From cc88a2efee9c4dddf89bb2a477e61f8534c3e4ae Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 23 Oct 2024 11:41:04 -0400 Subject: [PATCH 01/10] add updateMap flag --- tools/yaml-mapper/go.mod | 5 +- tools/yaml-mapper/go.sum | 22 +- tools/yaml-mapper/main.go | 152 +++- ...ping_datadog_helm_to_datadogagent_crd.yaml | 787 ++++++++---------- 4 files changed, 504 insertions(+), 462 deletions(-) diff --git a/tools/yaml-mapper/go.mod b/tools/yaml-mapper/go.mod index dcc61a576..4f00c51d2 100644 --- a/tools/yaml-mapper/go.mod +++ b/tools/yaml-mapper/go.mod @@ -2,6 +2,8 @@ module github.com/DataDog/helm-charts go 1.22.7 +require helm.sh/helm/v3 v3.16.2 + require ( github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/cyphar/filepath-securejoin v0.3.1 // indirect @@ -24,7 +26,6 @@ require ( golang.org/x/text v0.18.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - helm.sh/helm/v3 v3.16.2 // indirect k8s.io/api v0.31.1 // indirect k8s.io/apiextensions-apiserver v0.31.1 // indirect k8s.io/apimachinery v0.31.1 // indirect @@ -34,4 +35,4 @@ require ( sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect -) \ No newline at end of file +) diff --git a/tools/yaml-mapper/go.sum b/tools/yaml-mapper/go.sum index 3c6864d0b..1937e917a 100644 --- a/tools/yaml-mapper/go.sum +++ b/tools/yaml-mapper/go.sum @@ -4,6 +4,8 @@ github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciW github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= @@ -11,6 +13,8 @@ github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ4 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -18,6 +22,10 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= @@ -30,8 +38,16 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -75,11 +91,15 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= @@ -99,4 +119,4 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h6 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= \ No newline at end of file +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/tools/yaml-mapper/main.go b/tools/yaml-mapper/main.go index 9747879c0..8e7eb93bf 100644 --- a/tools/yaml-mapper/main.go +++ b/tools/yaml-mapper/main.go @@ -8,6 +8,8 @@ package main import ( "flag" "fmt" + "io" + "net/http" "os" "reflect" "strings" @@ -27,6 +29,7 @@ func main() { fmt.Println(" -sourceFile (string)") fmt.Println(" -destFile (string)") fmt.Println(" -prefixFile (string)") + fmt.Println(" -updateMap (bool)") return } } @@ -37,10 +40,12 @@ func main() { var sourceFile string var destFile string var prefixFile string + var updateMap bool flag.StringVar(&mappingFile, "mappingFile", "mapping.yaml", "path to mapping YAML file") flag.StringVar(&sourceFile, "sourceFile", "source.yaml", "path to source YAML file") flag.StringVar(&destFile, "destFile", "destination.yaml", "path to destination YAML file") flag.StringVar(&prefixFile, "prefixFile", "", "path to prefix YAML file. The content in this file will be prepended to the output") + flag.BoolVar(&updateMap, "updateMap", false, "Update default Mapping file with latest Datadog Helm Chart values") flag.Parse() @@ -48,10 +53,17 @@ func main() { fmt.Println("sourceFile:", sourceFile) fmt.Println("destFile:", destFile) fmt.Println("prefixFile:", prefixFile) + fmt.Println("updateMap:", updateMap) fmt.Println("printOutput:", *printPtr) fmt.Println("") // Read mapping file + tmpSourceFile := "" + if updateMap { + mappingFile = "mapping_datadog_helm_to_datadogagent_crd.yaml" + tmpSourceFile = getLatestValuesFile() + sourceFile = tmpSourceFile + } mapping, err := os.ReadFile(mappingFile) if err != nil { fmt.Println(err) @@ -65,6 +77,9 @@ func main() { // Read source yaml file source, err := os.ReadFile(sourceFile) + if tmpSourceFile != "" { + defer os.Remove(tmpSourceFile) + } if err != nil { fmt.Println(err) return @@ -81,7 +96,16 @@ func main() { var destKey interface{} var ok bool interim := make(map[string]interface{}) - for sourceKey := range mappingValues { + interimMap := make(map[string]interface{}) + + for sourceKey, sourceVal := range mappingValues { + if updateMap { + if sourceVal == nil { + interimMap[sourceKey] = "" + } else { + interimMap[sourceKey] = sourceVal + } + } pathVal, _ = sourceValues.PathValue(sourceKey) // If there is no corresponding key in the destination, then the pathVal will be nil if pathVal == nil { @@ -91,8 +115,13 @@ func main() { destKey, ok = mappingValues[sourceKey] rt := reflect.TypeOf(destKey) if !ok || destKey == "" || destKey == nil { - fmt.Printf("Warning: key not found: %s\n", sourceKey) + // If updating mapping, add unknown key to interimMap + if updateMap { + interimMap[sourceKey] = "" + continue + } // Continue through loop + fmt.Printf("Warning: key not found: %s\n", sourceKey) } else if rt.Kind() == reflect.Slice { // Provide support for the case where one source key may map to multiple destination keys for _, v := range destKey.([]interface{}) { @@ -104,44 +133,58 @@ func main() { } // Create final mapping with properly nested map keys (converted from period-delimited keys) - result := make(map[string]interface{}) - for k, v := range interim { - result = makeTable(k, v, result) - } - - // Pretty print to YAML format - out, err := chartutil.Values(result).YAML() - if err != nil { - fmt.Println(err) - return - } + if !updateMap { + result := make(map[string]interface{}) + for k, v := range interim { + result = makeTable(k, v, result) + } - // Read prefix yaml file - var prefix []byte - if prefixFile != "" { - prefix, err = os.ReadFile(prefixFile) + // Pretty print to YAML format + out, err := chartutil.Values(result).YAML() if err != nil { fmt.Println(err) return } - } - if len(prefix) > 0 { - out = string(prefix) + out - } + // Read prefix yaml file + var prefix []byte + if prefixFile != "" { + prefix, err = os.ReadFile(prefixFile) + if err != nil { + fmt.Println(err) + return + } + } - if *printPtr { - fmt.Println("") - fmt.Println(out) - } + if len(prefix) > 0 { + out = string(prefix) + out + } - err = os.WriteFile(destFile, []byte(out), 0660) - if err != nil { - fmt.Println(err) - } + if *printPtr { + fmt.Println("") + fmt.Println(out) + } + + err = os.WriteFile(destFile, []byte(out), 0660) + if err != nil { + fmt.Println(err) + } - fmt.Println("YAML file successfully written to", destFile) + fmt.Println("YAML file successfully written to", destFile) + } else { + newMapYaml, e := chartutil.Values(interimMap).YAML() + if e != nil { + fmt.Println(e) + return + } + e = os.WriteFile(mappingFile, []byte(newMapYaml), 0660) + if e != nil { + fmt.Printf("Error updating default mapping yaml. %v", e) + return + } + fmt.Printf("Default mapping file, %s, successfully updated", mappingFile) + } return } @@ -182,3 +225,52 @@ func mergeMaps(map1, map2 map[string]interface{}) map[string]interface{} { } func parsePath(key string) []string { return strings.Split(key, ".") } + +func getLatestValuesFile() string { + chartVersion := getChartVersion() + chartValuesFile := downloadYaml(fmt.Sprintf("https://raw.githubusercontent.com/DataDog/helm-charts/refs/tags/datadog-%s/charts/datadog/values.yaml", chartVersion), "datadog-values") + + return chartValuesFile +} + +func getChartVersion() string { + chartYamlPath := downloadYaml("https://raw.githubusercontent.com/DataDog/helm-charts/main/charts/datadog/Chart.yaml", "datadog-Chart") + + ddChart, err := chartutil.LoadChartfile(chartYamlPath) + defer os.Remove(chartYamlPath) + if err != nil { + fmt.Println(fmt.Printf("Error loading Chart.yaml: %s", err)) + } + return ddChart.Version +} + +func downloadYaml(url string, name string) string { + resp, err := http.Get(url) + if err != nil { + fmt.Printf("Error fetching yaml file: %v\n", err) + return "" + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + fmt.Printf("Failed to fetch yaml file %s: %v\n", url, resp.Status) + return "" + } + + tmpFile, err := os.CreateTemp("", fmt.Sprintf("%s.yaml*.", name)) + if err != nil { + fmt.Printf("Error creating temporary file: %v\n", err) + return "" + } + defer tmpFile.Close() + + _, err = io.Copy(tmpFile, resp.Body) + if err != nil { + fmt.Printf("Error saving file: %v\n", err) + return "" + } + + fmt.Printf("File downloaded and saved to temporary file: %s\n", tmpFile.Name()) + + return tmpFile.Name() +} diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index bde9e0097..c43a18259 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -1,455 +1,384 @@ -# This file maps keys from the Datadog Helm chart (YAML) to the DatadogAgent CustomResource spec (YAML). - -nameOverride: -fullnameOverride: -targetSystem: -commonLabels: -registry: spec.global.registry - -datadog.apiKey: spec.global.credentials.apiKey -datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret -datadog.appKey: spec.global.credentials.appKey -datadog.appKeyExistingSecret: spec.global.credentials.appSecret - -datadog.secretAnnotations: -datadog.secretBackend.command: -datadog.secretBackend.arguments: -datadog.secretBackend.timeout: -datadog.secretBackend.enableGlobalPermissions: -datadog.secretBackend.roles: - -datadog.securityContext: spec.global.securityContext -datadog.securityContext.runAsUser: - -datadog.hostVolumeMountPropagation: - -datadog.clusterName: spec.global.clusterName - -datadog.site: spec.global.site -datadog.dd_url: spec.endpoint.url -datadog.logLevel: spec.global.logLevel - -datadog.kubeStateMetricsEnabled: - -datadog.kubeStateMetricsNetworkPolicy.create: - -datadog.kubeStateMetricsCore.enabled: spec.features.kubeStateMetricsCore.enabled -datadog.kubeStateMetricsCore.rbac.create: -datadog.kubeStateMetricsCore.ignoreLegacyKSMCheck: -datadog.kubeStateMetricsCore.collectSecretMetrics: -datadog.kubeStateMetricsCore.collectConfigMaps: -datadog.kubeStateMetricsCore.collectVpaMetrics: -datadog.kubeStateMetricsCore.collectCrdMetrics: -datadog.kubeStateMetricsCore.collectApiServicesMetrics: -datadog.kubeStateMetricsCore.useClusterCheckRunners: -datadog.kubeStateMetricsCore.labelsAsTags: -datadog.kubeStateMetricsCore.annotationsAsTags: - -datadog.clusterChecks.enabled: spec.features.clusterChecks.enabled -datadog.clusterChecks.shareProcessNamespace: - -datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags -datadog.podLabelsAsTags: spec.global.podLabelsAsTags -datadog.podAnnotationsAsTags: spec.global.podAnnotationsAsTags -datadog.namespaceLabelsAsTags: spec.global.namespaceLabelsAsTags -datadog.namespaceAnnotationsAsTags: spec.global.namespaceAnnotationsAsTags -datadog.kubernetesResourcesLabelsAsTags: spec.global.kubernetesResourcesLabelsAsTags -datadog.kubernetesResourcesAnnotationsAsTags: spec.global.kubernetesResourcesAnnotationsAsTags -datadog.originDetectionUnified.enabled: spec.global.global.originDetectionUnified.enabled -datadog.tags: spec.global.tags -datadog.checksCardinality: - -datadog.kubelet.host: spec.global.kubelet.host -datadog.kubelet.tlsVerify: spec.global.kubelet.tlsVerify -datadog.kubelet.hostCAPath: spec.global.kubelet.hostCAPath -datadog.kubelet.agentCAPath: spec.global.kubelet.agentCAPath -datadog.kubelet.podLogsPath: -datadog.kubelet.coreCheckEnabled: - -datadog.expvarPort: - -datadog.dogstatsd.port: -datadog.dogstatsd.originDetection: spec.features.dogstatsd.originDetectionEnabled -datadog.dogstatsd.tags: -datadog.dogstatsd.tagCardinality: spec.features.dogstatsd.tagCardinality -datadog.dogstatsd.useSocketVolume: spec.features.dogstatsd.unixDomainSocketConfig.enabled -datadog.dogstatsd.socketPath: spec.features.dogstatsd.unixDomainSocketConfig.path -datadog.dogstatsd.hostSocketPath: -datadog.dogstatsd.useHostPort: spec.features.dogstatsd.hostPortConfig.enabled -# datadog.dogstatsd.useHostPID: # deprecated -datadog.dogstatsd.nonLocalTraffic: - -datadog.useHostPID: spec.override.nodeAgent.hostPID -datadog.collectEvents: spec.features.eventCollection.collectKubernetesEvents - -datadog.kubernetesEvents.filteringEnabled: -datadog.kubernetesEvents.unbundleEvents: -datadog.kubernetesEvents.collectedEventTypes: - -datadog.clusterTagger.collectKubernetesTags: - -datadog.leaderElection: -datadog.leaderLeaseDuration: -datadog.leaderElectionResource: - -datadog.remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled - -datadog.logs.enabled: spec.features.logCollection.enabled -datadog.logs.containerCollectAll: spec.features.logCollection.containerCollectAll -datadog.logs.containerCollectUsingFiles: spec.features.logCollection.containerCollectUsingFiles -datadog.logs.autoMultiLineDetection: - -datadog.apm.socketEnabled: spec.features.apm.enabled -datadog.apm.portEnabled: spec.features.apm.hostPortConfig.enabled -# datadog.apm.enabled: false # deprecated -datadog.apm.port: spec.features.apm.hostPortConfig.hostPort -# datadog.apm.useSocketVolume: false # deprecated -datadog.apm.socketPath: -datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path - -datadog.otlp.receiver.protocols.grpc.enabled: spec.features.otlp.receiver.protocols.grpc.enabled -datadog.otlp.receiver.protocols.grpc.endpoint: spec.features.otlp.receiver.protocols.grpc.endpoint -datadog.otlp.receiver.protocols.grpc.useHostPort: -datadog.otlp.receiver.protocols.http.enabled: spec.features.otlp.receiver.protocols.http.enabled -datadog.otlp.receiver.protocols.http.endpoint: spec.features.otlp.receiver.protocols.http.endpoint -datadog.otlp.receiver.protocols.http.useHostPort: - -# apply to the node agent -datadog.envFrom: -datadog.env: spec.override.nodeAgent.env -datadog.envDict: -datadog.confd: spec.override.nodeAgent.extraConfd -datadog.checksd: spec.override.nodeAgent.extraChecksd -datadog.dockerSocketPath: spec.global.dockerSocketPath -datadog.criSocketPath: spec.global.criSocketPath - -datadog.containerRuntimeSupport.enabled: - -datadog.processAgent.enabled: -datadog.processAgent.processCollection: -datadog.processAgent.stripProcessArguments: spec.features.liveProcessCollection.stripProcessArguments -datadog.processAgent.processDiscovery: spec.features.processDiscovery.enabled - -datadog.osReleasePath: - -datadog.systemProbe.debugPort: -datadog.systemProbe.enableConntrack: spec.features.npm.enableConntrack -datadog.systemProbe.seccomp: spec.override.nodeAgent.containers.system-probe.seccompConfig.customProfile -datadog.systemProbe.seccompRoot: spec.override.nodeAgent.containers.system-probe.seccompConfig.customRootPath -datadog.systemProbe.bpfDebug: -datadog.systemProbe.apparmor: spec.override.nodeAgent.containers.system-probe.appArmorProfileName -datadog.systemProbe.enableTCPQueueLength: spec.features.tcpQueueLength.enabled -datadog.systemProbe.enableOOMKill: spec.features.oomKill.enabled -datadog.systemProbe.mountPackageManagementDirs: -datadog.systemProbe.runtimeCompilationAssetDir: -datadog.systemProbe.btfPath: -datadog.systemProbe.collectDNSStats: spec.features.npm.collectDNSStats -datadog.systemProbe.maxTrackedConnections: -datadog.systemProbe.conntrackMaxStateSize: -datadog.systemProbe.conntrackInitTimeout: -datadog.systemProbe.enableDefaultOsReleasePaths: -datadog.systemProbe.enableDefaultKernelHeadersPaths: - -# Should be added in the Operator in the near term -datadog.containerImageCollection.enabled: - -datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled -datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers -datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources - -# Should be added in the Operator in the near term -datadog.helmCheck.enabled: -datadog.helmCheck.collectEvents: -datadog.helmCheck.valuesAsTags: - -datadog.networkMonitoring.enabled: spec.features.npm.enabled - -datadog.serviceMonitoring.enabled: spec.features.usm.enabled - -datadog.sbom.containerImage.enabled: spec.features.sbom.containerImage.enabled -datadog.sbom.host.enabled: spec.features.sbom.host.enabled - -datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled -datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap -datadog.securityAgent.compliance.checkInterval: spec.features.cspm.customBenchmarks.checkInterval -# datadog.securityAgent.compliance.xccdf.enabled: false # deprecated -datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks - -datadog.securityAgent.runtime.enabled: spec.features.cws.enabled -datadog.securityAgent.runtime.fimEnabled: -datadog.securityAgent.runtime.policies.configMap: spec.features.cws.customPolicies.configMap -datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled -datadog.securityAgent.runtime.network.enabled: spec.features.cws.network.enabled -datadog.securityAgent.runtime.activityDump.enabled: -datadog.securityAgent.runtime.activityDump.tracedCgroupsCount: -datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout: -datadog.securityAgent.runtime.activityDump.cgroupWaitListSize: -datadog.securityAgent.runtime.activityDump.pathMerge.enabled: -datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled - -datadog.networkPolicy.create: spec.global.networkPolicy.create -datadog.networkPolicy.flavor: spec.global.networkPolicy.flavor -datadog.networkPolicy.cilium.dnsSelector: spec.global.networkPolicy.dnsSelectorEndpoints - -datadog.prometheusScrape.enabled: spec.features.prometheusScrape.enabled -datadog.prometheusScrape.serviceEndpoints: spec.features.prometheusScrape.enableServiceEndpoints -datadog.prometheusScrape.additionalConfigs: spec.features.prometheusScrape.additionalConfigs -datadog.prometheusScrape.version: spec.features.prometheusScrape.version - -datadog.ignoreAutoConfig: -datadog.containerExclude: -datadog.containerInclude: -datadog.containerExcludeLogs: -datadog.containerIncludeLogs: -datadog.containerExcludeMetrics: -datadog.containerIncludeMetrics: -datadog.excludePauseContainer: -datadog.containerLifecycle.enabled: - -clusterAgent.enabled: -clusterAgent.shareProcessNamespace: -clusterAgent.image.name: spec.override.clusterAgent.image.name -clusterAgent.image.tag: spec.override.clusterAgent.tag -clusterAgent.image.digest: -clusterAgent.image.repository: -clusterAgent.image.pullPolicy: spec.override.clusterAgent.pullPolicy -clusterAgent.image.pullSecrets: spec.override.clusterAgent.pullSecrets -clusterAgent.image.doNotCheckTag: - -clusterAgent.securityContext: -clusterAgent.containers.clusterAgent.securityContext: -clusterAgent.containers.initContainer.securityContext: spec.override.clusterAgent.containers.init-config.securityContext -clusterAgent.command: spec.override.clusterAgent.containers.cluster-agent.command -clusterAgent.token: spec.global.clusterAgentToken -clusterAgent.tokenExistingSecret: spec.global.clusterAgentTokenSecret -clusterAgent.replicas: spec.override.clusterAgent.replicas -clusterAgent.revisionHistoryLimit: - -clusterAgent.rbac.create: spec.override.clusterAgent.createRbac -clusterAgent.rbac.flareAdditionalPermissions: -clusterAgent.rbac.serviceAccountName: spec.override.clusterAgent.serviceAccountName -clusterAgent.rbac.serviceAccountAnnotations: -clusterAgent.rbac.automountServiceAccountToken: -clusterAgent.podSecurity.podSecurityPolicy.create: -clusterAgent.podSecurity.securityContextConstraints.create: - -clusterAgent.metricsProvider.enabled: spec.features.externalMetricsServer.enabled -clusterAgent.metricsProvider.registerAPIService: spec.features.externalMetricsServer.registerAPIService -clusterAgent.metricsProvider.wpaController: spec.features.externalMetricsServer.wpaController -clusterAgent.metricsProvider.useDatadogMetrics: spec.features.externalMetricsServer.useDatadogMetrics -clusterAgent.metricsProvider.createReaderRbac: -clusterAgent.metricsProvider.aggregator: -clusterAgent.metricsProvider.service.type: -clusterAgent.metricsProvider.service.port: spec.features.externalMetricsServer.port -clusterAgent.metricsProvider.endpoint: spec.features.externalMetricsServer.endpoint - -clusterAgent.env: spec.override.clusterAgent.env -clusterAgent.envFrom: -clusterAgent.envDict: - -clusterAgent.admissionController.enabled: spec.features.admissionController.enabled -clusterAgent.admissionController.webhookName: spec.features.admissionController.webhookName -clusterAgent.admissionController.mutateUnlabelled: spec.features.admissionController.mutateUnlabelled -clusterAgent.admissionController.configMode: spec.features.admissionController.agentCommunicationMode -clusterAgent.admissionController.failurePolicy: spec.features.admissionController.failurePolicy -clusterAgent.admissionController.remoteInstrumentation.enabled: -clusterAgent.admissionController.port: - -clusterAgent.confd: spec.override.clusterAgent.extraConfd -clusterAgent.advancedConfd: -clusterAgent.resources: spec.override.clusterAgent.containers.cluster-agent.resources -clusterAgent.priorityClassName: spec.override.clusterAgent.priorityClassName -clusterAgent.nodeSelector: spec.override.clusterAgent.nodeSelector -clusterAgent.tolerations: spec.override.clusterAgent.tolerations -clusterAgent.affinity: spec.override.clusterAgent.affinity -clusterAgent.topologySpreadConstraints: -clusterAgent.healthPort: spec.override.clusterAgent.containers.cluster-agent.healthPort -clusterAgent.livenessProbe: spec.override.clusterAgent.containers.cluster-agent.livenessProbe -clusterAgent.readinessProbe: spec.override.clusterAgent.containers.cluster-agent.readinessProbe -clusterAgent.strategy: -clusterAgent.deploymentAnnotations: -clusterAgent.podAnnotations: spec.override.clusterAgent.annotations -clusterAgent.useHostNetwork: -clusterAgent.dnsConfig: -clusterAgent.volumes: spec.override.clusterAgent.volumes -clusterAgent.volumeMounts: spec.override.clusterAgent.containers.cluster-agent.volumeMounts -clusterAgent.datadog_cluster_yaml: spec.override.clusterAgent.customConfigurations.datadog-cluster.yaml.configData -clusterAgent.createPodDisruptionBudget: -# clusterAgent.networkPolicy.create: false # deprecated -clusterAgent.additionalLabels: spec.override.clusterAgent.labels - -existingClusterAgent.join: -existingClusterAgent.tokenSecretName: -existingClusterAgent.serviceName: -existingClusterAgent.clusterchecksEnabled: - -fips.enabled: -fips.port: -fips.portRange: -fips.use_https: -fips.resources: -fips.local_address: -fips.image.name: -fips.image.tag: -fips.image.pullPolicy: -fips.image.digest: -fips.image.repository: -fips.customFipsConfig: - -agents.enabled: -agents.shareProcessNamespace: -agents.revisionHistoryLimit: -agents.image.name: spec.override.nodeAgent.image.name -agents.image.tag: spec.override.nodeAgent.image.tag -agents.image.digest: -agents.image.tagSuffix: -agents.image.repository: -agents.image.doNotCheckTag: -agents.image.pullPolicy: spec.override.nodeAgent.image.pullPolicy -agents.image.pullSecrets: spec.override.nodeAgent.image.pullSecrets - -agents.rbac.create: spec.override.nodeAgent.createRbac -agents.rbac.serviceAccountName: spec.override.nodeAgent.serviceAccountName -agents.rbac.serviceAccountAnnotations: -agents.rbac.automountServiceAccountToken: -agents.podSecurity.podSecurityPolicy.create: -agents.podSecurity.securityContextConstraints.create: -agents.podSecurity.seLinuxContext: -agents.podSecurity.privileged: -agents.podSecurity.capabilities: -agents.podSecurity.allowedUnsafeSysctls: -agents.podSecurity.volumes: -agents.podSecurity.seccompProfiles: -agents.podSecurity.apparmor.enabled: -agents.podSecurity.apparmorProfiles: -agents.podSecurity.defaultApparmor: - +agents.additionalLabels: spec.override.nodeAgent.labels +agents.affinity: spec.override.nodeAgent.affinity agents.containers.agent.env: spec.override.nodeAgent.containers.agent.env -agents.containers.agent.envFrom: -agents.containers.agent.envDict: -agents.containers.agent.logLevel: spec.override.nodeAgent.containers.agent.logLevel -agents.containers.agent.resources: spec.override.nodeAgent.containers.agent.resources +agents.containers.agent.envDict: "" +agents.containers.agent.envFrom: "" agents.containers.agent.healthPort: spec.override.nodeAgent.containers.agent.healthPort agents.containers.agent.livenessProbe: spec.override.nodeAgent.containers.agent.livenessProbe +agents.containers.agent.logLevel: spec.override.nodeAgent.containers.agent.logLevel +agents.containers.agent.ports: "" agents.containers.agent.readinessProbe: spec.override.nodeAgent.containers.agent.readinessProbe +agents.containers.agent.resources: spec.override.nodeAgent.containers.agent.resources agents.containers.agent.securityContext: spec.override.nodeAgent.containers.agent.securityContext -agents.containers.agent.ports: +agents.containers.initContainers.resources: +- spec.override.nodeAgent.containers.init-config.resources +- spec.override.nodeAgent.containers.init-volume.resources +- spec.override.clusterChecksRunner.containers.init-config.resources +agents.containers.initContainers.securityContext: +- spec.override.nodeAgent.containers.init-config.securityContext +- spec.override.nodeAgent.containers.init-volume.securityContext +- spec.override.clusterChecksRunner.containers.init-config.securityContext +agents.containers.initContainers.volumeMounts: +- spec.override.nodeAgent.containers.init-config.volumeMounts +- spec.override.nodeAgent.containers.init-volume.volumeMounts +- spec.override.clusterChecksRunner.containers.init-config.volumeMounts agents.containers.processAgent.env: spec.override.nodeAgent.containers.process-agent.env -agents.containers.processAgent.envFrom: -agents.containers.processAgent.envDict: +agents.containers.processAgent.envDict: "" +agents.containers.processAgent.envFrom: "" agents.containers.processAgent.logLevel: spec.override.nodeAgent.containers.process-agent.logLevel +agents.containers.processAgent.ports: "" agents.containers.processAgent.resources: spec.override.nodeAgent.containers.process-agent.resources agents.containers.processAgent.securityContext: spec.override.nodeAgent.containers.process-agent.securityContext -agents.containers.processAgent.ports: -agents.containers.traceAgent.env: spec.override.nodeAgent.containers.trace-agent.env -agents.containers.traceAgent.envFrom: -agents.containers.traceAgent.envDict: -agents.containers.traceAgent.logLevel: spec.override.nodeAgent.containers.trace-agent.logLevel -agents.containers.traceAgent.resources: spec.override.nodeAgent.containers.trace-agent.resources -agents.containers.traceAgent.livenessProbe: spec.override.nodeAgent.containers.trace-agent.livenessProbe -agents.containers.traceAgent.securityContext: spec.override.nodeAgent.containers.trace-agent.securityContext -agents.containers.traceAgent.ports: +agents.containers.securityAgent.env: spec.override.nodeAgent.containers.security-agent.env +agents.containers.securityAgent.envDict: "" +agents.containers.securityAgent.envFrom: "" +agents.containers.securityAgent.logLevel: spec.override.nodeAgent.containers.security-agent.logLevel +agents.containers.securityAgent.ports: "" +agents.containers.securityAgent.resources: spec.override.nodeAgent.containers.security-agent.resources agents.containers.systemProbe.env: spec.override.nodeAgent.containers.system-probe.env -agents.containers.systemProbe.envFrom: -agents.containers.systemProbe.envDict: +agents.containers.systemProbe.envDict: "" +agents.containers.systemProbe.envFrom: "" agents.containers.systemProbe.logLevel: spec.override.nodeAgent.containers.system-probe.logLevel +agents.containers.systemProbe.ports: "" agents.containers.systemProbe.resources: spec.override.nodeAgent.containers.system-probe.resources agents.containers.systemProbe.securityContext: spec.override.nodeAgent.containers.system-probe.securityContext -agents.containers.systemProbe.ports: -agents.containers.securityAgent.env: spec.override.nodeAgent.containers.security-agent.env -agents.containers.securityAgent.envFrom: -agents.containers.securityAgent.envDict: -agents.containers.securityAgent.logLevel: spec.override.nodeAgent.containers.security-agent.logLevel -agents.containers.securityAgent.resources: spec.override.nodeAgent.containers.security-agent.resources -agents.containers.securityAgent.ports: - -agents.containers.initContainers.resources: - - spec.override.nodeAgent.containers.init-config.resources - - spec.override.nodeAgent.containers.init-volume.resources - - spec.override.clusterChecksRunner.containers.init-config.resources -agents.containers.initContainers.securityContext: - - spec.override.nodeAgent.containers.init-config.securityContext - - spec.override.nodeAgent.containers.init-volume.securityContext - - spec.override.clusterChecksRunner.containers.init-config.securityContext -agents.containers.initContainers.volumeMounts: - - spec.override.nodeAgent.containers.init-config.volumeMounts - - spec.override.nodeAgent.containers.init-volume.volumeMounts - - spec.override.clusterChecksRunner.containers.init-config.volumeMounts - -agents.volumes: spec.override.nodeAgent.volumes -agents.volumeMounts: - - spec.override.nodeAgent.containers.node-agent.volumeMounts - - spec.override.nodeAgent.containers.process-agent.volumeMounts - - spec.override.nodeAgent.containers.trace-agent.volumeMounts - - spec.override.nodeAgent.containers.system-probe.volumeMounts - - spec.override.nodeAgent.containers.security-agent.volumeMounts - -agents.useHostNetwork: spec.override.nodeAgent.hostNetwork -agents.dnsConfig: -agents.daemonsetAnnotations: -agents.podAnnotations: spec.override.nodeAgent.annotations -agents.tolerations: spec.override.nodeAgent.tolerations -agents.nodeSelector: spec.override.nodeAgent.nodeSelector -agents.affinity: spec.override.nodeAgent.affinity -agents.updateStrategy: -agents.priorityClassCreate: -agents.priorityClassName: spec.override.nodeAgent.priorityClassName -agents.priorityPreemptionPolicyValue: -agents.priorityClassValue: -agents.podLabels: -agents.additionalLabels: spec.override.nodeAgent.labels -agents.useConfigMap: +agents.containers.traceAgent.env: spec.override.nodeAgent.containers.trace-agent.env +agents.containers.traceAgent.envDict: "" +agents.containers.traceAgent.envFrom: "" +agents.containers.traceAgent.livenessProbe: spec.override.nodeAgent.containers.trace-agent.livenessProbe +agents.containers.traceAgent.logLevel: spec.override.nodeAgent.containers.trace-agent.logLevel +agents.containers.traceAgent.ports: "" +agents.containers.traceAgent.resources: spec.override.nodeAgent.containers.trace-agent.resources +agents.containers.traceAgent.securityContext: spec.override.nodeAgent.containers.trace-agent.securityContext agents.customAgentConfig: spec.override.nodeAgent.customConfigurations.datadog.yaml.configData -# agents.networkPolicy.create: false # deprecated -agents.localService.overrideName: spec.global.localService.nameOverride +agents.daemonsetAnnotations: "" +agents.dnsConfig: "" +agents.enabled: "" +agents.image.digest: "" +agents.image.doNotCheckTag: "" +agents.image.name: spec.override.nodeAgent.image.name +agents.image.pullPolicy: spec.override.nodeAgent.image.pullPolicy +agents.image.pullSecrets: spec.override.nodeAgent.image.pullSecrets +agents.image.repository: "" +agents.image.tag: spec.override.nodeAgent.image.tag +agents.image.tagSuffix: "" agents.localService.forceLocalServiceEnabled: spec.global.localService.forceEnableLocalService - +agents.localService.overrideName: spec.global.localService.nameOverride +agents.nodeSelector: spec.override.nodeAgent.nodeSelector +agents.podAnnotations: spec.override.nodeAgent.annotations +agents.podLabels: "" +agents.podSecurity.allowedUnsafeSysctls: "" +agents.podSecurity.apparmor.enabled: "" +agents.podSecurity.apparmorProfiles: "" +agents.podSecurity.capabilities: "" +agents.podSecurity.defaultApparmor: "" +agents.podSecurity.podSecurityPolicy.create: "" +agents.podSecurity.privileged: "" +agents.podSecurity.seLinuxContext: "" +agents.podSecurity.seccompProfiles: "" +agents.podSecurity.securityContextConstraints.create: "" +agents.podSecurity.volumes: "" +agents.priorityClassCreate: "" +agents.priorityClassName: spec.override.nodeAgent.priorityClassName +agents.priorityClassValue: "" +agents.priorityPreemptionPolicyValue: "" +agents.rbac.automountServiceAccountToken: "" +agents.rbac.create: spec.override.nodeAgent.createRbac +agents.rbac.serviceAccountAnnotations: "" +agents.rbac.serviceAccountName: spec.override.nodeAgent.serviceAccountName +agents.revisionHistoryLimit: "" +agents.shareProcessNamespace: "" +agents.tolerations: spec.override.nodeAgent.tolerations +agents.updateStrategy: "" +agents.useConfigMap: "" +agents.useHostNetwork: spec.override.nodeAgent.hostNetwork +agents.volumeMounts: +- spec.override.nodeAgent.containers.node-agent.volumeMounts +- spec.override.nodeAgent.containers.process-agent.volumeMounts +- spec.override.nodeAgent.containers.trace-agent.volumeMounts +- spec.override.nodeAgent.containers.system-probe.volumeMounts +- spec.override.nodeAgent.containers.security-agent.volumeMounts +agents.volumes: spec.override.nodeAgent.volumes +clusterAgent.additionalLabels: spec.override.clusterAgent.labels +clusterAgent.admissionController.configMode: spec.features.admissionController.agentCommunicationMode +clusterAgent.admissionController.enabled: spec.features.admissionController.enabled +clusterAgent.admissionController.failurePolicy: spec.features.admissionController.failurePolicy +clusterAgent.admissionController.mutateUnlabelled: spec.features.admissionController.mutateUnlabelled +clusterAgent.admissionController.port: "" +clusterAgent.admissionController.remoteInstrumentation.enabled: "" +clusterAgent.admissionController.webhookName: spec.features.admissionController.webhookName +clusterAgent.advancedConfd: "" +clusterAgent.affinity: spec.override.clusterAgent.affinity +clusterAgent.command: spec.override.clusterAgent.containers.cluster-agent.command +clusterAgent.confd: spec.override.clusterAgent.extraConfd +clusterAgent.containers.clusterAgent.securityContext: "" +clusterAgent.containers.initContainer.securityContext: spec.override.clusterAgent.containers.init-config.securityContext +clusterAgent.createPodDisruptionBudget: "" +clusterAgent.datadog_cluster_yaml: spec.override.clusterAgent.customConfigurations.datadog-cluster.yaml.configData +clusterAgent.deploymentAnnotations: "" +clusterAgent.dnsConfig: "" +clusterAgent.enabled: "" +clusterAgent.env: spec.override.clusterAgent.env +clusterAgent.envDict: "" +clusterAgent.envFrom: "" +clusterAgent.healthPort: spec.override.clusterAgent.containers.cluster-agent.healthPort +clusterAgent.image.digest: "" +clusterAgent.image.doNotCheckTag: "" +clusterAgent.image.name: spec.override.clusterAgent.image.name +clusterAgent.image.pullPolicy: spec.override.clusterAgent.pullPolicy +clusterAgent.image.pullSecrets: spec.override.clusterAgent.pullSecrets +clusterAgent.image.repository: "" +clusterAgent.image.tag: spec.override.clusterAgent.tag +clusterAgent.livenessProbe: spec.override.clusterAgent.containers.cluster-agent.livenessProbe +clusterAgent.metricsProvider.aggregator: "" +clusterAgent.metricsProvider.createReaderRbac: "" +clusterAgent.metricsProvider.enabled: spec.features.externalMetricsServer.enabled +clusterAgent.metricsProvider.endpoint: spec.features.externalMetricsServer.endpoint +clusterAgent.metricsProvider.registerAPIService: spec.features.externalMetricsServer.registerAPIService +clusterAgent.metricsProvider.service.port: spec.features.externalMetricsServer.port +clusterAgent.metricsProvider.service.type: "" +clusterAgent.metricsProvider.useDatadogMetrics: spec.features.externalMetricsServer.useDatadogMetrics +clusterAgent.metricsProvider.wpaController: spec.features.externalMetricsServer.wpaController +clusterAgent.nodeSelector: spec.override.clusterAgent.nodeSelector +clusterAgent.podAnnotations: spec.override.clusterAgent.annotations +clusterAgent.podSecurity.podSecurityPolicy.create: "" +clusterAgent.podSecurity.securityContextConstraints.create: "" +clusterAgent.priorityClassName: spec.override.clusterAgent.priorityClassName +clusterAgent.rbac.automountServiceAccountToken: "" +clusterAgent.rbac.create: spec.override.clusterAgent.createRbac +clusterAgent.rbac.flareAdditionalPermissions: "" +clusterAgent.rbac.serviceAccountAnnotations: "" +clusterAgent.rbac.serviceAccountName: spec.override.clusterAgent.serviceAccountName +clusterAgent.readinessProbe: spec.override.clusterAgent.containers.cluster-agent.readinessProbe +clusterAgent.replicas: spec.override.clusterAgent.replicas +clusterAgent.resources: spec.override.clusterAgent.containers.cluster-agent.resources +clusterAgent.revisionHistoryLimit: "" +clusterAgent.securityContext: "" +clusterAgent.shareProcessNamespace: "" +clusterAgent.strategy: "" +clusterAgent.token: spec.global.clusterAgentToken +clusterAgent.tokenExistingSecret: spec.global.clusterAgentTokenSecret +clusterAgent.tolerations: spec.override.clusterAgent.tolerations +clusterAgent.topologySpreadConstraints: "" +clusterAgent.useHostNetwork: "" +clusterAgent.volumeMounts: spec.override.clusterAgent.containers.cluster-agent.volumeMounts +clusterAgent.volumes: spec.override.clusterAgent.volumes +clusterChecksRunner.additionalLabels: spec.override.clusterChecksRunner.labels +clusterChecksRunner.affinity: spec.override.clusterChecksRunner.affinity +clusterChecksRunner.createPodDisruptionBudget: "" +clusterChecksRunner.deploymentAnnotations: "" +clusterChecksRunner.dnsConfig: "" clusterChecksRunner.enabled: spec.features.clusterChecks.useClusterCheckRunners +clusterChecksRunner.env: spec.override.clusterChecksRunner.env +clusterChecksRunner.envDict: "" +clusterChecksRunner.envFrom: "" +clusterChecksRunner.healthPort: spec.override.clusterChecksRunner.containers.agent.healthPort +clusterChecksRunner.image.digest: "" clusterChecksRunner.image.name: spec.override.clusterChecksRunner.image.name -clusterChecksRunner.image.tag: spec.override.clusterChecksRunner.image.tag -clusterChecksRunner.image.digest: -clusterChecksRunner.image.tagSuffix: -clusterChecksRunner.image.repository: clusterChecksRunner.image.pullPolicy: spec.override.clusterChecksRunner.image.pullPolicy clusterChecksRunner.image.pullSecrets: spec.override.clusterChecksRunner.image.pullSecrets - -clusterChecksRunner.createPodDisruptionBudget: +clusterChecksRunner.image.repository: "" +clusterChecksRunner.image.tag: spec.override.clusterChecksRunner.image.tag +clusterChecksRunner.image.tagSuffix: "" +clusterChecksRunner.livenessProbe: spec.override.clusterChecksRunner.containers.agent.livenessProbe +clusterChecksRunner.nodeSelector: spec.override.clusterChecksRunner.nodeSelector +clusterChecksRunner.podAnnotations: spec.override.clusterChecksRunner.annotations +clusterChecksRunner.ports: "" +clusterChecksRunner.priorityClassName: spec.override.clusterChecksRunner.priorityClassName +clusterChecksRunner.rbac.automountServiceAccountToken: "" clusterChecksRunner.rbac.create: spec.override.clusterChecksRunner.createRbac -clusterChecksRunner.rbac.dedicated: -clusterChecksRunner.rbac.serviceAccountAnnotations: -clusterChecksRunner.rbac.automountServiceAccountToken: +clusterChecksRunner.rbac.dedicated: "" +clusterChecksRunner.rbac.serviceAccountAnnotations: "" clusterChecksRunner.rbac.serviceAccountName: spec.override.clusterChecksRunner.serviceAccountName +clusterChecksRunner.readinessProbe: spec.override.clusterChecksRunner.containers.agent.readinessProbe clusterChecksRunner.replicas: spec.override.clusterChecksRunner.replicas -clusterChecksRunner.revisionHistoryLimit: clusterChecksRunner.resources: spec.override.clusterChecksRunner.containers.agent.resources -clusterChecksRunner.affinity: spec.override.clusterChecksRunner.affinity -clusterChecksRunner.topologySpreadConstraints: -clusterChecksRunner.strategy: -clusterChecksRunner.dnsConfig: -clusterChecksRunner.priorityClassName: spec.override.clusterChecksRunner.priorityClassName -clusterChecksRunner.nodeSelector: spec.override.clusterChecksRunner.nodeSelector +clusterChecksRunner.revisionHistoryLimit: "" +clusterChecksRunner.securityContext: spec.override.clusterChecksRunner.securityContext +clusterChecksRunner.strategy: "" clusterChecksRunner.tolerations: spec.override.clusterChecksRunner.tolerations -clusterChecksRunner.healthPort: spec.override.clusterChecksRunner.containers.agent.healthPort -clusterChecksRunner.livenessProbe: spec.override.clusterChecksRunner.containers.agent.livenessProbe -clusterChecksRunner.readinessProbe: spec.override.clusterChecksRunner.containers.agent.readinessProbe -clusterChecksRunner.deploymentAnnotations: -clusterChecksRunner.podAnnotations: spec.override.clusterChecksRunner.annotations - -clusterChecksRunner.env: spec.override.clusterChecksRunner.env -clusterChecksRunner.envFrom: -clusterChecksRunner.envDict: -clusterChecksRunner.volumes: spec.override.clusterChecksRunner.volumes +clusterChecksRunner.topologySpreadConstraints: "" clusterChecksRunner.volumeMounts: spec.override.clusterChecksRunner.containers.agent.volumeMounts -# clusterChecksRunner.networkPolicy.create: false # deprecated -clusterChecksRunner.additionalLabels: spec.override.clusterChecksRunner.labels -clusterChecksRunner.securityContext: spec.override.clusterChecksRunner.securityContext -clusterChecksRunner.ports: - -datadog-crds.crds.datadogMetrics: - -providers.gke.autopilot: -providers.gke.cos: -providers.eks.ec2.useHostnameFromFile: -providers.aks.enabled: - +clusterChecksRunner.volumes: spec.override.clusterChecksRunner.volumes +commonLabels: "" +datadog-crds.crds.datadogMetrics: "" +datadog.apiKey: spec.global.credentials.apiKey +datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret +datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path +datadog.apm.port: spec.features.apm.hostPortConfig.hostPort +datadog.apm.portEnabled: spec.features.apm.hostPortConfig.enabled +datadog.apm.socketEnabled: spec.features.apm.enabled +datadog.apm.socketPath: "" +datadog.appKey: spec.global.credentials.appKey +datadog.appKeyExistingSecret: spec.global.credentials.appSecret +datadog.checksCardinality: "" +datadog.checksd: spec.override.nodeAgent.extraChecksd +datadog.clusterChecks.enabled: spec.features.clusterChecks.enabled +datadog.clusterChecks.shareProcessNamespace: "" +datadog.clusterName: spec.global.clusterName +datadog.clusterTagger.collectKubernetesTags: "" +datadog.collectEvents: spec.features.eventCollection.collectKubernetesEvents +datadog.confd: spec.override.nodeAgent.extraConfd +datadog.containerExclude: "" +datadog.containerExcludeLogs: "" +datadog.containerExcludeMetrics: "" +datadog.containerImageCollection.enabled: "" +datadog.containerInclude: "" +datadog.containerIncludeLogs: "" +datadog.containerIncludeMetrics: "" +datadog.containerLifecycle.enabled: "" +datadog.containerRuntimeSupport.enabled: "" +datadog.criSocketPath: spec.global.criSocketPath +datadog.dd_url: spec.endpoint.url +datadog.dockerSocketPath: spec.global.dockerSocketPath +datadog.dogstatsd.hostSocketPath: "" +datadog.dogstatsd.nonLocalTraffic: "" +datadog.dogstatsd.originDetection: spec.features.dogstatsd.originDetectionEnabled +datadog.dogstatsd.port: "" +datadog.dogstatsd.socketPath: spec.features.dogstatsd.unixDomainSocketConfig.path +datadog.dogstatsd.tagCardinality: spec.features.dogstatsd.tagCardinality +datadog.dogstatsd.tags: "" +datadog.dogstatsd.useHostPort: spec.features.dogstatsd.hostPortConfig.enabled +datadog.dogstatsd.useSocketVolume: spec.features.dogstatsd.unixDomainSocketConfig.enabled +datadog.env: spec.override.nodeAgent.env +datadog.envDict: "" +datadog.envFrom: "" +datadog.excludePauseContainer: "" +datadog.expvarPort: "" +datadog.helmCheck.collectEvents: "" +datadog.helmCheck.enabled: "" +datadog.helmCheck.valuesAsTags: "" +datadog.hostVolumeMountPropagation: "" +datadog.ignoreAutoConfig: "" +datadog.kubeStateMetricsCore.annotationsAsTags: "" +datadog.kubeStateMetricsCore.collectApiServicesMetrics: "" +datadog.kubeStateMetricsCore.collectConfigMaps: "" +datadog.kubeStateMetricsCore.collectCrdMetrics: "" +datadog.kubeStateMetricsCore.collectSecretMetrics: "" +datadog.kubeStateMetricsCore.collectVpaMetrics: "" +datadog.kubeStateMetricsCore.enabled: spec.features.kubeStateMetricsCore.enabled +datadog.kubeStateMetricsCore.ignoreLegacyKSMCheck: "" +datadog.kubeStateMetricsCore.labelsAsTags: "" +datadog.kubeStateMetricsCore.rbac.create: "" +datadog.kubeStateMetricsCore.useClusterCheckRunners: "" +datadog.kubeStateMetricsEnabled: "" +datadog.kubeStateMetricsNetworkPolicy.create: "" +datadog.kubelet.agentCAPath: spec.global.kubelet.agentCAPath +datadog.kubelet.coreCheckEnabled: "" +datadog.kubelet.host: spec.global.kubelet.host +datadog.kubelet.hostCAPath: spec.global.kubelet.hostCAPath +datadog.kubelet.podLogsPath: "" +datadog.kubelet.tlsVerify: spec.global.kubelet.tlsVerify +datadog.kubernetesEvents.collectedEventTypes: "" +datadog.kubernetesEvents.filteringEnabled: "" +datadog.kubernetesEvents.unbundleEvents: "" +datadog.kubernetesResourcesAnnotationsAsTags: spec.global.kubernetesResourcesAnnotationsAsTags +datadog.kubernetesResourcesLabelsAsTags: spec.global.kubernetesResourcesLabelsAsTags +datadog.leaderElection: "" +datadog.leaderElectionResource: "" +datadog.leaderLeaseDuration: "" +datadog.logLevel: spec.global.logLevel +datadog.logs.autoMultiLineDetection: "" +datadog.logs.containerCollectAll: spec.features.logCollection.containerCollectAll +datadog.logs.containerCollectUsingFiles: spec.features.logCollection.containerCollectUsingFiles +datadog.logs.enabled: spec.features.logCollection.enabled +datadog.namespaceAnnotationsAsTags: spec.global.namespaceAnnotationsAsTags +datadog.namespaceLabelsAsTags: spec.global.namespaceLabelsAsTags +datadog.networkMonitoring.enabled: spec.features.npm.enabled +datadog.networkPolicy.cilium.dnsSelector: spec.global.networkPolicy.dnsSelectorEndpoints +datadog.networkPolicy.create: spec.global.networkPolicy.create +datadog.networkPolicy.flavor: spec.global.networkPolicy.flavor +datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags +datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers +datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources +datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled +datadog.originDetectionUnified.enabled: spec.global.global.originDetectionUnified.enabled +datadog.osReleasePath: "" +datadog.otlp.receiver.protocols.grpc.enabled: spec.features.otlp.receiver.protocols.grpc.enabled +datadog.otlp.receiver.protocols.grpc.endpoint: spec.features.otlp.receiver.protocols.grpc.endpoint +datadog.otlp.receiver.protocols.grpc.useHostPort: "" +datadog.otlp.receiver.protocols.http.enabled: spec.features.otlp.receiver.protocols.http.enabled +datadog.otlp.receiver.protocols.http.endpoint: spec.features.otlp.receiver.protocols.http.endpoint +datadog.otlp.receiver.protocols.http.useHostPort: "" +datadog.podAnnotationsAsTags: spec.global.podAnnotationsAsTags +datadog.podLabelsAsTags: spec.global.podLabelsAsTags +datadog.processAgent.enabled: "" +datadog.processAgent.processCollection: "" +datadog.processAgent.processDiscovery: spec.features.processDiscovery.enabled +datadog.processAgent.stripProcessArguments: spec.features.liveProcessCollection.stripProcessArguments +datadog.prometheusScrape.additionalConfigs: spec.features.prometheusScrape.additionalConfigs +datadog.prometheusScrape.enabled: spec.features.prometheusScrape.enabled +datadog.prometheusScrape.serviceEndpoints: spec.features.prometheusScrape.enableServiceEndpoints +datadog.prometheusScrape.version: spec.features.prometheusScrape.version +datadog.remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled +datadog.sbom.containerImage.enabled: spec.features.sbom.containerImage.enabled +datadog.sbom.host.enabled: spec.features.sbom.host.enabled +datadog.secretAnnotations: "" +datadog.secretBackend.arguments: "" +datadog.secretBackend.command: "" +datadog.secretBackend.enableGlobalPermissions: "" +datadog.secretBackend.roles: "" +datadog.secretBackend.timeout: "" +datadog.securityAgent.compliance.checkInterval: spec.features.cspm.customBenchmarks.checkInterval +datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap +datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled +datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks +datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout: "" +datadog.securityAgent.runtime.activityDump.cgroupWaitListSize: "" +datadog.securityAgent.runtime.activityDump.enabled: "" +datadog.securityAgent.runtime.activityDump.pathMerge.enabled: "" +datadog.securityAgent.runtime.activityDump.tracedCgroupsCount: "" +datadog.securityAgent.runtime.enabled: spec.features.cws.enabled +datadog.securityAgent.runtime.fimEnabled: "" +datadog.securityAgent.runtime.network.enabled: spec.features.cws.network.enabled +datadog.securityAgent.runtime.policies.configMap: spec.features.cws.customPolicies.configMap +datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled +datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled +datadog.securityContext: spec.global.securityContext +datadog.securityContext.runAsUser: "" +datadog.serviceMonitoring.enabled: spec.features.usm.enabled +datadog.site: spec.global.site +datadog.systemProbe.apparmor: spec.override.nodeAgent.containers.system-probe.appArmorProfileName +datadog.systemProbe.bpfDebug: "" +datadog.systemProbe.btfPath: "" +datadog.systemProbe.collectDNSStats: spec.features.npm.collectDNSStats +datadog.systemProbe.conntrackInitTimeout: "" +datadog.systemProbe.conntrackMaxStateSize: "" +datadog.systemProbe.debugPort: "" +datadog.systemProbe.enableConntrack: spec.features.npm.enableConntrack +datadog.systemProbe.enableDefaultKernelHeadersPaths: "" +datadog.systemProbe.enableDefaultOsReleasePaths: "" +datadog.systemProbe.enableOOMKill: spec.features.oomKill.enabled +datadog.systemProbe.enableTCPQueueLength: spec.features.tcpQueueLength.enabled +datadog.systemProbe.maxTrackedConnections: "" +datadog.systemProbe.mountPackageManagementDirs: "" +datadog.systemProbe.runtimeCompilationAssetDir: "" +datadog.systemProbe.seccomp: spec.override.nodeAgent.containers.system-probe.seccompConfig.customProfile +datadog.systemProbe.seccompRoot: spec.override.nodeAgent.containers.system-probe.seccompConfig.customRootPath +datadog.tags: spec.global.tags +datadog.useHostPID: spec.override.nodeAgent.hostPID +existingClusterAgent.clusterchecksEnabled: "" +existingClusterAgent.join: "" +existingClusterAgent.serviceName: "" +existingClusterAgent.tokenSecretName: "" +fips.customFipsConfig: "" +fips.enabled: "" +fips.image.digest: "" +fips.image.name: "" +fips.image.pullPolicy: "" +fips.image.repository: "" +fips.image.tag: "" +fips.local_address: "" +fips.port: "" +fips.portRange: "" +fips.resources: "" +fips.use_https: "" +fullnameOverride: "" +nameOverride: "" +providers.aks.enabled: "" +providers.eks.ec2.useHostnameFromFile: "" +providers.gke.autopilot: "" +providers.gke.cos: "" +registry: spec.global.registry remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled +targetSystem: "" From 718cab81ad60d0f6f8ed3281f699e294a6f89333 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 23 Oct 2024 12:11:16 -0400 Subject: [PATCH 02/10] fix mapping --- ...mapping_datadog_helm_to_datadogagent_crd.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index c43a18259..325d54f3b 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -125,10 +125,10 @@ clusterAgent.healthPort: spec.override.clusterAgent.containers.cluster-agent.hea clusterAgent.image.digest: "" clusterAgent.image.doNotCheckTag: "" clusterAgent.image.name: spec.override.clusterAgent.image.name -clusterAgent.image.pullPolicy: spec.override.clusterAgent.pullPolicy -clusterAgent.image.pullSecrets: spec.override.clusterAgent.pullSecrets +clusterAgent.image.pullPolicy: spec.override.clusterAgent.image.pullPolicy +clusterAgent.image.pullSecrets: spec.override.clusterAgent.image.pullSecrets clusterAgent.image.repository: "" -clusterAgent.image.tag: spec.override.clusterAgent.tag +clusterAgent.image.tag: spec.override.clusterAgent.image.tag clusterAgent.livenessProbe: spec.override.clusterAgent.containers.cluster-agent.livenessProbe clusterAgent.metricsProvider.aggregator: "" clusterAgent.metricsProvider.createReaderRbac: "" @@ -168,7 +168,7 @@ clusterChecksRunner.affinity: spec.override.clusterChecksRunner.affinity clusterChecksRunner.createPodDisruptionBudget: "" clusterChecksRunner.deploymentAnnotations: "" clusterChecksRunner.dnsConfig: "" -clusterChecksRunner.enabled: spec.features.clusterChecks.useClusterCheckRunners +clusterChecksRunner.enabled: spec.features.clusterChecks.useClusterChecksRunners clusterChecksRunner.env: spec.override.clusterChecksRunner.env clusterChecksRunner.envDict: "" clusterChecksRunner.envFrom: "" @@ -292,7 +292,7 @@ datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled -datadog.originDetectionUnified.enabled: spec.global.global.originDetectionUnified.enabled +datadog.originDetectionUnified.enabled: spec.global.originDetectionUnified.enabled datadog.osReleasePath: "" datadog.otlp.receiver.protocols.grpc.enabled: spec.features.otlp.receiver.protocols.grpc.enabled datadog.otlp.receiver.protocols.grpc.endpoint: spec.features.otlp.receiver.protocols.grpc.endpoint @@ -319,10 +319,10 @@ datadog.secretBackend.command: "" datadog.secretBackend.enableGlobalPermissions: "" datadog.secretBackend.roles: "" datadog.secretBackend.timeout: "" -datadog.securityAgent.compliance.checkInterval: spec.features.cspm.customBenchmarks.checkInterval +datadog.securityAgent.compliance.checkInterval: "" datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled -datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks +datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks.enabled datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout: "" datadog.securityAgent.runtime.activityDump.cgroupWaitListSize: "" datadog.securityAgent.runtime.activityDump.enabled: "" @@ -353,7 +353,7 @@ datadog.systemProbe.enableTCPQueueLength: spec.features.tcpQueueLength.enabled datadog.systemProbe.maxTrackedConnections: "" datadog.systemProbe.mountPackageManagementDirs: "" datadog.systemProbe.runtimeCompilationAssetDir: "" -datadog.systemProbe.seccomp: spec.override.nodeAgent.containers.system-probe.seccompConfig.customProfile +datadog.systemProbe.seccomp: "" datadog.systemProbe.seccompRoot: spec.override.nodeAgent.containers.system-probe.seccompConfig.customRootPath datadog.tags: spec.global.tags datadog.useHostPID: spec.override.nodeAgent.hostPID From 48dd23dcdb41c91e298776259b7495d552fbb2c1 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Wed, 23 Oct 2024 14:35:03 -0400 Subject: [PATCH 03/10] update mapping for secrets, config maps --- ...ping_datadog_helm_to_datadogagent_crd.yaml | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index 325d54f3b..07b46ce75 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -157,7 +157,9 @@ clusterAgent.securityContext: "" clusterAgent.shareProcessNamespace: "" clusterAgent.strategy: "" clusterAgent.token: spec.global.clusterAgentToken -clusterAgent.tokenExistingSecret: spec.global.clusterAgentTokenSecret +clusterAgent.tokenExistingSecret: +- spec.global.clusterAgentTokenSecret.keyName +- spec.global.clusterAgentTokenSecret.secretName clusterAgent.tolerations: spec.override.clusterAgent.tolerations clusterAgent.topologySpreadConstraints: "" clusterAgent.useHostNetwork: "" @@ -203,14 +205,18 @@ clusterChecksRunner.volumes: spec.override.clusterChecksRunner.volumes commonLabels: "" datadog-crds.crds.datadogMetrics: "" datadog.apiKey: spec.global.credentials.apiKey -datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret +datadog.apiKeyExistingSecret: +- spec.global.credentials.apiSecret.keyName +- spec.global.credentials.apiSecret.secretName datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path datadog.apm.port: spec.features.apm.hostPortConfig.hostPort datadog.apm.portEnabled: spec.features.apm.hostPortConfig.enabled datadog.apm.socketEnabled: spec.features.apm.enabled datadog.apm.socketPath: "" datadog.appKey: spec.global.credentials.appKey -datadog.appKeyExistingSecret: spec.global.credentials.appSecret +datadog.appKeyExistingSecret: +- spec.global.credentials.appSecret.keyName +- spec.global.credentials.appSecret.secretName datadog.checksCardinality: "" datadog.checksd: spec.override.nodeAgent.extraChecksd datadog.clusterChecks.enabled: spec.features.clusterChecks.enabled @@ -238,7 +244,9 @@ datadog.dogstatsd.port: "" datadog.dogstatsd.socketPath: spec.features.dogstatsd.unixDomainSocketConfig.path datadog.dogstatsd.tagCardinality: spec.features.dogstatsd.tagCardinality datadog.dogstatsd.tags: "" -datadog.dogstatsd.useHostPort: spec.features.dogstatsd.hostPortConfig.enabled +datadog.dogstatsd.useHostPort: +- spec.features.dogstatsd.hostPortConfig.enabled +- spec.features.dogstatsd.hostPortConfig.hostPort datadog.dogstatsd.useSocketVolume: spec.features.dogstatsd.unixDomainSocketConfig.enabled datadog.env: spec.override.nodeAgent.env datadog.envDict: "" @@ -320,7 +328,9 @@ datadog.secretBackend.enableGlobalPermissions: "" datadog.secretBackend.roles: "" datadog.secretBackend.timeout: "" datadog.securityAgent.compliance.checkInterval: "" -datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap +datadog.securityAgent.compliance.configMap: +- spec.features.cspm.customBenchmarks.configMap.items +- spec.features.cspm.customBenchmarks.configMap.name datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks.enabled datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout: "" @@ -331,7 +341,9 @@ datadog.securityAgent.runtime.activityDump.tracedCgroupsCount: "" datadog.securityAgent.runtime.enabled: spec.features.cws.enabled datadog.securityAgent.runtime.fimEnabled: "" datadog.securityAgent.runtime.network.enabled: spec.features.cws.network.enabled -datadog.securityAgent.runtime.policies.configMap: spec.features.cws.customPolicies.configMap +datadog.securityAgent.runtime.policies.configMap: +- spec.features.cws.customPolicies.configMap.items +- spec.features.cws.customPolicies.configMap.name datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled datadog.securityContext: spec.global.securityContext From c2f5400a00b667320d903f033fe2d7969c7b625d Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Wed, 23 Oct 2024 16:34:31 -0400 Subject: [PATCH 04/10] update mapping --- ...ping_datadog_helm_to_datadogagent_crd.yaml | 61 ++++++++++--------- 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index 07b46ce75..0d45f197a 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -52,7 +52,8 @@ agents.containers.traceAgent.resources: spec.override.nodeAgent.containers.trace agents.containers.traceAgent.securityContext: spec.override.nodeAgent.containers.trace-agent.securityContext agents.customAgentConfig: spec.override.nodeAgent.customConfigurations.datadog.yaml.configData agents.daemonsetAnnotations: "" -agents.dnsConfig: "" +agents.dnsConfig: "" +# list of nameservers, options, searches? agents.enabled: "" agents.image.digest: "" agents.image.doNotCheckTag: "" @@ -66,16 +67,19 @@ agents.localService.forceLocalServiceEnabled: spec.global.localService.forceEnab agents.localService.overrideName: spec.global.localService.nameOverride agents.nodeSelector: spec.override.nodeAgent.nodeSelector agents.podAnnotations: spec.override.nodeAgent.annotations -agents.podLabels: "" +agents.podLabels: spec.override.nodeAgent.labels agents.podSecurity.allowedUnsafeSysctls: "" agents.podSecurity.apparmor.enabled: "" agents.podSecurity.apparmorProfiles: "" agents.podSecurity.capabilities: "" +# list, capabilities add or drop agents.podSecurity.defaultApparmor: "" agents.podSecurity.podSecurityPolicy.create: "" -agents.podSecurity.privileged: "" +agents.podSecurity.privileged: spec.override.nodeAgent.containers.agent.securityContext.privileged agents.podSecurity.seLinuxContext: "" +# list, seLinuxOptions agents.podSecurity.seccompProfiles: "" +# list, seccompProfiles agents.podSecurity.securityContextConstraints.create: "" agents.podSecurity.volumes: "" agents.priorityClassCreate: "" @@ -90,6 +94,7 @@ agents.revisionHistoryLimit: "" agents.shareProcessNamespace: "" agents.tolerations: spec.override.nodeAgent.tolerations agents.updateStrategy: "" +# rolling update, type agents.useConfigMap: "" agents.useHostNetwork: spec.override.nodeAgent.hostNetwork agents.volumeMounts: @@ -240,22 +245,20 @@ datadog.dockerSocketPath: spec.global.dockerSocketPath datadog.dogstatsd.hostSocketPath: "" datadog.dogstatsd.nonLocalTraffic: "" datadog.dogstatsd.originDetection: spec.features.dogstatsd.originDetectionEnabled -datadog.dogstatsd.port: "" +datadog.dogstatsd.port: spec.features.dogstatsd.hostPortConfig.hostPort datadog.dogstatsd.socketPath: spec.features.dogstatsd.unixDomainSocketConfig.path datadog.dogstatsd.tagCardinality: spec.features.dogstatsd.tagCardinality datadog.dogstatsd.tags: "" -datadog.dogstatsd.useHostPort: -- spec.features.dogstatsd.hostPortConfig.enabled -- spec.features.dogstatsd.hostPortConfig.hostPort +datadog.dogstatsd.useHostPort: spec.features.dogstatsd.hostPortConfig.enabled datadog.dogstatsd.useSocketVolume: spec.features.dogstatsd.unixDomainSocketConfig.enabled datadog.env: spec.override.nodeAgent.env datadog.envDict: "" -datadog.envFrom: "" +datadog.envFrom: spec.override.nodeAgent.envFrom datadog.excludePauseContainer: "" datadog.expvarPort: "" -datadog.helmCheck.collectEvents: "" -datadog.helmCheck.enabled: "" -datadog.helmCheck.valuesAsTags: "" +datadog.helmCheck.collectEvents: spec.features.helmCheck.collectEvents +datadog.helmCheck.enabled: spec.features.helmCheck.enabled +datadog.helmCheck.valuesAsTags: spec.features.helmCheck.valuesAsTags datadog.hostVolumeMountPropagation: "" datadog.ignoreAutoConfig: "" datadog.kubeStateMetricsCore.annotationsAsTags: "" @@ -277,9 +280,9 @@ datadog.kubelet.host: spec.global.kubelet.host datadog.kubelet.hostCAPath: spec.global.kubelet.hostCAPath datadog.kubelet.podLogsPath: "" datadog.kubelet.tlsVerify: spec.global.kubelet.tlsVerify -datadog.kubernetesEvents.collectedEventTypes: "" +datadog.kubernetesEvents.collectedEventTypes: spec.features.eventCollection.collectEventTypes datadog.kubernetesEvents.filteringEnabled: "" -datadog.kubernetesEvents.unbundleEvents: "" +datadog.kubernetesEvents.unbundleEvents: spec.features.eventCollection.unbundleEvents datadog.kubernetesResourcesAnnotationsAsTags: spec.global.kubernetesResourcesAnnotationsAsTags datadog.kubernetesResourcesLabelsAsTags: spec.global.kubernetesResourcesLabelsAsTags datadog.leaderElection: "" @@ -322,12 +325,12 @@ datadog.remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled datadog.sbom.containerImage.enabled: spec.features.sbom.containerImage.enabled datadog.sbom.host.enabled: spec.features.sbom.host.enabled datadog.secretAnnotations: "" -datadog.secretBackend.arguments: "" -datadog.secretBackend.command: "" -datadog.secretBackend.enableGlobalPermissions: "" -datadog.secretBackend.roles: "" -datadog.secretBackend.timeout: "" -datadog.securityAgent.compliance.checkInterval: "" +datadog.secretBackend.arguments: spec.global.secretBackend.args +datadog.secretBackend.command: spec.global.secretBackend.command +datadog.secretBackend.enableGlobalPermissions: spec.global.secretBackend.enableGlobalPermissions +datadog.secretBackend.roles: spec.global.secretBackend.roles +datadog.secretBackend.timeout: spec.global.secretBackend.timeout +datadog.securityAgent.compliance.checkInterval: spec.features.cspm.checkInterval datadog.securityAgent.compliance.configMap: - spec.features.cspm.customBenchmarks.configMap.items - spec.features.cspm.customBenchmarks.configMap.name @@ -346,7 +349,7 @@ datadog.securityAgent.runtime.policies.configMap: - spec.features.cws.customPolicies.configMap.name datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled -datadog.securityContext: spec.global.securityContext +datadog.securityContext: "" datadog.securityContext.runAsUser: "" datadog.serviceMonitoring.enabled: spec.features.usm.enabled datadog.site: spec.global.site @@ -374,19 +377,21 @@ existingClusterAgent.join: "" existingClusterAgent.serviceName: "" existingClusterAgent.tokenSecretName: "" fips.customFipsConfig: "" -fips.enabled: "" +# customFIPSConfig: data, items, name +fips.enabled: spec.global.fips.enabled fips.image.digest: "" -fips.image.name: "" +fips.image.name: spec.global.fips.image.name fips.image.pullPolicy: "" fips.image.repository: "" -fips.image.tag: "" -fips.local_address: "" -fips.port: "" -fips.portRange: "" +fips.image.tag: spec.global.fips.image.tag +fips.local_address: spec.global.fips.localAddress +fips.port: spec.global.fips.port +fips.portRange: spec.global.fips.portRange fips.resources: "" -fips.use_https: "" +#resources claims, limits, requests +fips.use_https: spec.global.fips.useHTTPS fullnameOverride: "" -nameOverride: "" +nameOverride: spec.global.localservice.nameOverride providers.aks.enabled: "" providers.eks.ec2.useHostnameFromFile: "" providers.gke.autopilot: "" From 4287f7d4ed93c1a538b84476a5a81e97630483d2 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 23 Oct 2024 17:29:11 -0400 Subject: [PATCH 05/10] fix values parsing --- tools/yaml-mapper/main.go | 31 ++- ...ping_datadog_helm_to_datadogagent_crd.yaml | 241 ++++++++++++++++++ 2 files changed, 266 insertions(+), 6 deletions(-) diff --git a/tools/yaml-mapper/main.go b/tools/yaml-mapper/main.go index 8e7eb93bf..b654493c4 100644 --- a/tools/yaml-mapper/main.go +++ b/tools/yaml-mapper/main.go @@ -98,6 +98,9 @@ func main() { interim := make(map[string]interface{}) interimMap := make(map[string]interface{}) + if updateMap { + interimMap = parseValues(sourceValues, make(map[string]interface{}), "") + } for sourceKey, sourceVal := range mappingValues { if updateMap { if sourceVal == nil { @@ -115,13 +118,9 @@ func main() { destKey, ok = mappingValues[sourceKey] rt := reflect.TypeOf(destKey) if !ok || destKey == "" || destKey == nil { - // If updating mapping, add unknown key to interimMap - if updateMap { - interimMap[sourceKey] = "" - continue - } // Continue through loop fmt.Printf("Warning: key not found: %s\n", sourceKey) + continue } else if rt.Kind() == reflect.Slice { // Provide support for the case where one source key may map to multiple destination keys for _, v := range destKey.([]interface{}) { @@ -177,6 +176,10 @@ func main() { fmt.Println(e) return } + newMapYaml = `# This file maps keys from the Datadog Helm chart (YAML) to the DatadogAgent CustomResource spec (YAML). + +` + newMapYaml + e = os.WriteFile(mappingFile, []byte(newMapYaml), 0660) if e != nil { fmt.Printf("Error updating default mapping yaml. %v", e) @@ -257,7 +260,7 @@ func downloadYaml(url string, name string) string { return "" } - tmpFile, err := os.CreateTemp("", fmt.Sprintf("%s.yaml*.", name)) + tmpFile, err := os.CreateTemp("", fmt.Sprintf("%s.yaml.*", name)) if err != nil { fmt.Printf("Error creating temporary file: %v\n", err) return "" @@ -274,3 +277,19 @@ func downloadYaml(url string, name string) string { return tmpFile.Name() } + +// TODO: fix handling deprecated helm values keys +// TODO: preserve comments + +func parseValues(sourceValues chartutil.Values, valuesMap map[string]interface{}, prefix string) map[string]interface{} { + for key, value := range sourceValues { + currentKey := prefix + key + valuesMap[currentKey] = "" + + // If the value is a map, recursive call to get nested keys. + if nestedMap, ok := value.(map[string]interface{}); ok { + parseValues(nestedMap, valuesMap, currentKey+".") + } + } + return valuesMap +} diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index 325d54f3b..e891ee4d7 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -1,15 +1,37 @@ +# This file maps keys from the Datadog Helm chart (YAML) to the DatadogAgent CustomResource spec (YAML). + +agents: "" agents.additionalLabels: spec.override.nodeAgent.labels agents.affinity: spec.override.nodeAgent.affinity +agents.containers: "" +agents.containers.agent: "" agents.containers.agent.env: spec.override.nodeAgent.containers.agent.env agents.containers.agent.envDict: "" agents.containers.agent.envFrom: "" agents.containers.agent.healthPort: spec.override.nodeAgent.containers.agent.healthPort agents.containers.agent.livenessProbe: spec.override.nodeAgent.containers.agent.livenessProbe +agents.containers.agent.livenessProbe.failureThreshold: "" +agents.containers.agent.livenessProbe.initialDelaySeconds: "" +agents.containers.agent.livenessProbe.periodSeconds: "" +agents.containers.agent.livenessProbe.successThreshold: "" +agents.containers.agent.livenessProbe.timeoutSeconds: "" agents.containers.agent.logLevel: spec.override.nodeAgent.containers.agent.logLevel agents.containers.agent.ports: "" agents.containers.agent.readinessProbe: spec.override.nodeAgent.containers.agent.readinessProbe +agents.containers.agent.readinessProbe.failureThreshold: "" +agents.containers.agent.readinessProbe.initialDelaySeconds: "" +agents.containers.agent.readinessProbe.periodSeconds: "" +agents.containers.agent.readinessProbe.successThreshold: "" +agents.containers.agent.readinessProbe.timeoutSeconds: "" agents.containers.agent.resources: spec.override.nodeAgent.containers.agent.resources agents.containers.agent.securityContext: spec.override.nodeAgent.containers.agent.securityContext +agents.containers.agent.startupProbe: "" +agents.containers.agent.startupProbe.failureThreshold: "" +agents.containers.agent.startupProbe.initialDelaySeconds: "" +agents.containers.agent.startupProbe.periodSeconds: "" +agents.containers.agent.startupProbe.successThreshold: "" +agents.containers.agent.startupProbe.timeoutSeconds: "" +agents.containers.initContainers: "" agents.containers.initContainers.resources: - spec.override.nodeAgent.containers.init-config.resources - spec.override.nodeAgent.containers.init-volume.resources @@ -22,6 +44,14 @@ agents.containers.initContainers.volumeMounts: - spec.override.nodeAgent.containers.init-config.volumeMounts - spec.override.nodeAgent.containers.init-volume.volumeMounts - spec.override.clusterChecksRunner.containers.init-config.volumeMounts +agents.containers.otelAgent: "" +agents.containers.otelAgent.env: "" +agents.containers.otelAgent.envDict: "" +agents.containers.otelAgent.envFrom: "" +agents.containers.otelAgent.ports: "" +agents.containers.otelAgent.resources: "" +agents.containers.otelAgent.securityContext: "" +agents.containers.processAgent: "" agents.containers.processAgent.env: spec.override.nodeAgent.containers.process-agent.env agents.containers.processAgent.envDict: "" agents.containers.processAgent.envFrom: "" @@ -29,12 +59,14 @@ agents.containers.processAgent.logLevel: spec.override.nodeAgent.containers.proc agents.containers.processAgent.ports: "" agents.containers.processAgent.resources: spec.override.nodeAgent.containers.process-agent.resources agents.containers.processAgent.securityContext: spec.override.nodeAgent.containers.process-agent.securityContext +agents.containers.securityAgent: "" agents.containers.securityAgent.env: spec.override.nodeAgent.containers.security-agent.env agents.containers.securityAgent.envDict: "" agents.containers.securityAgent.envFrom: "" agents.containers.securityAgent.logLevel: spec.override.nodeAgent.containers.security-agent.logLevel agents.containers.securityAgent.ports: "" agents.containers.securityAgent.resources: spec.override.nodeAgent.containers.security-agent.resources +agents.containers.systemProbe: "" agents.containers.systemProbe.env: spec.override.nodeAgent.containers.system-probe.env agents.containers.systemProbe.envDict: "" agents.containers.systemProbe.envFrom: "" @@ -42,10 +74,17 @@ agents.containers.systemProbe.logLevel: spec.override.nodeAgent.containers.syste agents.containers.systemProbe.ports: "" agents.containers.systemProbe.resources: spec.override.nodeAgent.containers.system-probe.resources agents.containers.systemProbe.securityContext: spec.override.nodeAgent.containers.system-probe.securityContext +agents.containers.systemProbe.securityContext.capabilities: "" +agents.containers.systemProbe.securityContext.capabilities.add: "" +agents.containers.systemProbe.securityContext.privileged: "" +agents.containers.traceAgent: "" agents.containers.traceAgent.env: spec.override.nodeAgent.containers.trace-agent.env agents.containers.traceAgent.envDict: "" agents.containers.traceAgent.envFrom: "" agents.containers.traceAgent.livenessProbe: spec.override.nodeAgent.containers.trace-agent.livenessProbe +agents.containers.traceAgent.livenessProbe.initialDelaySeconds: "" +agents.containers.traceAgent.livenessProbe.periodSeconds: "" +agents.containers.traceAgent.livenessProbe.timeoutSeconds: "" agents.containers.traceAgent.logLevel: spec.override.nodeAgent.containers.trace-agent.logLevel agents.containers.traceAgent.ports: "" agents.containers.traceAgent.resources: spec.override.nodeAgent.containers.trace-agent.resources @@ -54,6 +93,7 @@ agents.customAgentConfig: spec.override.nodeAgent.customConfigurations.datadog.y agents.daemonsetAnnotations: "" agents.dnsConfig: "" agents.enabled: "" +agents.image: "" agents.image.digest: "" agents.image.doNotCheckTag: "" agents.image.name: spec.override.nodeAgent.image.name @@ -62,26 +102,40 @@ agents.image.pullSecrets: spec.override.nodeAgent.image.pullSecrets agents.image.repository: "" agents.image.tag: spec.override.nodeAgent.image.tag agents.image.tagSuffix: "" +agents.localService: "" agents.localService.forceLocalServiceEnabled: spec.global.localService.forceEnableLocalService agents.localService.overrideName: spec.global.localService.nameOverride +agents.networkPolicy: "" +agents.networkPolicy.create: "" agents.nodeSelector: spec.override.nodeAgent.nodeSelector agents.podAnnotations: spec.override.nodeAgent.annotations agents.podLabels: "" +agents.podSecurity: "" agents.podSecurity.allowedUnsafeSysctls: "" +agents.podSecurity.apparmor: "" agents.podSecurity.apparmor.enabled: "" agents.podSecurity.apparmorProfiles: "" agents.podSecurity.capabilities: "" agents.podSecurity.defaultApparmor: "" +agents.podSecurity.podSecurityPolicy: "" agents.podSecurity.podSecurityPolicy.create: "" agents.podSecurity.privileged: "" agents.podSecurity.seLinuxContext: "" +agents.podSecurity.seLinuxContext.rule: "" +agents.podSecurity.seLinuxContext.seLinuxOptions: "" +agents.podSecurity.seLinuxContext.seLinuxOptions.level: "" +agents.podSecurity.seLinuxContext.seLinuxOptions.role: "" +agents.podSecurity.seLinuxContext.seLinuxOptions.type: "" +agents.podSecurity.seLinuxContext.seLinuxOptions.user: "" agents.podSecurity.seccompProfiles: "" +agents.podSecurity.securityContextConstraints: "" agents.podSecurity.securityContextConstraints.create: "" agents.podSecurity.volumes: "" agents.priorityClassCreate: "" agents.priorityClassName: spec.override.nodeAgent.priorityClassName agents.priorityClassValue: "" agents.priorityPreemptionPolicyValue: "" +agents.rbac: "" agents.rbac.automountServiceAccountToken: "" agents.rbac.create: spec.override.nodeAgent.createRbac agents.rbac.serviceAccountAnnotations: "" @@ -90,6 +144,9 @@ agents.revisionHistoryLimit: "" agents.shareProcessNamespace: "" agents.tolerations: spec.override.nodeAgent.tolerations agents.updateStrategy: "" +agents.updateStrategy.rollingUpdate: "" +agents.updateStrategy.rollingUpdate.maxUnavailable: "" +agents.updateStrategy.type: "" agents.useConfigMap: "" agents.useHostNetwork: spec.override.nodeAgent.hostNetwork agents.volumeMounts: @@ -99,20 +156,41 @@ agents.volumeMounts: - spec.override.nodeAgent.containers.system-probe.volumeMounts - spec.override.nodeAgent.containers.security-agent.volumeMounts agents.volumes: spec.override.nodeAgent.volumes +clusterAgent: "" clusterAgent.additionalLabels: spec.override.clusterAgent.labels +clusterAgent.admissionController: "" +clusterAgent.admissionController.agentSidecarInjection: "" +clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled: "" +clusterAgent.admissionController.agentSidecarInjection.containerRegistry: "" +clusterAgent.admissionController.agentSidecarInjection.enabled: "" +clusterAgent.admissionController.agentSidecarInjection.imageName: "" +clusterAgent.admissionController.agentSidecarInjection.imageTag: "" +clusterAgent.admissionController.agentSidecarInjection.profiles: "" +clusterAgent.admissionController.agentSidecarInjection.provider: "" +clusterAgent.admissionController.agentSidecarInjection.selectors: "" clusterAgent.admissionController.configMode: spec.features.admissionController.agentCommunicationMode +clusterAgent.admissionController.containerRegistry: "" clusterAgent.admissionController.enabled: spec.features.admissionController.enabled clusterAgent.admissionController.failurePolicy: spec.features.admissionController.failurePolicy clusterAgent.admissionController.mutateUnlabelled: spec.features.admissionController.mutateUnlabelled clusterAgent.admissionController.port: "" +clusterAgent.admissionController.remoteInstrumentation: "" clusterAgent.admissionController.remoteInstrumentation.enabled: "" clusterAgent.admissionController.webhookName: spec.features.admissionController.webhookName clusterAgent.advancedConfd: "" clusterAgent.affinity: spec.override.clusterAgent.affinity clusterAgent.command: spec.override.clusterAgent.containers.cluster-agent.command clusterAgent.confd: spec.override.clusterAgent.extraConfd +clusterAgent.containerExclude: "" +clusterAgent.containerInclude: "" +clusterAgent.containers: "" +clusterAgent.containers.clusterAgent: "" clusterAgent.containers.clusterAgent.securityContext: "" +clusterAgent.containers.clusterAgent.securityContext.allowPrivilegeEscalation: "" +clusterAgent.containers.clusterAgent.securityContext.readOnlyRootFilesystem: "" clusterAgent.containers.initContainer.securityContext: spec.override.clusterAgent.containers.init-config.securityContext +clusterAgent.containers.initContainers: "" +clusterAgent.containers.initContainers.securityContext: "" clusterAgent.createPodDisruptionBudget: "" clusterAgent.datadog_cluster_yaml: spec.override.clusterAgent.customConfigurations.datadog-cluster.yaml.configData clusterAgent.deploymentAnnotations: "" @@ -122,6 +200,7 @@ clusterAgent.env: spec.override.clusterAgent.env clusterAgent.envDict: "" clusterAgent.envFrom: "" clusterAgent.healthPort: spec.override.clusterAgent.containers.cluster-agent.healthPort +clusterAgent.image: "" clusterAgent.image.digest: "" clusterAgent.image.doNotCheckTag: "" clusterAgent.image.name: spec.override.clusterAgent.image.name @@ -130,32 +209,60 @@ clusterAgent.image.pullSecrets: spec.override.clusterAgent.image.pullSecrets clusterAgent.image.repository: "" clusterAgent.image.tag: spec.override.clusterAgent.image.tag clusterAgent.livenessProbe: spec.override.clusterAgent.containers.cluster-agent.livenessProbe +clusterAgent.livenessProbe.failureThreshold: "" +clusterAgent.livenessProbe.initialDelaySeconds: "" +clusterAgent.livenessProbe.periodSeconds: "" +clusterAgent.livenessProbe.successThreshold: "" +clusterAgent.livenessProbe.timeoutSeconds: "" +clusterAgent.metricsProvider: "" clusterAgent.metricsProvider.aggregator: "" clusterAgent.metricsProvider.createReaderRbac: "" clusterAgent.metricsProvider.enabled: spec.features.externalMetricsServer.enabled clusterAgent.metricsProvider.endpoint: spec.features.externalMetricsServer.endpoint clusterAgent.metricsProvider.registerAPIService: spec.features.externalMetricsServer.registerAPIService +clusterAgent.metricsProvider.service: "" clusterAgent.metricsProvider.service.port: spec.features.externalMetricsServer.port clusterAgent.metricsProvider.service.type: "" clusterAgent.metricsProvider.useDatadogMetrics: spec.features.externalMetricsServer.useDatadogMetrics clusterAgent.metricsProvider.wpaController: spec.features.externalMetricsServer.wpaController +clusterAgent.networkPolicy: "" +clusterAgent.networkPolicy.create: "" clusterAgent.nodeSelector: spec.override.clusterAgent.nodeSelector clusterAgent.podAnnotations: spec.override.clusterAgent.annotations +clusterAgent.podSecurity: "" +clusterAgent.podSecurity.podSecurityPolicy: "" clusterAgent.podSecurity.podSecurityPolicy.create: "" +clusterAgent.podSecurity.securityContextConstraints: "" clusterAgent.podSecurity.securityContextConstraints.create: "" clusterAgent.priorityClassName: spec.override.clusterAgent.priorityClassName +clusterAgent.rbac: "" clusterAgent.rbac.automountServiceAccountToken: "" clusterAgent.rbac.create: spec.override.clusterAgent.createRbac clusterAgent.rbac.flareAdditionalPermissions: "" clusterAgent.rbac.serviceAccountAnnotations: "" clusterAgent.rbac.serviceAccountName: spec.override.clusterAgent.serviceAccountName clusterAgent.readinessProbe: spec.override.clusterAgent.containers.cluster-agent.readinessProbe +clusterAgent.readinessProbe.failureThreshold: "" +clusterAgent.readinessProbe.initialDelaySeconds: "" +clusterAgent.readinessProbe.periodSeconds: "" +clusterAgent.readinessProbe.successThreshold: "" +clusterAgent.readinessProbe.timeoutSeconds: "" clusterAgent.replicas: spec.override.clusterAgent.replicas clusterAgent.resources: spec.override.clusterAgent.containers.cluster-agent.resources clusterAgent.revisionHistoryLimit: "" clusterAgent.securityContext: "" clusterAgent.shareProcessNamespace: "" +clusterAgent.startupProbe: "" +clusterAgent.startupProbe.failureThreshold: "" +clusterAgent.startupProbe.initialDelaySeconds: "" +clusterAgent.startupProbe.periodSeconds: "" +clusterAgent.startupProbe.successThreshold: "" +clusterAgent.startupProbe.timeoutSeconds: "" clusterAgent.strategy: "" +clusterAgent.strategy.rollingUpdate: "" +clusterAgent.strategy.rollingUpdate.maxSurge: "" +clusterAgent.strategy.rollingUpdate.maxUnavailable: "" +clusterAgent.strategy.type: "" clusterAgent.token: spec.global.clusterAgentToken clusterAgent.tokenExistingSecret: spec.global.clusterAgentTokenSecret clusterAgent.tolerations: spec.override.clusterAgent.tolerations @@ -163,6 +270,7 @@ clusterAgent.topologySpreadConstraints: "" clusterAgent.useHostNetwork: "" clusterAgent.volumeMounts: spec.override.clusterAgent.containers.cluster-agent.volumeMounts clusterAgent.volumes: spec.override.clusterAgent.volumes +clusterChecksRunner: "" clusterChecksRunner.additionalLabels: spec.override.clusterChecksRunner.labels clusterChecksRunner.affinity: spec.override.clusterChecksRunner.affinity clusterChecksRunner.createPodDisruptionBudget: "" @@ -173,6 +281,7 @@ clusterChecksRunner.env: spec.override.clusterChecksRunner.env clusterChecksRunner.envDict: "" clusterChecksRunner.envFrom: "" clusterChecksRunner.healthPort: spec.override.clusterChecksRunner.containers.agent.healthPort +clusterChecksRunner.image: "" clusterChecksRunner.image.digest: "" clusterChecksRunner.image.name: spec.override.clusterChecksRunner.image.name clusterChecksRunner.image.pullPolicy: spec.override.clusterChecksRunner.image.pullPolicy @@ -181,56 +290,107 @@ clusterChecksRunner.image.repository: "" clusterChecksRunner.image.tag: spec.override.clusterChecksRunner.image.tag clusterChecksRunner.image.tagSuffix: "" clusterChecksRunner.livenessProbe: spec.override.clusterChecksRunner.containers.agent.livenessProbe +clusterChecksRunner.livenessProbe.failureThreshold: "" +clusterChecksRunner.livenessProbe.initialDelaySeconds: "" +clusterChecksRunner.livenessProbe.periodSeconds: "" +clusterChecksRunner.livenessProbe.successThreshold: "" +clusterChecksRunner.livenessProbe.timeoutSeconds: "" +clusterChecksRunner.networkPolicy: "" +clusterChecksRunner.networkPolicy.create: "" clusterChecksRunner.nodeSelector: spec.override.clusterChecksRunner.nodeSelector clusterChecksRunner.podAnnotations: spec.override.clusterChecksRunner.annotations clusterChecksRunner.ports: "" clusterChecksRunner.priorityClassName: spec.override.clusterChecksRunner.priorityClassName +clusterChecksRunner.rbac: "" clusterChecksRunner.rbac.automountServiceAccountToken: "" clusterChecksRunner.rbac.create: spec.override.clusterChecksRunner.createRbac clusterChecksRunner.rbac.dedicated: "" clusterChecksRunner.rbac.serviceAccountAnnotations: "" clusterChecksRunner.rbac.serviceAccountName: spec.override.clusterChecksRunner.serviceAccountName clusterChecksRunner.readinessProbe: spec.override.clusterChecksRunner.containers.agent.readinessProbe +clusterChecksRunner.readinessProbe.failureThreshold: "" +clusterChecksRunner.readinessProbe.initialDelaySeconds: "" +clusterChecksRunner.readinessProbe.periodSeconds: "" +clusterChecksRunner.readinessProbe.successThreshold: "" +clusterChecksRunner.readinessProbe.timeoutSeconds: "" clusterChecksRunner.replicas: spec.override.clusterChecksRunner.replicas clusterChecksRunner.resources: spec.override.clusterChecksRunner.containers.agent.resources clusterChecksRunner.revisionHistoryLimit: "" clusterChecksRunner.securityContext: spec.override.clusterChecksRunner.securityContext +clusterChecksRunner.startupProbe: "" +clusterChecksRunner.startupProbe.failureThreshold: "" +clusterChecksRunner.startupProbe.initialDelaySeconds: "" +clusterChecksRunner.startupProbe.periodSeconds: "" +clusterChecksRunner.startupProbe.successThreshold: "" +clusterChecksRunner.startupProbe.timeoutSeconds: "" clusterChecksRunner.strategy: "" +clusterChecksRunner.strategy.rollingUpdate: "" +clusterChecksRunner.strategy.rollingUpdate.maxSurge: "" +clusterChecksRunner.strategy.rollingUpdate.maxUnavailable: "" +clusterChecksRunner.strategy.type: "" clusterChecksRunner.tolerations: spec.override.clusterChecksRunner.tolerations clusterChecksRunner.topologySpreadConstraints: "" clusterChecksRunner.volumeMounts: spec.override.clusterChecksRunner.containers.agent.volumeMounts clusterChecksRunner.volumes: spec.override.clusterChecksRunner.volumes commonLabels: "" +datadog: "" +datadog-crds: "" +datadog-crds.crds: "" datadog-crds.crds.datadogMetrics: "" +datadog-crds.crds.datadogPodAutoscalers: "" datadog.apiKey: spec.global.credentials.apiKey datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret +datadog.apm: "" +datadog.apm.enabled: "" datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path +datadog.apm.instrumentation: "" +datadog.apm.instrumentation.disabledNamespaces: "" +datadog.apm.instrumentation.enabled: "" +datadog.apm.instrumentation.enabledNamespaces: "" +datadog.apm.instrumentation.language_detection: "" +datadog.apm.instrumentation.language_detection.enabled: "" +datadog.apm.instrumentation.libVersions: "" +datadog.apm.instrumentation.skipKPITelemetry: "" datadog.apm.port: spec.features.apm.hostPortConfig.hostPort datadog.apm.portEnabled: spec.features.apm.hostPortConfig.enabled datadog.apm.socketEnabled: spec.features.apm.enabled datadog.apm.socketPath: "" +datadog.apm.useSocketVolume: "" datadog.appKey: spec.global.credentials.appKey datadog.appKeyExistingSecret: spec.global.credentials.appSecret +datadog.asm: "" +datadog.asm.iast: "" +datadog.asm.iast.enabled: "" +datadog.asm.sca: "" +datadog.asm.sca.enabled: "" +datadog.asm.threats: "" +datadog.asm.threats.enabled: "" datadog.checksCardinality: "" datadog.checksd: spec.override.nodeAgent.extraChecksd +datadog.clusterChecks: "" datadog.clusterChecks.enabled: spec.features.clusterChecks.enabled datadog.clusterChecks.shareProcessNamespace: "" datadog.clusterName: spec.global.clusterName +datadog.clusterTagger: "" datadog.clusterTagger.collectKubernetesTags: "" datadog.collectEvents: spec.features.eventCollection.collectKubernetesEvents datadog.confd: spec.override.nodeAgent.extraConfd datadog.containerExclude: "" datadog.containerExcludeLogs: "" datadog.containerExcludeMetrics: "" +datadog.containerImageCollection: "" datadog.containerImageCollection.enabled: "" datadog.containerInclude: "" datadog.containerIncludeLogs: "" datadog.containerIncludeMetrics: "" +datadog.containerLifecycle: "" datadog.containerLifecycle.enabled: "" +datadog.containerRuntimeSupport: "" datadog.containerRuntimeSupport.enabled: "" datadog.criSocketPath: spec.global.criSocketPath datadog.dd_url: spec.endpoint.url datadog.dockerSocketPath: spec.global.dockerSocketPath +datadog.dogstatsd: "" datadog.dogstatsd.hostSocketPath: "" datadog.dogstatsd.nonLocalTraffic: "" datadog.dogstatsd.originDetection: spec.features.dogstatsd.originDetectionEnabled @@ -238,6 +398,7 @@ datadog.dogstatsd.port: "" datadog.dogstatsd.socketPath: spec.features.dogstatsd.unixDomainSocketConfig.path datadog.dogstatsd.tagCardinality: spec.features.dogstatsd.tagCardinality datadog.dogstatsd.tags: "" +datadog.dogstatsd.useHostPID: "" datadog.dogstatsd.useHostPort: spec.features.dogstatsd.hostPortConfig.enabled datadog.dogstatsd.useSocketVolume: spec.features.dogstatsd.unixDomainSocketConfig.enabled datadog.env: spec.override.nodeAgent.env @@ -245,11 +406,13 @@ datadog.envDict: "" datadog.envFrom: "" datadog.excludePauseContainer: "" datadog.expvarPort: "" +datadog.helmCheck: "" datadog.helmCheck.collectEvents: "" datadog.helmCheck.enabled: "" datadog.helmCheck.valuesAsTags: "" datadog.hostVolumeMountPropagation: "" datadog.ignoreAutoConfig: "" +datadog.kubeStateMetricsCore: "" datadog.kubeStateMetricsCore.annotationsAsTags: "" datadog.kubeStateMetricsCore.collectApiServicesMetrics: "" datadog.kubeStateMetricsCore.collectConfigMaps: "" @@ -259,18 +422,26 @@ datadog.kubeStateMetricsCore.collectVpaMetrics: "" datadog.kubeStateMetricsCore.enabled: spec.features.kubeStateMetricsCore.enabled datadog.kubeStateMetricsCore.ignoreLegacyKSMCheck: "" datadog.kubeStateMetricsCore.labelsAsTags: "" +datadog.kubeStateMetricsCore.rbac: "" datadog.kubeStateMetricsCore.rbac.create: "" datadog.kubeStateMetricsCore.useClusterCheckRunners: "" datadog.kubeStateMetricsEnabled: "" +datadog.kubeStateMetricsNetworkPolicy: "" datadog.kubeStateMetricsNetworkPolicy.create: "" +datadog.kubelet: "" datadog.kubelet.agentCAPath: spec.global.kubelet.agentCAPath datadog.kubelet.coreCheckEnabled: "" datadog.kubelet.host: spec.global.kubelet.host +datadog.kubelet.host.valueFrom: "" +datadog.kubelet.host.valueFrom.fieldRef: "" +datadog.kubelet.host.valueFrom.fieldRef.fieldPath: "" datadog.kubelet.hostCAPath: spec.global.kubelet.hostCAPath datadog.kubelet.podLogsPath: "" datadog.kubelet.tlsVerify: spec.global.kubelet.tlsVerify +datadog.kubernetesEvents: "" datadog.kubernetesEvents.collectedEventTypes: "" datadog.kubernetesEvents.filteringEnabled: "" +datadog.kubernetesEvents.sourceDetectionEnabled: "" datadog.kubernetesEvents.unbundleEvents: "" datadog.kubernetesResourcesAnnotationsAsTags: spec.global.kubernetesResourcesAnnotationsAsTags datadog.kubernetesResourcesLabelsAsTags: spec.global.kubernetesResourcesLabelsAsTags @@ -278,66 +449,116 @@ datadog.leaderElection: "" datadog.leaderElectionResource: "" datadog.leaderLeaseDuration: "" datadog.logLevel: spec.global.logLevel +datadog.logs: "" datadog.logs.autoMultiLineDetection: "" datadog.logs.containerCollectAll: spec.features.logCollection.containerCollectAll datadog.logs.containerCollectUsingFiles: spec.features.logCollection.containerCollectUsingFiles datadog.logs.enabled: spec.features.logCollection.enabled datadog.namespaceAnnotationsAsTags: spec.global.namespaceAnnotationsAsTags datadog.namespaceLabelsAsTags: spec.global.namespaceLabelsAsTags +datadog.networkMonitoring: "" datadog.networkMonitoring.enabled: spec.features.npm.enabled +datadog.networkPolicy: "" +datadog.networkPolicy.cilium: "" datadog.networkPolicy.cilium.dnsSelector: spec.global.networkPolicy.dnsSelectorEndpoints +datadog.networkPolicy.cilium.dnsSelector.toEndpoints: "" datadog.networkPolicy.create: spec.global.networkPolicy.create datadog.networkPolicy.flavor: spec.global.networkPolicy.flavor datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags +datadog.orchestratorExplorer: "" +datadog.orchestratorExplorer.container_scrubbing: "" datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled +datadog.originDetectionUnified: "" datadog.originDetectionUnified.enabled: spec.global.originDetectionUnified.enabled datadog.osReleasePath: "" +datadog.otelCollector: "" +datadog.otelCollector.config: "" +datadog.otelCollector.enabled: "" +datadog.otelCollector.ports: "" +datadog.otlp: "" +datadog.otlp.logs: "" +datadog.otlp.logs.enabled: "" +datadog.otlp.receiver: "" +datadog.otlp.receiver.protocols: "" +datadog.otlp.receiver.protocols.grpc: "" datadog.otlp.receiver.protocols.grpc.enabled: spec.features.otlp.receiver.protocols.grpc.enabled datadog.otlp.receiver.protocols.grpc.endpoint: spec.features.otlp.receiver.protocols.grpc.endpoint datadog.otlp.receiver.protocols.grpc.useHostPort: "" +datadog.otlp.receiver.protocols.http: "" datadog.otlp.receiver.protocols.http.enabled: spec.features.otlp.receiver.protocols.http.enabled datadog.otlp.receiver.protocols.http.endpoint: spec.features.otlp.receiver.protocols.http.endpoint datadog.otlp.receiver.protocols.http.useHostPort: "" datadog.podAnnotationsAsTags: spec.global.podAnnotationsAsTags datadog.podLabelsAsTags: spec.global.podLabelsAsTags +datadog.processAgent: "" +datadog.processAgent.containerCollection: "" datadog.processAgent.enabled: "" datadog.processAgent.processCollection: "" datadog.processAgent.processDiscovery: spec.features.processDiscovery.enabled +datadog.processAgent.runInCoreAgent: "" datadog.processAgent.stripProcessArguments: spec.features.liveProcessCollection.stripProcessArguments +datadog.profiling: "" +datadog.profiling.enabled: "" +datadog.prometheusScrape: "" datadog.prometheusScrape.additionalConfigs: spec.features.prometheusScrape.additionalConfigs datadog.prometheusScrape.enabled: spec.features.prometheusScrape.enabled datadog.prometheusScrape.serviceEndpoints: spec.features.prometheusScrape.enableServiceEndpoints datadog.prometheusScrape.version: spec.features.prometheusScrape.version +datadog.remoteConfiguration: "" datadog.remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled +datadog.sbom: "" +datadog.sbom.containerImage: "" datadog.sbom.containerImage.enabled: spec.features.sbom.containerImage.enabled +datadog.sbom.containerImage.uncompressedLayersSupport: "" +datadog.sbom.host: "" datadog.sbom.host.enabled: spec.features.sbom.host.enabled datadog.secretAnnotations: "" +datadog.secretBackend: "" datadog.secretBackend.arguments: "" datadog.secretBackend.command: "" datadog.secretBackend.enableGlobalPermissions: "" datadog.secretBackend.roles: "" datadog.secretBackend.timeout: "" +datadog.securityAgent: "" +datadog.securityAgent.compliance: "" datadog.securityAgent.compliance.checkInterval: "" datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled +datadog.securityAgent.compliance.host_benchmarks: "" datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks.enabled +datadog.securityAgent.compliance.xccdf: "" +datadog.securityAgent.compliance.xccdf.enabled: "" +datadog.securityAgent.runtime: "" +datadog.securityAgent.runtime.activityDump: "" datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout: "" datadog.securityAgent.runtime.activityDump.cgroupWaitListSize: "" datadog.securityAgent.runtime.activityDump.enabled: "" +datadog.securityAgent.runtime.activityDump.pathMerge: "" datadog.securityAgent.runtime.activityDump.pathMerge.enabled: "" datadog.securityAgent.runtime.activityDump.tracedCgroupsCount: "" datadog.securityAgent.runtime.enabled: spec.features.cws.enabled datadog.securityAgent.runtime.fimEnabled: "" +datadog.securityAgent.runtime.network: "" datadog.securityAgent.runtime.network.enabled: spec.features.cws.network.enabled +datadog.securityAgent.runtime.policies: "" datadog.securityAgent.runtime.policies.configMap: spec.features.cws.customPolicies.configMap +datadog.securityAgent.runtime.securityProfile: "" +datadog.securityAgent.runtime.securityProfile.anomalyDetection: "" +datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled: "" +datadog.securityAgent.runtime.securityProfile.autoSuppression: "" +datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled: "" datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled +datadog.securityAgent.runtime.syscallMonitor: "" datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled +datadog.securityAgent.runtime.useSecruntimeTrack: "" datadog.securityContext: spec.global.securityContext datadog.securityContext.runAsUser: "" +datadog.serviceMonitoring: "" datadog.serviceMonitoring.enabled: spec.features.usm.enabled datadog.site: spec.global.site +datadog.systemProbe: "" datadog.systemProbe.apparmor: spec.override.nodeAgent.containers.system-probe.appArmorProfileName datadog.systemProbe.bpfDebug: "" datadog.systemProbe.btfPath: "" @@ -357,12 +578,15 @@ datadog.systemProbe.seccomp: "" datadog.systemProbe.seccompRoot: spec.override.nodeAgent.containers.system-probe.seccompConfig.customRootPath datadog.tags: spec.global.tags datadog.useHostPID: spec.override.nodeAgent.hostPID +existingClusterAgent: "" existingClusterAgent.clusterchecksEnabled: "" existingClusterAgent.join: "" existingClusterAgent.serviceName: "" existingClusterAgent.tokenSecretName: "" +fips: "" fips.customFipsConfig: "" fips.enabled: "" +fips.image: "" fips.image.digest: "" fips.image.name: "" fips.image.pullPolicy: "" @@ -374,11 +598,28 @@ fips.portRange: "" fips.resources: "" fips.use_https: "" fullnameOverride: "" +kube-state-metrics: "" +kube-state-metrics.image: "" +kube-state-metrics.image.repository: "" +kube-state-metrics.nodeSelector: "" +kube-state-metrics.nodeSelector.kubernetes.io/os: "" +kube-state-metrics.rbac: "" +kube-state-metrics.rbac.create: "" +kube-state-metrics.resources: "" +kube-state-metrics.serviceAccount: "" +kube-state-metrics.serviceAccount.create: "" +kube-state-metrics.serviceAccount.name: "" nameOverride: "" +providers: "" +providers.aks: "" providers.aks.enabled: "" +providers.eks: "" +providers.eks.ec2: "" providers.eks.ec2.useHostnameFromFile: "" +providers.gke: "" providers.gke.autopilot: "" providers.gke.cos: "" registry: spec.global.registry +remoteConfiguration: "" remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled targetSystem: "" From 37777ae20e2206ee504d82f92f51f133f75d9a85 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Wed, 23 Oct 2024 18:05:56 -0400 Subject: [PATCH 06/10] remove invalid parent keys from mapping --- tools/yaml-mapper/main.go | 4 +- ...ping_datadog_helm_to_datadogagent_crd.yaml | 142 +----------------- 2 files changed, 10 insertions(+), 136 deletions(-) diff --git a/tools/yaml-mapper/main.go b/tools/yaml-mapper/main.go index b654493c4..36b5185d0 100644 --- a/tools/yaml-mapper/main.go +++ b/tools/yaml-mapper/main.go @@ -284,11 +284,11 @@ func downloadYaml(url string, name string) string { func parseValues(sourceValues chartutil.Values, valuesMap map[string]interface{}, prefix string) map[string]interface{} { for key, value := range sourceValues { currentKey := prefix + key - valuesMap[currentKey] = "" - // If the value is a map, recursive call to get nested keys. if nestedMap, ok := value.(map[string]interface{}); ok { parseValues(nestedMap, valuesMap, currentKey+".") + } else { + valuesMap[currentKey] = "" } } return valuesMap diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index e891ee4d7..1b63f321d 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -1,10 +1,7 @@ # This file maps keys from the Datadog Helm chart (YAML) to the DatadogAgent CustomResource spec (YAML). -agents: "" agents.additionalLabels: spec.override.nodeAgent.labels agents.affinity: spec.override.nodeAgent.affinity -agents.containers: "" -agents.containers.agent: "" agents.containers.agent.env: spec.override.nodeAgent.containers.agent.env agents.containers.agent.envDict: "" agents.containers.agent.envFrom: "" @@ -25,13 +22,11 @@ agents.containers.agent.readinessProbe.successThreshold: "" agents.containers.agent.readinessProbe.timeoutSeconds: "" agents.containers.agent.resources: spec.override.nodeAgent.containers.agent.resources agents.containers.agent.securityContext: spec.override.nodeAgent.containers.agent.securityContext -agents.containers.agent.startupProbe: "" agents.containers.agent.startupProbe.failureThreshold: "" agents.containers.agent.startupProbe.initialDelaySeconds: "" agents.containers.agent.startupProbe.periodSeconds: "" agents.containers.agent.startupProbe.successThreshold: "" agents.containers.agent.startupProbe.timeoutSeconds: "" -agents.containers.initContainers: "" agents.containers.initContainers.resources: - spec.override.nodeAgent.containers.init-config.resources - spec.override.nodeAgent.containers.init-volume.resources @@ -44,14 +39,9 @@ agents.containers.initContainers.volumeMounts: - spec.override.nodeAgent.containers.init-config.volumeMounts - spec.override.nodeAgent.containers.init-volume.volumeMounts - spec.override.clusterChecksRunner.containers.init-config.volumeMounts -agents.containers.otelAgent: "" agents.containers.otelAgent.env: "" -agents.containers.otelAgent.envDict: "" agents.containers.otelAgent.envFrom: "" agents.containers.otelAgent.ports: "" -agents.containers.otelAgent.resources: "" -agents.containers.otelAgent.securityContext: "" -agents.containers.processAgent: "" agents.containers.processAgent.env: spec.override.nodeAgent.containers.process-agent.env agents.containers.processAgent.envDict: "" agents.containers.processAgent.envFrom: "" @@ -59,14 +49,12 @@ agents.containers.processAgent.logLevel: spec.override.nodeAgent.containers.proc agents.containers.processAgent.ports: "" agents.containers.processAgent.resources: spec.override.nodeAgent.containers.process-agent.resources agents.containers.processAgent.securityContext: spec.override.nodeAgent.containers.process-agent.securityContext -agents.containers.securityAgent: "" agents.containers.securityAgent.env: spec.override.nodeAgent.containers.security-agent.env agents.containers.securityAgent.envDict: "" agents.containers.securityAgent.envFrom: "" agents.containers.securityAgent.logLevel: spec.override.nodeAgent.containers.security-agent.logLevel agents.containers.securityAgent.ports: "" agents.containers.securityAgent.resources: spec.override.nodeAgent.containers.security-agent.resources -agents.containers.systemProbe: "" agents.containers.systemProbe.env: spec.override.nodeAgent.containers.system-probe.env agents.containers.systemProbe.envDict: "" agents.containers.systemProbe.envFrom: "" @@ -74,10 +62,8 @@ agents.containers.systemProbe.logLevel: spec.override.nodeAgent.containers.syste agents.containers.systemProbe.ports: "" agents.containers.systemProbe.resources: spec.override.nodeAgent.containers.system-probe.resources agents.containers.systemProbe.securityContext: spec.override.nodeAgent.containers.system-probe.securityContext -agents.containers.systemProbe.securityContext.capabilities: "" agents.containers.systemProbe.securityContext.capabilities.add: "" agents.containers.systemProbe.securityContext.privileged: "" -agents.containers.traceAgent: "" agents.containers.traceAgent.env: spec.override.nodeAgent.containers.trace-agent.env agents.containers.traceAgent.envDict: "" agents.containers.traceAgent.envFrom: "" @@ -93,7 +79,6 @@ agents.customAgentConfig: spec.override.nodeAgent.customConfigurations.datadog.y agents.daemonsetAnnotations: "" agents.dnsConfig: "" agents.enabled: "" -agents.image: "" agents.image.digest: "" agents.image.doNotCheckTag: "" agents.image.name: spec.override.nodeAgent.image.name @@ -102,40 +87,32 @@ agents.image.pullSecrets: spec.override.nodeAgent.image.pullSecrets agents.image.repository: "" agents.image.tag: spec.override.nodeAgent.image.tag agents.image.tagSuffix: "" -agents.localService: "" agents.localService.forceLocalServiceEnabled: spec.global.localService.forceEnableLocalService agents.localService.overrideName: spec.global.localService.nameOverride -agents.networkPolicy: "" agents.networkPolicy.create: "" agents.nodeSelector: spec.override.nodeAgent.nodeSelector agents.podAnnotations: spec.override.nodeAgent.annotations agents.podLabels: "" -agents.podSecurity: "" agents.podSecurity.allowedUnsafeSysctls: "" -agents.podSecurity.apparmor: "" agents.podSecurity.apparmor.enabled: "" agents.podSecurity.apparmorProfiles: "" agents.podSecurity.capabilities: "" agents.podSecurity.defaultApparmor: "" -agents.podSecurity.podSecurityPolicy: "" agents.podSecurity.podSecurityPolicy.create: "" agents.podSecurity.privileged: "" agents.podSecurity.seLinuxContext: "" agents.podSecurity.seLinuxContext.rule: "" -agents.podSecurity.seLinuxContext.seLinuxOptions: "" agents.podSecurity.seLinuxContext.seLinuxOptions.level: "" agents.podSecurity.seLinuxContext.seLinuxOptions.role: "" agents.podSecurity.seLinuxContext.seLinuxOptions.type: "" agents.podSecurity.seLinuxContext.seLinuxOptions.user: "" agents.podSecurity.seccompProfiles: "" -agents.podSecurity.securityContextConstraints: "" agents.podSecurity.securityContextConstraints.create: "" agents.podSecurity.volumes: "" agents.priorityClassCreate: "" agents.priorityClassName: spec.override.nodeAgent.priorityClassName agents.priorityClassValue: "" agents.priorityPreemptionPolicyValue: "" -agents.rbac: "" agents.rbac.automountServiceAccountToken: "" agents.rbac.create: spec.override.nodeAgent.createRbac agents.rbac.serviceAccountAnnotations: "" @@ -144,7 +121,6 @@ agents.revisionHistoryLimit: "" agents.shareProcessNamespace: "" agents.tolerations: spec.override.nodeAgent.tolerations agents.updateStrategy: "" -agents.updateStrategy.rollingUpdate: "" agents.updateStrategy.rollingUpdate.maxUnavailable: "" agents.updateStrategy.type: "" agents.useConfigMap: "" @@ -156,10 +132,7 @@ agents.volumeMounts: - spec.override.nodeAgent.containers.system-probe.volumeMounts - spec.override.nodeAgent.containers.security-agent.volumeMounts agents.volumes: spec.override.nodeAgent.volumes -clusterAgent: "" clusterAgent.additionalLabels: spec.override.clusterAgent.labels -clusterAgent.admissionController: "" -clusterAgent.admissionController.agentSidecarInjection: "" clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled: "" clusterAgent.admissionController.agentSidecarInjection.containerRegistry: "" clusterAgent.admissionController.agentSidecarInjection.enabled: "" @@ -174,7 +147,6 @@ clusterAgent.admissionController.enabled: spec.features.admissionController.enab clusterAgent.admissionController.failurePolicy: spec.features.admissionController.failurePolicy clusterAgent.admissionController.mutateUnlabelled: spec.features.admissionController.mutateUnlabelled clusterAgent.admissionController.port: "" -clusterAgent.admissionController.remoteInstrumentation: "" clusterAgent.admissionController.remoteInstrumentation.enabled: "" clusterAgent.admissionController.webhookName: spec.features.admissionController.webhookName clusterAgent.advancedConfd: "" @@ -183,14 +155,10 @@ clusterAgent.command: spec.override.clusterAgent.containers.cluster-agent.comman clusterAgent.confd: spec.override.clusterAgent.extraConfd clusterAgent.containerExclude: "" clusterAgent.containerInclude: "" -clusterAgent.containers: "" -clusterAgent.containers.clusterAgent: "" clusterAgent.containers.clusterAgent.securityContext: "" clusterAgent.containers.clusterAgent.securityContext.allowPrivilegeEscalation: "" clusterAgent.containers.clusterAgent.securityContext.readOnlyRootFilesystem: "" clusterAgent.containers.initContainer.securityContext: spec.override.clusterAgent.containers.init-config.securityContext -clusterAgent.containers.initContainers: "" -clusterAgent.containers.initContainers.securityContext: "" clusterAgent.createPodDisruptionBudget: "" clusterAgent.datadog_cluster_yaml: spec.override.clusterAgent.customConfigurations.datadog-cluster.yaml.configData clusterAgent.deploymentAnnotations: "" @@ -200,42 +168,34 @@ clusterAgent.env: spec.override.clusterAgent.env clusterAgent.envDict: "" clusterAgent.envFrom: "" clusterAgent.healthPort: spec.override.clusterAgent.containers.cluster-agent.healthPort -clusterAgent.image: "" clusterAgent.image.digest: "" clusterAgent.image.doNotCheckTag: "" clusterAgent.image.name: spec.override.clusterAgent.image.name -clusterAgent.image.pullPolicy: spec.override.clusterAgent.image.pullPolicy -clusterAgent.image.pullSecrets: spec.override.clusterAgent.image.pullSecrets +clusterAgent.image.pullPolicy: spec.override.clusterAgent.pullPolicy +clusterAgent.image.pullSecrets: spec.override.clusterAgent.pullSecrets clusterAgent.image.repository: "" -clusterAgent.image.tag: spec.override.clusterAgent.image.tag +clusterAgent.image.tag: spec.override.clusterAgent.tag clusterAgent.livenessProbe: spec.override.clusterAgent.containers.cluster-agent.livenessProbe clusterAgent.livenessProbe.failureThreshold: "" clusterAgent.livenessProbe.initialDelaySeconds: "" clusterAgent.livenessProbe.periodSeconds: "" clusterAgent.livenessProbe.successThreshold: "" clusterAgent.livenessProbe.timeoutSeconds: "" -clusterAgent.metricsProvider: "" clusterAgent.metricsProvider.aggregator: "" clusterAgent.metricsProvider.createReaderRbac: "" clusterAgent.metricsProvider.enabled: spec.features.externalMetricsServer.enabled clusterAgent.metricsProvider.endpoint: spec.features.externalMetricsServer.endpoint clusterAgent.metricsProvider.registerAPIService: spec.features.externalMetricsServer.registerAPIService -clusterAgent.metricsProvider.service: "" clusterAgent.metricsProvider.service.port: spec.features.externalMetricsServer.port clusterAgent.metricsProvider.service.type: "" clusterAgent.metricsProvider.useDatadogMetrics: spec.features.externalMetricsServer.useDatadogMetrics clusterAgent.metricsProvider.wpaController: spec.features.externalMetricsServer.wpaController -clusterAgent.networkPolicy: "" clusterAgent.networkPolicy.create: "" clusterAgent.nodeSelector: spec.override.clusterAgent.nodeSelector clusterAgent.podAnnotations: spec.override.clusterAgent.annotations -clusterAgent.podSecurity: "" -clusterAgent.podSecurity.podSecurityPolicy: "" clusterAgent.podSecurity.podSecurityPolicy.create: "" -clusterAgent.podSecurity.securityContextConstraints: "" clusterAgent.podSecurity.securityContextConstraints.create: "" clusterAgent.priorityClassName: spec.override.clusterAgent.priorityClassName -clusterAgent.rbac: "" clusterAgent.rbac.automountServiceAccountToken: "" clusterAgent.rbac.create: spec.override.clusterAgent.createRbac clusterAgent.rbac.flareAdditionalPermissions: "" @@ -252,14 +212,12 @@ clusterAgent.resources: spec.override.clusterAgent.containers.cluster-agent.reso clusterAgent.revisionHistoryLimit: "" clusterAgent.securityContext: "" clusterAgent.shareProcessNamespace: "" -clusterAgent.startupProbe: "" clusterAgent.startupProbe.failureThreshold: "" clusterAgent.startupProbe.initialDelaySeconds: "" clusterAgent.startupProbe.periodSeconds: "" clusterAgent.startupProbe.successThreshold: "" clusterAgent.startupProbe.timeoutSeconds: "" clusterAgent.strategy: "" -clusterAgent.strategy.rollingUpdate: "" clusterAgent.strategy.rollingUpdate.maxSurge: "" clusterAgent.strategy.rollingUpdate.maxUnavailable: "" clusterAgent.strategy.type: "" @@ -270,18 +228,16 @@ clusterAgent.topologySpreadConstraints: "" clusterAgent.useHostNetwork: "" clusterAgent.volumeMounts: spec.override.clusterAgent.containers.cluster-agent.volumeMounts clusterAgent.volumes: spec.override.clusterAgent.volumes -clusterChecksRunner: "" clusterChecksRunner.additionalLabels: spec.override.clusterChecksRunner.labels clusterChecksRunner.affinity: spec.override.clusterChecksRunner.affinity clusterChecksRunner.createPodDisruptionBudget: "" clusterChecksRunner.deploymentAnnotations: "" clusterChecksRunner.dnsConfig: "" -clusterChecksRunner.enabled: spec.features.clusterChecks.useClusterChecksRunners +clusterChecksRunner.enabled: spec.features.clusterChecks.useClusterCheckRunners clusterChecksRunner.env: spec.override.clusterChecksRunner.env clusterChecksRunner.envDict: "" clusterChecksRunner.envFrom: "" clusterChecksRunner.healthPort: spec.override.clusterChecksRunner.containers.agent.healthPort -clusterChecksRunner.image: "" clusterChecksRunner.image.digest: "" clusterChecksRunner.image.name: spec.override.clusterChecksRunner.image.name clusterChecksRunner.image.pullPolicy: spec.override.clusterChecksRunner.image.pullPolicy @@ -295,13 +251,11 @@ clusterChecksRunner.livenessProbe.initialDelaySeconds: "" clusterChecksRunner.livenessProbe.periodSeconds: "" clusterChecksRunner.livenessProbe.successThreshold: "" clusterChecksRunner.livenessProbe.timeoutSeconds: "" -clusterChecksRunner.networkPolicy: "" clusterChecksRunner.networkPolicy.create: "" clusterChecksRunner.nodeSelector: spec.override.clusterChecksRunner.nodeSelector clusterChecksRunner.podAnnotations: spec.override.clusterChecksRunner.annotations clusterChecksRunner.ports: "" clusterChecksRunner.priorityClassName: spec.override.clusterChecksRunner.priorityClassName -clusterChecksRunner.rbac: "" clusterChecksRunner.rbac.automountServiceAccountToken: "" clusterChecksRunner.rbac.create: spec.override.clusterChecksRunner.createRbac clusterChecksRunner.rbac.dedicated: "" @@ -317,14 +271,12 @@ clusterChecksRunner.replicas: spec.override.clusterChecksRunner.replicas clusterChecksRunner.resources: spec.override.clusterChecksRunner.containers.agent.resources clusterChecksRunner.revisionHistoryLimit: "" clusterChecksRunner.securityContext: spec.override.clusterChecksRunner.securityContext -clusterChecksRunner.startupProbe: "" clusterChecksRunner.startupProbe.failureThreshold: "" clusterChecksRunner.startupProbe.initialDelaySeconds: "" clusterChecksRunner.startupProbe.periodSeconds: "" clusterChecksRunner.startupProbe.successThreshold: "" clusterChecksRunner.startupProbe.timeoutSeconds: "" clusterChecksRunner.strategy: "" -clusterChecksRunner.strategy.rollingUpdate: "" clusterChecksRunner.strategy.rollingUpdate.maxSurge: "" clusterChecksRunner.strategy.rollingUpdate.maxUnavailable: "" clusterChecksRunner.strategy.type: "" @@ -333,23 +285,16 @@ clusterChecksRunner.topologySpreadConstraints: "" clusterChecksRunner.volumeMounts: spec.override.clusterChecksRunner.containers.agent.volumeMounts clusterChecksRunner.volumes: spec.override.clusterChecksRunner.volumes commonLabels: "" -datadog: "" -datadog-crds: "" -datadog-crds.crds: "" datadog-crds.crds.datadogMetrics: "" datadog-crds.crds.datadogPodAutoscalers: "" datadog.apiKey: spec.global.credentials.apiKey datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret -datadog.apm: "" datadog.apm.enabled: "" datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path -datadog.apm.instrumentation: "" datadog.apm.instrumentation.disabledNamespaces: "" datadog.apm.instrumentation.enabled: "" datadog.apm.instrumentation.enabledNamespaces: "" -datadog.apm.instrumentation.language_detection: "" datadog.apm.instrumentation.language_detection.enabled: "" -datadog.apm.instrumentation.libVersions: "" datadog.apm.instrumentation.skipKPITelemetry: "" datadog.apm.port: spec.features.apm.hostPortConfig.hostPort datadog.apm.portEnabled: spec.features.apm.hostPortConfig.enabled @@ -358,39 +303,29 @@ datadog.apm.socketPath: "" datadog.apm.useSocketVolume: "" datadog.appKey: spec.global.credentials.appKey datadog.appKeyExistingSecret: spec.global.credentials.appSecret -datadog.asm: "" -datadog.asm.iast: "" datadog.asm.iast.enabled: "" -datadog.asm.sca: "" datadog.asm.sca.enabled: "" -datadog.asm.threats: "" datadog.asm.threats.enabled: "" datadog.checksCardinality: "" datadog.checksd: spec.override.nodeAgent.extraChecksd -datadog.clusterChecks: "" datadog.clusterChecks.enabled: spec.features.clusterChecks.enabled datadog.clusterChecks.shareProcessNamespace: "" datadog.clusterName: spec.global.clusterName -datadog.clusterTagger: "" datadog.clusterTagger.collectKubernetesTags: "" datadog.collectEvents: spec.features.eventCollection.collectKubernetesEvents datadog.confd: spec.override.nodeAgent.extraConfd datadog.containerExclude: "" datadog.containerExcludeLogs: "" datadog.containerExcludeMetrics: "" -datadog.containerImageCollection: "" datadog.containerImageCollection.enabled: "" datadog.containerInclude: "" datadog.containerIncludeLogs: "" datadog.containerIncludeMetrics: "" -datadog.containerLifecycle: "" datadog.containerLifecycle.enabled: "" -datadog.containerRuntimeSupport: "" datadog.containerRuntimeSupport.enabled: "" datadog.criSocketPath: spec.global.criSocketPath datadog.dd_url: spec.endpoint.url datadog.dockerSocketPath: spec.global.dockerSocketPath -datadog.dogstatsd: "" datadog.dogstatsd.hostSocketPath: "" datadog.dogstatsd.nonLocalTraffic: "" datadog.dogstatsd.originDetection: spec.features.dogstatsd.originDetectionEnabled @@ -406,13 +341,11 @@ datadog.envDict: "" datadog.envFrom: "" datadog.excludePauseContainer: "" datadog.expvarPort: "" -datadog.helmCheck: "" datadog.helmCheck.collectEvents: "" datadog.helmCheck.enabled: "" datadog.helmCheck.valuesAsTags: "" datadog.hostVolumeMountPropagation: "" datadog.ignoreAutoConfig: "" -datadog.kubeStateMetricsCore: "" datadog.kubeStateMetricsCore.annotationsAsTags: "" datadog.kubeStateMetricsCore.collectApiServicesMetrics: "" datadog.kubeStateMetricsCore.collectConfigMaps: "" @@ -422,23 +355,17 @@ datadog.kubeStateMetricsCore.collectVpaMetrics: "" datadog.kubeStateMetricsCore.enabled: spec.features.kubeStateMetricsCore.enabled datadog.kubeStateMetricsCore.ignoreLegacyKSMCheck: "" datadog.kubeStateMetricsCore.labelsAsTags: "" -datadog.kubeStateMetricsCore.rbac: "" datadog.kubeStateMetricsCore.rbac.create: "" datadog.kubeStateMetricsCore.useClusterCheckRunners: "" datadog.kubeStateMetricsEnabled: "" -datadog.kubeStateMetricsNetworkPolicy: "" datadog.kubeStateMetricsNetworkPolicy.create: "" -datadog.kubelet: "" datadog.kubelet.agentCAPath: spec.global.kubelet.agentCAPath datadog.kubelet.coreCheckEnabled: "" datadog.kubelet.host: spec.global.kubelet.host -datadog.kubelet.host.valueFrom: "" -datadog.kubelet.host.valueFrom.fieldRef: "" datadog.kubelet.host.valueFrom.fieldRef.fieldPath: "" datadog.kubelet.hostCAPath: spec.global.kubelet.hostCAPath datadog.kubelet.podLogsPath: "" datadog.kubelet.tlsVerify: spec.global.kubelet.tlsVerify -datadog.kubernetesEvents: "" datadog.kubernetesEvents.collectedEventTypes: "" datadog.kubernetesEvents.filteringEnabled: "" datadog.kubernetesEvents.sourceDetectionEnabled: "" @@ -449,116 +376,78 @@ datadog.leaderElection: "" datadog.leaderElectionResource: "" datadog.leaderLeaseDuration: "" datadog.logLevel: spec.global.logLevel -datadog.logs: "" datadog.logs.autoMultiLineDetection: "" datadog.logs.containerCollectAll: spec.features.logCollection.containerCollectAll datadog.logs.containerCollectUsingFiles: spec.features.logCollection.containerCollectUsingFiles datadog.logs.enabled: spec.features.logCollection.enabled datadog.namespaceAnnotationsAsTags: spec.global.namespaceAnnotationsAsTags datadog.namespaceLabelsAsTags: spec.global.namespaceLabelsAsTags -datadog.networkMonitoring: "" datadog.networkMonitoring.enabled: spec.features.npm.enabled -datadog.networkPolicy: "" -datadog.networkPolicy.cilium: "" datadog.networkPolicy.cilium.dnsSelector: spec.global.networkPolicy.dnsSelectorEndpoints datadog.networkPolicy.cilium.dnsSelector.toEndpoints: "" datadog.networkPolicy.create: spec.global.networkPolicy.create datadog.networkPolicy.flavor: spec.global.networkPolicy.flavor datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags -datadog.orchestratorExplorer: "" -datadog.orchestratorExplorer.container_scrubbing: "" datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled -datadog.originDetectionUnified: "" -datadog.originDetectionUnified.enabled: spec.global.originDetectionUnified.enabled +datadog.originDetectionUnified.enabled: spec.global.global.originDetectionUnified.enabled datadog.osReleasePath: "" -datadog.otelCollector: "" -datadog.otelCollector.config: "" datadog.otelCollector.enabled: "" datadog.otelCollector.ports: "" -datadog.otlp: "" -datadog.otlp.logs: "" datadog.otlp.logs.enabled: "" -datadog.otlp.receiver: "" -datadog.otlp.receiver.protocols: "" -datadog.otlp.receiver.protocols.grpc: "" datadog.otlp.receiver.protocols.grpc.enabled: spec.features.otlp.receiver.protocols.grpc.enabled datadog.otlp.receiver.protocols.grpc.endpoint: spec.features.otlp.receiver.protocols.grpc.endpoint datadog.otlp.receiver.protocols.grpc.useHostPort: "" -datadog.otlp.receiver.protocols.http: "" datadog.otlp.receiver.protocols.http.enabled: spec.features.otlp.receiver.protocols.http.enabled datadog.otlp.receiver.protocols.http.endpoint: spec.features.otlp.receiver.protocols.http.endpoint datadog.otlp.receiver.protocols.http.useHostPort: "" datadog.podAnnotationsAsTags: spec.global.podAnnotationsAsTags datadog.podLabelsAsTags: spec.global.podLabelsAsTags -datadog.processAgent: "" datadog.processAgent.containerCollection: "" datadog.processAgent.enabled: "" datadog.processAgent.processCollection: "" datadog.processAgent.processDiscovery: spec.features.processDiscovery.enabled datadog.processAgent.runInCoreAgent: "" datadog.processAgent.stripProcessArguments: spec.features.liveProcessCollection.stripProcessArguments -datadog.profiling: "" datadog.profiling.enabled: "" -datadog.prometheusScrape: "" datadog.prometheusScrape.additionalConfigs: spec.features.prometheusScrape.additionalConfigs datadog.prometheusScrape.enabled: spec.features.prometheusScrape.enabled datadog.prometheusScrape.serviceEndpoints: spec.features.prometheusScrape.enableServiceEndpoints datadog.prometheusScrape.version: spec.features.prometheusScrape.version -datadog.remoteConfiguration: "" datadog.remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled -datadog.sbom: "" -datadog.sbom.containerImage: "" datadog.sbom.containerImage.enabled: spec.features.sbom.containerImage.enabled datadog.sbom.containerImage.uncompressedLayersSupport: "" -datadog.sbom.host: "" datadog.sbom.host.enabled: spec.features.sbom.host.enabled datadog.secretAnnotations: "" -datadog.secretBackend: "" datadog.secretBackend.arguments: "" datadog.secretBackend.command: "" datadog.secretBackend.enableGlobalPermissions: "" datadog.secretBackend.roles: "" datadog.secretBackend.timeout: "" -datadog.securityAgent: "" -datadog.securityAgent.compliance: "" -datadog.securityAgent.compliance.checkInterval: "" +datadog.securityAgent.compliance.checkInterval: spec.features.cspm.customBenchmarks.checkInterval datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled -datadog.securityAgent.compliance.host_benchmarks: "" -datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks.enabled -datadog.securityAgent.compliance.xccdf: "" +datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks datadog.securityAgent.compliance.xccdf.enabled: "" -datadog.securityAgent.runtime: "" -datadog.securityAgent.runtime.activityDump: "" datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout: "" datadog.securityAgent.runtime.activityDump.cgroupWaitListSize: "" datadog.securityAgent.runtime.activityDump.enabled: "" -datadog.securityAgent.runtime.activityDump.pathMerge: "" datadog.securityAgent.runtime.activityDump.pathMerge.enabled: "" datadog.securityAgent.runtime.activityDump.tracedCgroupsCount: "" datadog.securityAgent.runtime.enabled: spec.features.cws.enabled datadog.securityAgent.runtime.fimEnabled: "" -datadog.securityAgent.runtime.network: "" datadog.securityAgent.runtime.network.enabled: spec.features.cws.network.enabled -datadog.securityAgent.runtime.policies: "" datadog.securityAgent.runtime.policies.configMap: spec.features.cws.customPolicies.configMap -datadog.securityAgent.runtime.securityProfile: "" -datadog.securityAgent.runtime.securityProfile.anomalyDetection: "" datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled: "" -datadog.securityAgent.runtime.securityProfile.autoSuppression: "" datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled: "" datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled -datadog.securityAgent.runtime.syscallMonitor: "" datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled datadog.securityAgent.runtime.useSecruntimeTrack: "" datadog.securityContext: spec.global.securityContext datadog.securityContext.runAsUser: "" -datadog.serviceMonitoring: "" datadog.serviceMonitoring.enabled: spec.features.usm.enabled datadog.site: spec.global.site -datadog.systemProbe: "" datadog.systemProbe.apparmor: spec.override.nodeAgent.containers.system-probe.appArmorProfileName datadog.systemProbe.bpfDebug: "" datadog.systemProbe.btfPath: "" @@ -574,19 +463,16 @@ datadog.systemProbe.enableTCPQueueLength: spec.features.tcpQueueLength.enabled datadog.systemProbe.maxTrackedConnections: "" datadog.systemProbe.mountPackageManagementDirs: "" datadog.systemProbe.runtimeCompilationAssetDir: "" -datadog.systemProbe.seccomp: "" +datadog.systemProbe.seccomp: spec.override.nodeAgent.containers.system-probe.seccompConfig.customProfile datadog.systemProbe.seccompRoot: spec.override.nodeAgent.containers.system-probe.seccompConfig.customRootPath datadog.tags: spec.global.tags datadog.useHostPID: spec.override.nodeAgent.hostPID -existingClusterAgent: "" existingClusterAgent.clusterchecksEnabled: "" existingClusterAgent.join: "" existingClusterAgent.serviceName: "" existingClusterAgent.tokenSecretName: "" -fips: "" fips.customFipsConfig: "" fips.enabled: "" -fips.image: "" fips.image.digest: "" fips.image.name: "" fips.image.pullPolicy: "" @@ -598,28 +484,16 @@ fips.portRange: "" fips.resources: "" fips.use_https: "" fullnameOverride: "" -kube-state-metrics: "" -kube-state-metrics.image: "" kube-state-metrics.image.repository: "" -kube-state-metrics.nodeSelector: "" kube-state-metrics.nodeSelector.kubernetes.io/os: "" -kube-state-metrics.rbac: "" kube-state-metrics.rbac.create: "" -kube-state-metrics.resources: "" -kube-state-metrics.serviceAccount: "" kube-state-metrics.serviceAccount.create: "" kube-state-metrics.serviceAccount.name: "" nameOverride: "" -providers: "" -providers.aks: "" providers.aks.enabled: "" -providers.eks: "" -providers.eks.ec2: "" providers.eks.ec2.useHostnameFromFile: "" -providers.gke: "" providers.gke.autopilot: "" providers.gke.cos: "" registry: spec.global.registry -remoteConfiguration: "" remoteConfiguration.enabled: spec.features.remoteConfiguration.enabled targetSystem: "" From 03b35fcc33f2f6da93d44314c09c282a37ce8870 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Thu, 24 Oct 2024 13:53:34 -0400 Subject: [PATCH 07/10] update mapper --- ...ping_datadog_helm_to_datadogagent_crd.yaml | 181 ++++++++---------- 1 file changed, 83 insertions(+), 98 deletions(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index ecc6ba670..d5856d824 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -7,19 +7,19 @@ agents.containers.agent.envDict: "" agents.containers.agent.envFrom: "" agents.containers.agent.healthPort: spec.override.nodeAgent.containers.agent.healthPort agents.containers.agent.livenessProbe: spec.override.nodeAgent.containers.agent.livenessProbe -agents.containers.agent.livenessProbe.failureThreshold: "" -agents.containers.agent.livenessProbe.initialDelaySeconds: "" -agents.containers.agent.livenessProbe.periodSeconds: "" -agents.containers.agent.livenessProbe.successThreshold: "" -agents.containers.agent.livenessProbe.timeoutSeconds: "" +agents.containers.agent.livenessProbe.failureThreshold: spec.override.nodeAgent.containers.agent.livenessProbe.failureThreshold +agents.containers.agent.livenessProbe.initialDelaySeconds: spec.override.nodeAgent.containers.agent.livenessProbe.initialDelaySeconds +agents.containers.agent.livenessProbe.periodSeconds: spec.override.nodeAgent.containers.agent.livenessProbe.periodSeconds +agents.containers.agent.livenessProbe.successThreshold: spec.override.nodeAgent.containers.agent.livenessProbe.successThreshold +agents.containers.agent.livenessProbe.timeoutSeconds: spec.override.nodeAgent.containers.agent.livenessProbe.timeoutSeconds agents.containers.agent.logLevel: spec.override.nodeAgent.containers.agent.logLevel agents.containers.agent.ports: "" agents.containers.agent.readinessProbe: spec.override.nodeAgent.containers.agent.readinessProbe -agents.containers.agent.readinessProbe.failureThreshold: "" -agents.containers.agent.readinessProbe.initialDelaySeconds: "" -agents.containers.agent.readinessProbe.periodSeconds: "" -agents.containers.agent.readinessProbe.successThreshold: "" -agents.containers.agent.readinessProbe.timeoutSeconds: "" +agents.containers.agent.readinessProbe.failureThreshold: spec.override.nodeAgent.containers.agent.readinessProbe.failureThreshold +agents.containers.agent.readinessProbe.initialDelaySeconds: spec.override.nodeAgent.containers.agent.readinessProbe.initialDelaySeconds +agents.containers.agent.readinessProbe.periodSeconds: spec.override.nodeAgent.containers.agent.readinessProbe.periodSeconds +agents.containers.agent.readinessProbe.successThreshold: spec.override.nodeAgent.containers.agent.readinessProbe.successThreshold +agents.containers.agent.readinessProbe.timeoutSeconds: spec.override.nodeAgent.containers.agent.readinessProbe.timeoutSeconds agents.containers.agent.resources: spec.override.nodeAgent.containers.agent.resources agents.containers.agent.securityContext: spec.override.nodeAgent.containers.agent.securityContext agents.containers.agent.startupProbe.failureThreshold: "" @@ -62,23 +62,22 @@ agents.containers.systemProbe.logLevel: spec.override.nodeAgent.containers.syste agents.containers.systemProbe.ports: "" agents.containers.systemProbe.resources: spec.override.nodeAgent.containers.system-probe.resources agents.containers.systemProbe.securityContext: spec.override.nodeAgent.containers.system-probe.securityContext -agents.containers.systemProbe.securityContext.capabilities.add: "" -agents.containers.systemProbe.securityContext.privileged: "" +agents.containers.systemProbe.securityContext.capabilities.add: spec.override.nodeAgent.containers.system-probe.securityContext.capabilities.add +agents.containers.systemProbe.securityContext.privileged: spec.override.nodeAgent.containers.system-probe.securityContext.priveleged agents.containers.traceAgent.env: spec.override.nodeAgent.containers.trace-agent.env agents.containers.traceAgent.envDict: "" agents.containers.traceAgent.envFrom: "" agents.containers.traceAgent.livenessProbe: spec.override.nodeAgent.containers.trace-agent.livenessProbe -agents.containers.traceAgent.livenessProbe.initialDelaySeconds: "" -agents.containers.traceAgent.livenessProbe.periodSeconds: "" -agents.containers.traceAgent.livenessProbe.timeoutSeconds: "" +agents.containers.traceAgent.livenessProbe.initialDelaySeconds: spec.override.nodeAgent.containers.trace-agent.livenessProbe.initialDelaySeconds +agents.containers.traceAgent.livenessProbe.periodSeconds: spec.override.nodeAgent.containers.trace-agent.livenessProbe.periodSeconds +agents.containers.traceAgent.livenessProbe.timeoutSeconds: spec.override.nodeAgent.containers.trace-agent.livenessProbe.timeoutSeconds agents.containers.traceAgent.logLevel: spec.override.nodeAgent.containers.trace-agent.logLevel agents.containers.traceAgent.ports: "" agents.containers.traceAgent.resources: spec.override.nodeAgent.containers.trace-agent.resources agents.containers.traceAgent.securityContext: spec.override.nodeAgent.containers.trace-agent.securityContext agents.customAgentConfig: spec.override.nodeAgent.customConfigurations.datadog.yaml.configData agents.daemonsetAnnotations: "" -agents.dnsConfig: "" -# list of nameservers, options, searches? +agents.dnsConfig: spec.override.nodeAgent.dnsConfig agents.enabled: "" agents.image.digest: "" agents.image.doNotCheckTag: "" @@ -98,20 +97,17 @@ agents.podSecurity: "" agents.podSecurity.allowedUnsafeSysctls: "" agents.podSecurity.apparmor.enabled: "" agents.podSecurity.apparmorProfiles: "" -agents.podSecurity.capabilities: "" -# list, capabilities add or drop +agents.podSecurity.capabilities: spec.override.nodeAgent.containers.agent.securityContext.capabilities agents.podSecurity.defaultApparmor: "" agents.podSecurity.podSecurityPolicy.create: "" agents.podSecurity.privileged: spec.override.nodeAgent.containers.agent.securityContext.privileged -agents.podSecurity.seLinuxContext: "" -# list, seLinuxOptions -agents.podSecurity.seLinuxContext.rule: "" -agents.podSecurity.seLinuxContext.seLinuxOptions.level: "" -agents.podSecurity.seLinuxContext.seLinuxOptions.role: "" -agents.podSecurity.seLinuxContext.seLinuxOptions.type: "" -agents.podSecurity.seLinuxContext.seLinuxOptions.user: "" -agents.podSecurity.seccompProfiles: "" -# list, seccompProfiles +agents.podSecurity.seLinuxContext: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext +agents.podSecurity.seLinuxContext.rule: +agents.podSecurity.seLinuxContext.seLinuxOptions.level: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.level +agents.podSecurity.seLinuxContext.seLinuxOptions.role: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.role +agents.podSecurity.seLinuxContext.seLinuxOptions.type: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.type +agents.podSecurity.seLinuxContext.seLinuxOptions.user: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.user +agents.podSecurity.seccompProfiles: spec.override.nodeAgent.containers.agent.securityContext.seccompProfile agents.podSecurity.securityContextConstraints: "" agents.podSecurity.securityContextConstraints.create: "" agents.podSecurity.volumes: "" @@ -121,16 +117,15 @@ agents.priorityClassValue: "" agents.priorityPreemptionPolicyValue: "" agents.rbac.automountServiceAccountToken: "" agents.rbac.create: spec.override.nodeAgent.createRbac -agents.rbac.serviceAccountAnnotations: "" +agents.rbac.serviceAccountAnnotations: spec.override.nodeAgent.serviceAccountAnnotations agents.rbac.serviceAccountName: spec.override.nodeAgent.serviceAccountName agents.revisionHistoryLimit: "" agents.shareProcessNamespace: "" agents.tolerations: spec.override.nodeAgent.tolerations -agents.updateStrategy: "" -# rolling update, type -agents.updateStrategy.rollingUpdate: "" -agents.updateStrategy.rollingUpdate.maxUnavailable: "" -agents.updateStrategy.type: "" +agents.updateStrategy: spec.override.nodeAgent.updateStrategy +agents.updateStrategy.rollingUpdate: spec.override.nodeAgent.updateStrategy.rollingUpdate +agents.updateStrategy.rollingUpdate.maxUnavailable: spec.override.nodeAgent.updateStrategy.rollingUpdate.maxUnavailable +agents.updateStrategy.type: spec.override.nodeAgent.updateStrategy.type agents.useConfigMap: "" agents.useHostNetwork: spec.override.nodeAgent.hostNetwork agents.volumeMounts: @@ -141,21 +136,21 @@ agents.volumeMounts: - spec.override.nodeAgent.containers.security-agent.volumeMounts agents.volumes: spec.override.nodeAgent.volumes clusterAgent.additionalLabels: spec.override.clusterAgent.labels -clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled: "" -clusterAgent.admissionController.agentSidecarInjection.containerRegistry: "" -clusterAgent.admissionController.agentSidecarInjection.enabled: "" -clusterAgent.admissionController.agentSidecarInjection.imageName: "" -clusterAgent.admissionController.agentSidecarInjection.imageTag: "" -clusterAgent.admissionController.agentSidecarInjection.profiles: "" -clusterAgent.admissionController.agentSidecarInjection.provider: "" -clusterAgent.admissionController.agentSidecarInjection.selectors: "" +clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled: spec.features.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled +clusterAgent.admissionController.agentSidecarInjection.containerRegistry: spec.features.admissionController.agentSidecarInjection.registry +clusterAgent.admissionController.agentSidecarInjection.enabled: spec.features.admissionController.agentSidecarInjection.enabled +clusterAgent.admissionController.agentSidecarInjection.imageName: spec.features.admissionController.agentSidecarInjection.image.name +clusterAgent.admissionController.agentSidecarInjection.imageTag: spec.features.admissionController.agentSidecarInjection.image.tag +clusterAgent.admissionController.agentSidecarInjection.profiles: spec.features.admissionController.agentSidecarInjection.profiles +clusterAgent.admissionController.agentSidecarInjection.provider: spec.features.admissionController.agentSidecarInjection.provider +clusterAgent.admissionController.agentSidecarInjection.selectors: spec.features.admissionController.agentSidecarInjection.selectors clusterAgent.admissionController.configMode: spec.features.admissionController.agentCommunicationMode -clusterAgent.admissionController.containerRegistry: "" +clusterAgent.admissionController.containerRegistry: spec.features.admissionController.registry clusterAgent.admissionController.enabled: spec.features.admissionController.enabled clusterAgent.admissionController.failurePolicy: spec.features.admissionController.failurePolicy clusterAgent.admissionController.mutateUnlabelled: spec.features.admissionController.mutateUnlabelled clusterAgent.admissionController.port: "" -clusterAgent.admissionController.remoteInstrumentation.enabled: "" +clusterAgent.admissionController.remoteInstrumentation.enabled: spec.features.admissionController.cwsInstrumentation.enabled clusterAgent.admissionController.webhookName: spec.features.admissionController.webhookName clusterAgent.advancedConfd: "" clusterAgent.affinity: spec.override.clusterAgent.affinity @@ -163,18 +158,18 @@ clusterAgent.command: spec.override.clusterAgent.containers.cluster-agent.comman clusterAgent.confd: spec.override.clusterAgent.extraConfd clusterAgent.containerExclude: "" clusterAgent.containerInclude: "" -clusterAgent.containers.clusterAgent.securityContext: "" -clusterAgent.containers.clusterAgent.securityContext.allowPrivilegeEscalation: "" -clusterAgent.containers.clusterAgent.securityContext.readOnlyRootFilesystem: "" +clusterAgent.containers.clusterAgent.securityContext: spec.override.clusterAgent.containers.clusterAgent.securityContext.securityContext +clusterAgent.containers.clusterAgent.securityContext.allowPrivilegeEscalation: spec.override.clusterAgent.containers.clusterAgent.securityContext.securityContext.allowPrivilegeEscalation +clusterAgent.containers.clusterAgent.securityContext.readOnlyRootFilesystem: spec.override.clusterAgent.containers.clusterAgent.securityContext.securityContext.readOnlyRootFilesystem clusterAgent.containers.initContainer.securityContext: spec.override.clusterAgent.containers.init-config.securityContext clusterAgent.createPodDisruptionBudget: "" clusterAgent.datadog_cluster_yaml: spec.override.clusterAgent.customConfigurations.datadog-cluster.yaml.configData clusterAgent.deploymentAnnotations: "" -clusterAgent.dnsConfig: "" +clusterAgent.dnsConfig: spec.override.clusterAgent.dnsConfig clusterAgent.enabled: "" clusterAgent.env: spec.override.clusterAgent.env clusterAgent.envDict: "" -clusterAgent.envFrom: "" +clusterAgent.envFrom: spec.override.clusterAgent.envFrom clusterAgent.healthPort: spec.override.clusterAgent.containers.cluster-agent.healthPort clusterAgent.image.digest: "" clusterAgent.image.doNotCheckTag: "" @@ -184,11 +179,11 @@ clusterAgent.image.pullSecrets: spec.override.clusterAgent.image.pullSecrets clusterAgent.image.repository: "" clusterAgent.image.tag: spec.override.clusterAgent.image.tag clusterAgent.livenessProbe: spec.override.clusterAgent.containers.cluster-agent.livenessProbe -clusterAgent.livenessProbe.failureThreshold: "" -clusterAgent.livenessProbe.initialDelaySeconds: "" -clusterAgent.livenessProbe.periodSeconds: "" -clusterAgent.livenessProbe.successThreshold: "" -clusterAgent.livenessProbe.timeoutSeconds: "" +clusterAgent.livenessProbe.failureThreshold: spec.override.clusterAgent.containers.cluster-agent.livenessProbe.failureThreshold +clusterAgent.livenessProbe.initialDelaySeconds: spec.override.clusterAgent.containers.cluster-agent.livenessProbe.initialDelaySeconds +clusterAgent.livenessProbe.periodSeconds: spec.override.clusterAgent.containers.cluster-agent.livenessProbe.periodSeconds +clusterAgent.livenessProbe.successThreshold: spec.override.clusterAgent.containers.cluster-agent.livenessProbe.successThreshold +clusterAgent.livenessProbe.timeoutSeconds: spec.override.clusterAgent.containers.cluster-agent.livenessProbe.timeoutSeconds clusterAgent.metricsProvider.aggregator: "" clusterAgent.metricsProvider.createReaderRbac: "" clusterAgent.metricsProvider.enabled: spec.features.externalMetricsServer.enabled @@ -207,46 +202,44 @@ clusterAgent.priorityClassName: spec.override.clusterAgent.priorityClassName clusterAgent.rbac.automountServiceAccountToken: "" clusterAgent.rbac.create: spec.override.clusterAgent.createRbac clusterAgent.rbac.flareAdditionalPermissions: "" -clusterAgent.rbac.serviceAccountAnnotations: "" +clusterAgent.rbac.serviceAccountAnnotations: spec.override.clusterAgent.serviceAccountAnnotations clusterAgent.rbac.serviceAccountName: spec.override.clusterAgent.serviceAccountName clusterAgent.readinessProbe: spec.override.clusterAgent.containers.cluster-agent.readinessProbe -clusterAgent.readinessProbe.failureThreshold: "" -clusterAgent.readinessProbe.initialDelaySeconds: "" -clusterAgent.readinessProbe.periodSeconds: "" -clusterAgent.readinessProbe.successThreshold: "" -clusterAgent.readinessProbe.timeoutSeconds: "" +clusterAgent.readinessProbe.failureThreshold: spec.override.clusterAgent.containers.cluster-agent.readinessProbe.failureThreshold +clusterAgent.readinessProbe.initialDelaySeconds: spec.override.clusterAgent.containers.cluster-agent.readinessProbe.initialDelaySeconds +clusterAgent.readinessProbe.periodSeconds: spec.override.clusterAgent.containers.cluster-agent.readinessProbe.periodSeconds +clusterAgent.readinessProbe.successThreshold: spec.override.clusterAgent.containers.cluster-agent.readinessProbe.successThreshold +clusterAgent.readinessProbe.timeoutSeconds: spec.override.clusterAgent.containers.cluster-agent.readinessProbe.timeoutSeconds clusterAgent.replicas: spec.override.clusterAgent.replicas clusterAgent.resources: spec.override.clusterAgent.containers.cluster-agent.resources clusterAgent.revisionHistoryLimit: "" -clusterAgent.securityContext: "" +clusterAgent.securityContext: spec.override.clusterAgent.securityContext clusterAgent.shareProcessNamespace: "" clusterAgent.startupProbe.failureThreshold: "" clusterAgent.startupProbe.initialDelaySeconds: "" clusterAgent.startupProbe.periodSeconds: "" clusterAgent.startupProbe.successThreshold: "" clusterAgent.startupProbe.timeoutSeconds: "" -clusterAgent.strategy: "" -clusterAgent.strategy.rollingUpdate.maxSurge: "" -clusterAgent.strategy.rollingUpdate.maxUnavailable: "" -clusterAgent.strategy.type: "" +clusterAgent.strategy: spec.override.clusterAgent.updateStrategy +clusterAgent.strategy.rollingUpdate.maxSurge: spec.override.clusterAgent.updateStrategy.rollingUpdate.maxSurge +clusterAgent.strategy.rollingUpdate.maxUnavailable: spec.override.clusterAgent.updateStrategy.rollingUpdate.maxUnavailable +clusterAgent.strategy.type: spec.override.clusterAgent.updateStrategy.type clusterAgent.token: spec.global.clusterAgentToken -clusterAgent.tokenExistingSecret: -- spec.global.clusterAgentTokenSecret.keyName -- spec.global.clusterAgentTokenSecret.secretName +clusterAgent.tokenExistingSecret: spec.global.clusterAgentTokenSecret.secretName clusterAgent.tolerations: spec.override.clusterAgent.tolerations clusterAgent.topologySpreadConstraints: "" -clusterAgent.useHostNetwork: "" +clusterAgent.useHostNetwork: spec.override.clusterAgent.hostNetwork clusterAgent.volumeMounts: spec.override.clusterAgent.containers.cluster-agent.volumeMounts clusterAgent.volumes: spec.override.clusterAgent.volumes clusterChecksRunner.additionalLabels: spec.override.clusterChecksRunner.labels clusterChecksRunner.affinity: spec.override.clusterChecksRunner.affinity clusterChecksRunner.createPodDisruptionBudget: "" clusterChecksRunner.deploymentAnnotations: "" -clusterChecksRunner.dnsConfig: "" +clusterChecksRunner.dnsConfig: spec.override.clusterChecksRunner.dnsConfig clusterChecksRunner.enabled: spec.features.clusterChecks.useClusterChecksRunners clusterChecksRunner.env: spec.override.clusterChecksRunner.env clusterChecksRunner.envDict: "" -clusterChecksRunner.envFrom: "" +clusterChecksRunner.envFrom: spec.override.clusterChecksRunner.envFrom clusterChecksRunner.healthPort: spec.override.clusterChecksRunner.containers.agent.healthPort clusterChecksRunner.image.digest: "" clusterChecksRunner.image.name: spec.override.clusterChecksRunner.image.name @@ -256,11 +249,11 @@ clusterChecksRunner.image.repository: "" clusterChecksRunner.image.tag: spec.override.clusterChecksRunner.image.tag clusterChecksRunner.image.tagSuffix: "" clusterChecksRunner.livenessProbe: spec.override.clusterChecksRunner.containers.agent.livenessProbe -clusterChecksRunner.livenessProbe.failureThreshold: "" -clusterChecksRunner.livenessProbe.initialDelaySeconds: "" -clusterChecksRunner.livenessProbe.periodSeconds: "" -clusterChecksRunner.livenessProbe.successThreshold: "" -clusterChecksRunner.livenessProbe.timeoutSeconds: "" +clusterChecksRunner.livenessProbe.failureThreshold: spec.override.clusterChecksRunner.containers.agent.livenessProbe.failureThreshold +clusterChecksRunner.livenessProbe.initialDelaySeconds: spec.override.clusterChecksRunner.containers.agent.livenessProbe.initialDelaySeconds +clusterChecksRunner.livenessProbe.periodSeconds: spec.override.clusterChecksRunner.containers.agent.livenessProbe.periodSeconds +clusterChecksRunner.livenessProbe.successThreshold: spec.override.clusterChecksRunner.containers.agent.livenessProbe.successThreshold +clusterChecksRunner.livenessProbe.timeoutSeconds: spec.override.clusterChecksRunner.containers.agent.livenessProbe.timeoutSeconds clusterChecksRunner.networkPolicy.create: "" clusterChecksRunner.nodeSelector: spec.override.clusterChecksRunner.nodeSelector clusterChecksRunner.podAnnotations: spec.override.clusterChecksRunner.annotations @@ -269,14 +262,14 @@ clusterChecksRunner.priorityClassName: spec.override.clusterChecksRunner.priorit clusterChecksRunner.rbac.automountServiceAccountToken: "" clusterChecksRunner.rbac.create: spec.override.clusterChecksRunner.createRbac clusterChecksRunner.rbac.dedicated: "" -clusterChecksRunner.rbac.serviceAccountAnnotations: "" +clusterChecksRunner.rbac.serviceAccountAnnotations: spec.override.clusterChecksRunner.serviceAccountAnnotations clusterChecksRunner.rbac.serviceAccountName: spec.override.clusterChecksRunner.serviceAccountName clusterChecksRunner.readinessProbe: spec.override.clusterChecksRunner.containers.agent.readinessProbe -clusterChecksRunner.readinessProbe.failureThreshold: "" -clusterChecksRunner.readinessProbe.initialDelaySeconds: "" -clusterChecksRunner.readinessProbe.periodSeconds: "" -clusterChecksRunner.readinessProbe.successThreshold: "" -clusterChecksRunner.readinessProbe.timeoutSeconds: "" +clusterChecksRunner.readinessProbe.failureThreshold: spec.override.clusterChecksRunner.containers.agent.readinessProbe.failureThreshold +clusterChecksRunner.readinessProbe.initialDelaySeconds: spec.override.clusterChecksRunner.containers.agent.readinessProbe.initialDelaySeconds +clusterChecksRunner.readinessProbe.periodSeconds: spec.override.clusterChecksRunner.containers.agent.readinessProbe.periodSeconds +clusterChecksRunner.readinessProbe.successThreshold: spec.override.clusterChecksRunner.containers.agent.readinessProbe.successThreshold +clusterChecksRunner.readinessProbe.timeoutSeconds: spec.override.clusterChecksRunner.containers.agent.readinessProbe.timeoutSeconds clusterChecksRunner.replicas: spec.override.clusterChecksRunner.replicas clusterChecksRunner.resources: spec.override.clusterChecksRunner.containers.agent.resources clusterChecksRunner.revisionHistoryLimit: "" @@ -286,10 +279,10 @@ clusterChecksRunner.startupProbe.initialDelaySeconds: "" clusterChecksRunner.startupProbe.periodSeconds: "" clusterChecksRunner.startupProbe.successThreshold: "" clusterChecksRunner.startupProbe.timeoutSeconds: "" -clusterChecksRunner.strategy: "" -clusterChecksRunner.strategy.rollingUpdate.maxSurge: "" -clusterChecksRunner.strategy.rollingUpdate.maxUnavailable: "" -clusterChecksRunner.strategy.type: "" +clusterChecksRunner.strategy: spec.override.clusterChecksRunner.updateStrategy +clusterChecksRunner.strategy.rollingUpdate.maxSurge: spec.override.clusterChecksRunner.updateStrategy.rollingUpdate.maxSurge +clusterChecksRunner.strategy.rollingUpdate.maxUnavailable: spec.override.clusterChecksRunner.updateStrategy.rollingUpdate.maxUnavailable +clusterChecksRunner.strategy.type: spec.override.clusterChecksRunner.updateStrategy.type clusterChecksRunner.tolerations: spec.override.clusterChecksRunner.tolerations clusterChecksRunner.topologySpreadConstraints: "" clusterChecksRunner.volumeMounts: spec.override.clusterChecksRunner.containers.agent.volumeMounts @@ -298,9 +291,7 @@ commonLabels: "" datadog-crds.crds.datadogMetrics: "" datadog-crds.crds.datadogPodAutoscalers: "" datadog.apiKey: spec.global.credentials.apiKey -datadog.apiKeyExistingSecret: -- spec.global.credentials.apiSecret.keyName -- spec.global.credentials.apiSecret.secretName +datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret.secretName datadog.apm: "" datadog.apm.enabled: "" datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path @@ -316,9 +307,7 @@ datadog.apm.socketEnabled: spec.features.apm.enabled datadog.apm.socketPath: "" datadog.apm.useSocketVolume: "" datadog.appKey: spec.global.credentials.appKey -datadog.appKeyExistingSecret: -- spec.global.credentials.appSecret.keyName -- spec.global.credentials.appSecret.secretName +datadog.appKeyExistingSecret: spec.global.credentials.appSecret.secretName datadog.asm: "" datadog.asm.iast: "" datadog.asm.iast.enabled: "" @@ -444,9 +433,7 @@ datadog.secretBackend.enableGlobalPermissions: spec.global.secretBackend.enableG datadog.secretBackend.roles: spec.global.secretBackend.roles datadog.secretBackend.timeout: spec.global.secretBackend.timeout datadog.securityAgent.compliance.checkInterval: spec.features.cspm.checkInterval -datadog.securityAgent.compliance.configMap: -- spec.features.cspm.customBenchmarks.configMap.items -- spec.features.cspm.customBenchmarks.configMap.name +datadog.securityAgent.compliance.configMap: spec.features.cspm.customBenchmarks.configMap.name datadog.securityAgent.compliance.enabled: spec.features.cspm.enabled datadog.securityAgent.compliance.host_benchmarks.enabled: spec.features.cspm.hostBenchmarks datadog.securityAgent.compliance.xccdf.enabled: "" @@ -458,9 +445,7 @@ datadog.securityAgent.runtime.activityDump.tracedCgroupsCount: "" datadog.securityAgent.runtime.enabled: spec.features.cws.enabled datadog.securityAgent.runtime.fimEnabled: "" datadog.securityAgent.runtime.network.enabled: spec.features.cws.network.enabled -datadog.securityAgent.runtime.policies.configMap: -- spec.features.cws.customPolicies.configMap.items -- spec.features.cws.customPolicies.configMap.name +datadog.securityAgent.runtime.policies.configMap: spec.features.cws.customPolicies.configMap.name datadog.securityAgent.runtime.securityProfile: "" datadog.securityAgent.runtime.securityProfile.anomalyDetection: "" datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled: "" From 1987d87d916c17320098565bfd12c0c9e7626f40 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Thu, 24 Oct 2024 15:46:43 -0400 Subject: [PATCH 08/10] minor fixes --- .../mapping_datadog_helm_to_datadogagent_crd.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index eb0b7232b..3435e9104 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -63,7 +63,7 @@ agents.containers.systemProbe.ports: "" agents.containers.systemProbe.resources: spec.override.nodeAgent.containers.system-probe.resources agents.containers.systemProbe.securityContext: spec.override.nodeAgent.containers.system-probe.securityContext agents.containers.systemProbe.securityContext.capabilities.add: spec.override.nodeAgent.containers.system-probe.securityContext.capabilities.add -agents.containers.systemProbe.securityContext.privileged: spec.override.nodeAgent.containers.system-probe.securityContext.priveleged +agents.containers.systemProbe.securityContext.privileged: spec.override.nodeAgent.containers.system-probe.securityContext.privileged agents.containers.traceAgent.env: spec.override.nodeAgent.containers.trace-agent.env agents.containers.traceAgent.envDict: "" agents.containers.traceAgent.envFrom: "" @@ -93,7 +93,6 @@ agents.networkPolicy.create: "" agents.nodeSelector: spec.override.nodeAgent.nodeSelector agents.podAnnotations: spec.override.nodeAgent.annotations agents.podLabels: spec.override.nodeAgent.labels -agents.podSecurity: "" agents.podSecurity.allowedUnsafeSysctls: "" agents.podSecurity.apparmor.enabled: "" agents.podSecurity.apparmorProfiles: "" @@ -107,8 +106,7 @@ agents.podSecurity.seLinuxContext.seLinuxOptions.level: spec.override.nodeAgent. agents.podSecurity.seLinuxContext.seLinuxOptions.role: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.role agents.podSecurity.seLinuxContext.seLinuxOptions.type: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.type agents.podSecurity.seLinuxContext.seLinuxOptions.user: spec.override.nodeAgent.containers.agent.securityContext.seLinuxContext.user -agents.podSecurity.seccompProfiles: spec.override.nodeAgent.containers.agent.securityContext.seccompProfile -agents.podSecurity.securityContextConstraints: "" +agents.podSecurity.seccompProfiles: "" agents.podSecurity.securityContextConstraints.create: "" agents.podSecurity.volumes: "" agents.priorityClassCreate: "" From 2cc9a4e0128ed8e3c6753dc3266a44b9471b4621 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Thu, 24 Oct 2024 15:49:57 -0400 Subject: [PATCH 09/10] updating mapper --- .../mapping_datadog_helm_to_datadogagent_crd.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index 3435e9104..442a2f26b 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -290,6 +290,7 @@ datadog-crds.crds.datadogMetrics: "" datadog-crds.crds.datadogPodAutoscalers: "" datadog.apiKey: spec.global.credentials.apiKey datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret.secretName +datadog.apm: "" datadog.apm.enabled: "" datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path datadog.apm.instrumentation.disabledNamespaces: "" @@ -305,6 +306,8 @@ datadog.apm.socketPath: "" datadog.apm.useSocketVolume: "" datadog.appKey: spec.global.credentials.appKey datadog.appKeyExistingSecret: spec.global.credentials.appSecret.secretName +datadog.asm: "" +datadog.asm.iast: "" datadog.asm.iast.enabled: "" datadog.asm.sca.enabled: "" datadog.asm.threats.enabled: "" @@ -392,6 +395,7 @@ datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled +datadog.originDetectionUnified: "" datadog.originDetectionUnified.enabled: spec.global.originDetectionUnified.enabled datadog.osReleasePath: "" datadog.otelCollector.enabled: "" @@ -447,7 +451,7 @@ datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled: "" datadog.securityAgent.runtime.securityProfile.enabled: spec.features.cws.securityProfiles.enabled datadog.securityAgent.runtime.syscallMonitor.enabled: spec.features.cws.syscallMonitorEnabled datadog.securityAgent.runtime.useSecruntimeTrack: "" -datadog.securityContext: spec.global.securityContext +datadog.securityContext: "" datadog.securityContext.runAsUser: "" datadog.serviceMonitoring.enabled: spec.features.usm.enabled datadog.site: spec.global.site From def74618a6548870ea4d5d3ad3814a2ea746a958 Mon Sep 17 00:00:00 2001 From: Sarah Wang Date: Thu, 24 Oct 2024 16:05:12 -0400 Subject: [PATCH 10/10] remove parents to nested keys --- .../yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index 442a2f26b..bb5f2ab67 100644 --- a/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/tools/yaml-mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -290,7 +290,6 @@ datadog-crds.crds.datadogMetrics: "" datadog-crds.crds.datadogPodAutoscalers: "" datadog.apiKey: spec.global.credentials.apiKey datadog.apiKeyExistingSecret: spec.global.credentials.apiSecret.secretName -datadog.apm: "" datadog.apm.enabled: "" datadog.apm.hostSocketPath: spec.features.apm.unixDomainSocketConfig.path datadog.apm.instrumentation.disabledNamespaces: "" @@ -306,8 +305,6 @@ datadog.apm.socketPath: "" datadog.apm.useSocketVolume: "" datadog.appKey: spec.global.credentials.appKey datadog.appKeyExistingSecret: spec.global.credentials.appSecret.secretName -datadog.asm: "" -datadog.asm.iast: "" datadog.asm.iast.enabled: "" datadog.asm.sca.enabled: "" datadog.asm.threats.enabled: "" @@ -395,7 +392,6 @@ datadog.nodeLabelsAsTags: spec.global.nodeLabelsAsTags datadog.orchestratorExplorer.container_scrubbing.enabled: spec.features.orchestratorExplorer.scrubContainers datadog.orchestratorExplorer.customResources: spec.features.orchestratorExplorer.customResources datadog.orchestratorExplorer.enabled: spec.features.orchestratorExplorer.enabled -datadog.originDetectionUnified: "" datadog.originDetectionUnified.enabled: spec.global.originDetectionUnified.enabled datadog.osReleasePath: "" datadog.otelCollector.enabled: ""