b13d029a272c9a17027e735330b662f04c3d7d5050c checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 60b5ff4f3..c16bb7e9c 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: a927dc2589059ac22a8567b9a9f13be5b564e116bad931f59fdb5cc7cf187b76 + checksum/clusteragent_token: b918cf7367a1e2fc52a8e0afbedc1b0c02df29a97fbfe3953d08681636531394 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 2b3280d55..ac6931c3b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d390c9a42ef29dbf3debb9e8d7d2db5cf849f3b3aaba4059f841b11e722f50b4 + checksum/clusteragent_token: 924363303ed1027567be4435eeb245e61844b44f728badeb3073ec752e2fc356 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 687874ee3..62ba4d846 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7c9b6064a5a3375d3a93d47d778bb84c5b82fbfcf2348419ec98f8edb0af0960 + checksum/clusteragent_token: 275e23303298a3d620063622071ec143ffcbe274a4b53416b428b5be9f271f6b checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 87d57f8bc..ce2169902 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 4a8a74c801aa18f91ab9ce4b074e6ad48234d98fd5513697eff57595f9ad030a + checksum/clusteragent_token: 01905d4e5606c62bbe2b5498c03cd61736ad85d2732cfb33d0ea31c9a5b2743d checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..aa8c9621b --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.78.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 02a7729d7892d74b95d5f3f8c5c143bae23b194a9209c06918057e7af3fea320 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..718556612 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.78.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 498fec9691fd0b37cfa390d929d0008ec155d53a534dff25c955c23461603f03 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.58.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index c96ddd7f5..486e05479 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "TnlnSHRsTXpxUkFtN0tEVGtSZEVvanh2bWFmNG5ydEs=" + token: "WmoxVDdWb2xUSnZON3J5ejFLenptdkMwWFE4VEliY1Y=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -191,8 +191,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "01fc96f2-1345-4d2c-a7f3-052fbe71e3dc" - install_time: "1730498377" + install_id: "c54ea8fe-f73a-4eb0-9481-615351ad524e" + install_time: "1731358148" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -824,7 +824,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 7452f44c9c0c4dd0218a1ebe0f124f83cb7df2985ba704ba507910212ec6dbf8 + checksum/clusteragent_token: bdefcc7d8d859027136cc90e767b8e8d78fac016f81d05204c04c2733ef14104 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1351,7 +1351,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 453c30f5e539cb034a3d38f5d735a6ca5df8594bf52010d8cff233efc89fb544 + checksum/clusteragent_token: 0b5dbb555b4a8ba9d8391e26b519aa3e5b7efc07543c2fa96f1ab430638880a6 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks @@ -1543,7 +1543,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: afefc7bc0324ab935909d2d605cba76470834c32c9c77e1a21ffd53ff6be67b7 + checksum/clusteragent_token: f307ff702ac0458e3348fb60bcc9d098be8dec40df4411d106bf6d1882af55bc checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 8118d5128..baf66fe53 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -113,6 +113,42 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/other_default.yaml", assertions: verifyUntypedResources, }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, } for _, tt := range tests { diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index 27fcab2ce..b8b2ecf98 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -29,12 +29,14 @@ func Test_gdcConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.clusterName": "test-gdce", - "datadog.logs.enabled": "true", - "agents.image.doNotCheckTag": "true", - "providers.gke.gdc": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", }, }, assertions: verifyDaemonsetGDCMinimal, From 784a358d23b79456937d0d7317abd1a64327a6a7 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 11 Nov 2024 16:24:17 -0500 Subject: [PATCH 13/14] bump chart version and update baselines/docs --- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 25 ++--- .../baseline/gdc_daemonset_default.yaml | 12 +- .../gdc_daemonset_logs_collection.yaml | 12 +- test/datadog/baseline/other_default.yaml | 103 +++++++++--------- 10 files changed, 95 insertions(+), 97 deletions(-) diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a35ac09d1..5f4f70b25 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.78.0 +version: 3.79.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index e8ab1394c..3ad8260ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.79.0](https://img.shields.io/badge/Version-3.79.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index d920f7a94..f0d675e83 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 469c53bc0541e25237e65b1972c755bf51ba2a3faff0db4200a5e616c1a85ae6 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 6319408cb..20f97b46b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 050ab49a451e1238668b8df86b20941fe655e87b3a55aa57497dea39ac9163c5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 772799b96..567fca801 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 6723707eea64584b2ca85a11cd177a99c2fe52117542bffbdf61a38592a0b2a5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 5edd494e5..6421f7579 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7d36a45b80acd6890bafa74cae91697ea7b85a2561cc27f38148d00607a734b4 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index fcc8a00b5..15abb4696 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 36783249a1a56e6ad7e24b5b38037b6fa09535bcbf5d09bfa9ae9d87be97990e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -77,6 +77,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -349,6 +350,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -405,9 +407,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -419,8 +419,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -429,12 +428,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -483,6 +482,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -500,8 +501,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index aa8c9621b..829e5c79f 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 02a7729d7892d74b95d5f3f8c5c143bae23b194a9209c06918057e7af3fea320 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -188,7 +188,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -200,7 +200,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 718556612..46d33c986 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 498fec9691fd0b37cfa390d929d0008ec155d53a534dff25c955c23461603f03 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -200,7 +200,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -212,7 +212,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 151d23cce..b203ba643 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "b0pkcDdBWU9DZENhcDU1T2ZEbnRXMkxjbW9LT3phdEE=" + token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.78.0 + installer_version: datadog-3.79.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "417924d1-f1c7-4c44-b681-a4b82f54d07d" - install_time: "1731094912" + install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" + install_time: "1731360232" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: dbcee8ba14e360a887c9426f7a91014cf4c59f37e317f7084bb28729aedcfb38 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -871,6 +871,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1144,6 +1145,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1200,9 +1202,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1214,8 +1214,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -1224,12 +1223,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1278,6 +1277,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -1295,8 +1296,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd @@ -1322,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: cc7c556be49df89c9540b1769bcc9af7f787d18b2770ccf885920cd3c3867fd2 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1543,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 982bf49be535679f1005e6648f369a19b8525b1f802f5874952fcf32b5b56bfe - checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 + checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 7502ec4bb4d75f1239d4729dcfed1157cb3aa87f Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 11 Nov 2024 16:47:28 -0500 Subject: [PATCH 14/14] remove redundant template --- template.yaml | 521 -------------------------------------------------- 1 file changed, 521 deletions(-) delete mode 100644 template.yaml diff --git a/template.yaml b/template.yaml deleted file mode 100644 index e7ef90ae2..000000000 --- a/template.yaml +++ /dev/null @@ -1,521 +0,0 @@ ---- -# Source: datadog/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: datadog - namespace: system - labels: - helm.sh/chart: 'datadog-3.78.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" - app: datadog - - name: datadog - annotations: - checksum/clusteragent_token: 3a5278796ed08063bd1da0e97f08cc16bb3bd3a0ee73fc51a3b23d940a853976 - checksum/api_key: fd213c757088a1f4752772505883aa679ff511a8c8abb187d2ae952ba3171238 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - spec: - - securityContext: - runAsUser: 0 - hostPID: true - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_APM_ENABLED - value: "true" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.58.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: - {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 - - name: process-agent - image: "gcr.io/datadoghq/agent:7.58.0" - imagePullPolicy: IfNotPresent - command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] - resources: - {} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_SYSTEM_PROBE_ENABLED - value: "false" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - resources: - {} - volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /var/run - name: runtimesocketdir - tolerations: - affinity: - {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate