diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index aeb4f54b2..dcc0dd6d5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.106.2 + +* Add `datadog.traceroute.enabled`, which turns on the `traceroute` system-probe module for Network Path. + ## 3.106.1 * Add default container resource values for GKE Autopilot diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 399dfd998..0a9b66dcb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.106.1 +version: 3.106.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 9dfe57336..41c13f830 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.106.1](https://img.shields.io/badge/Version-3.106.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.106.2](https://img.shields.io/badge/Version-3.106.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -892,6 +892,7 @@ helm install \ | datadog.systemProbe.seccomp | string | `"localhost/system-probe"` | Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges | | datadog.systemProbe.seccompRoot | string | `"/var/lib/kubelet/seccomp"` | Specify the seccomp profile root directory | | datadog.tags | list | `[]` | List of static tags to attach to every metric, event and service check collected by this Agent. | +| datadog.traceroute.enabled | bool | `false` | Enable traceroutes in system-probe for Network Path | | datadog.useHostPID | bool | `true` | Run the agent in the host's PID namespace, required for origin detection / unified service tagging | | existingClusterAgent.clusterchecksEnabled | bool | `true` | set this to false if you don’t want the agents to run the cluster checks of the joined external cluster agent | | existingClusterAgent.join | bool | `false` | set this to true if you want the agents deployed by this chart to connect to a Cluster Agent deployed independently | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 084949e10..e07de0fa5 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -352,7 +352,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ############################################################################################## #### WARNING: System Probe on GKE Autopilot requires GKE v1.32.1-gke.1729000 or later #### ############################################################################################## -{{- fail "System Probe on GKE Autopilot environments requires GKE v1.32.1-gke.1729000 or later. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} +{{- fail "System Probe on GKE Autopilot environments requires GKE v1.32.1-gke.1729000 or later. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled', 'datadog.traceroute.enabled', and 'datadog.discovery.enabled' must be set 'false'" }} {{- end }} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 2d2704430..6bf822c36 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -383,7 +383,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im Return true if a system-probe feature is enabled. */}} {{- define "system-probe-feature" -}} -{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled .Values.datadog.gpuMonitoring.enabled -}} +{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.traceroute.enabled .Values.datadog.discovery.enabled .Values.datadog.gpuMonitoring.enabled -}} true {{- else -}} false diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 3b3f4eb45..f0e462933 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -66,6 +66,8 @@ data: native: enabled: {{ $.Values.datadog.serviceMonitoring.tls.native.enabled }} {{- end }} + traceroute: + enabled: {{ $.Values.datadog.traceroute.enabled }} {{- if not (eq .Values.datadog.discovery.enabled nil) }} discovery: enabled: {{ $.Values.datadog.discovery.enabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 55df725d8..24d8117a9 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -882,6 +882,10 @@ datadog: # datadog.serviceMonitoring.tls.native.enabled -- (bool) Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. enabled: + traceroute: + # datadog.traceroute.enabled -- (bool) Enable traceroutes in system-probe for Network Path + enabled: false + discovery: # datadog.discovery.enabled -- (bool) Enable Service Discovery enabled: # false diff --git a/test/datadog/baseline/manifests/npm_daemonset_default.yaml b/test/datadog/baseline/manifests/npm_daemonset_default.yaml index e0106a8d1..6ccad2892 100644 --- a/test/datadog/baseline/manifests/npm_daemonset_default.yaml +++ b/test/datadog/baseline/manifests/npm_daemonset_default.yaml @@ -116,7 +116,7 @@ metadata: --- apiVersion: v1 data: - system-probe.yaml: "system_probe_config:\n enabled: true\n debug_port: 0\n sysprobe_socket: /var/run/sysprobe/sysprobe.sock\n enable_conntrack: true\n bpf_debug: false\n enable_tcp_queue_length: false\n enable_oom_kill: false\n collect_dns_stats: true\n max_tracked_connections: 131072\n conntrack_max_state_size: 131072\n runtime_compiler_output_dir: /var/tmp/datadog-agent/system-probe/build\n kernel_header_download_dir: /var/tmp/datadog-agent/system-probe/kernel-headers\n apt_config_dir: /host/etc/apt\n yum_repos_dir: /host/etc/yum.repos.d\n zypper_repos_dir: /host/etc/zypp/repos.d\n btf_path: \nnetwork_config:\n enabled: true\n conntrack_init_timeout: 10s\nservice_monitoring_config:\n enabled: false\n tls:\ngpu_monitoring:\n enabled: false\n configure_cgroup_perms: false\nruntime_security_config:\n enabled: false\n fim_enabled: false\n use_secruntime_track: true\n socket: /var/run/sysprobe/runtime-security.sock\n policies:\n dir: /etc/datadog-agent/runtime-security.d\n syscall_monitor:\n enabled: false\n network:\n enabled: true\n remote_configuration:\n enabled: false \n activity_dump:\n enabled: true\n traced_cgroups_count: 3\n cgroup_dump_timeout: 20\n cgroup_wait_list_size: 0\n path_merge:\n enabled: false\n\n security_profile:\n enabled: true\n anomaly_detection:\n enabled: true\n auto_suppression:\n enabled: true\n" + system-probe.yaml: "system_probe_config:\n enabled: true\n debug_port: 0\n sysprobe_socket: /var/run/sysprobe/sysprobe.sock\n enable_conntrack: true\n bpf_debug: false\n enable_tcp_queue_length: false\n enable_oom_kill: false\n collect_dns_stats: true\n max_tracked_connections: 131072\n conntrack_max_state_size: 131072\n runtime_compiler_output_dir: /var/tmp/datadog-agent/system-probe/build\n kernel_header_download_dir: /var/tmp/datadog-agent/system-probe/kernel-headers\n apt_config_dir: /host/etc/apt\n yum_repos_dir: /host/etc/yum.repos.d\n zypper_repos_dir: /host/etc/zypp/repos.d\n btf_path: \nnetwork_config:\n enabled: true\n conntrack_init_timeout: 10s\nservice_monitoring_config:\n enabled: false\n tls:\ntraceroute:\n enabled: false\ngpu_monitoring:\n enabled: false\n configure_cgroup_perms: false\nruntime_security_config:\n enabled: false\n fim_enabled: false\n use_secruntime_track: true\n socket: /var/run/sysprobe/runtime-security.sock\n policies:\n dir: /etc/datadog-agent/runtime-security.d\n syscall_monitor:\n enabled: false\n network:\n enabled: true\n remote_configuration:\n enabled: false \n activity_dump:\n enabled: true\n traced_cgroups_count: 3\n cgroup_dump_timeout: 20\n cgroup_wait_list_size: 0\n path_merge:\n enabled: false\n\n security_profile:\n enabled: true\n anomaly_detection:\n enabled: true\n auto_suppression:\n enabled: true\n" kind: ConfigMap metadata: labels: diff --git a/test/datadog/baseline/manifests/system_probe_daemonset_default.yaml b/test/datadog/baseline/manifests/system_probe_daemonset_default.yaml index 4c501f8a3..13d9c04bc 100644 --- a/test/datadog/baseline/manifests/system_probe_daemonset_default.yaml +++ b/test/datadog/baseline/manifests/system_probe_daemonset_default.yaml @@ -116,7 +116,7 @@ metadata: --- apiVersion: v1 data: - system-probe.yaml: "system_probe_config:\n enabled: true\n debug_port: 0\n sysprobe_socket: /var/run/sysprobe/sysprobe.sock\n enable_conntrack: true\n bpf_debug: false\n enable_tcp_queue_length: true\n enable_oom_kill: true\n collect_dns_stats: true\n max_tracked_connections: 131072\n conntrack_max_state_size: 131072\n runtime_compiler_output_dir: /var/tmp/datadog-agent/system-probe/build\n kernel_header_download_dir: /var/tmp/datadog-agent/system-probe/kernel-headers\n apt_config_dir: /host/etc/apt\n yum_repos_dir: /host/etc/yum.repos.d\n zypper_repos_dir: /host/etc/zypp/repos.d\n btf_path: \nnetwork_config:\n enabled: true\n conntrack_init_timeout: 10s\nservice_monitoring_config:\n enabled: true\n tls:\ndiscovery:\n enabled: true\n network_stats:\n enabled: true\ngpu_monitoring:\n enabled: false\n configure_cgroup_perms: false\nruntime_security_config:\n enabled: true\n fim_enabled: true\n use_secruntime_track: true\n socket: /var/run/sysprobe/runtime-security.sock\n policies:\n dir: /etc/datadog-agent/runtime-security.d\n syscall_monitor:\n enabled: false\n network:\n enabled: true\n remote_configuration:\n enabled: true \n activity_dump:\n enabled: true\n traced_cgroups_count: 3\n cgroup_dump_timeout: 20\n cgroup_wait_list_size: 0\n path_merge:\n enabled: false\n\n security_profile:\n enabled: true\n anomaly_detection:\n enabled: true\n auto_suppression:\n enabled: true\n" + system-probe.yaml: "system_probe_config:\n enabled: true\n debug_port: 0\n sysprobe_socket: /var/run/sysprobe/sysprobe.sock\n enable_conntrack: true\n bpf_debug: false\n enable_tcp_queue_length: true\n enable_oom_kill: true\n collect_dns_stats: true\n max_tracked_connections: 131072\n conntrack_max_state_size: 131072\n runtime_compiler_output_dir: /var/tmp/datadog-agent/system-probe/build\n kernel_header_download_dir: /var/tmp/datadog-agent/system-probe/kernel-headers\n apt_config_dir: /host/etc/apt\n yum_repos_dir: /host/etc/yum.repos.d\n zypper_repos_dir: /host/etc/zypp/repos.d\n btf_path: \nnetwork_config:\n enabled: true\n conntrack_init_timeout: 10s\nservice_monitoring_config:\n enabled: true\n tls:\ntraceroute:\n enabled: false\ndiscovery:\n enabled: true\n network_stats:\n enabled: true\ngpu_monitoring:\n enabled: false\n configure_cgroup_perms: false\nruntime_security_config:\n enabled: true\n fim_enabled: true\n use_secruntime_track: true\n socket: /var/run/sysprobe/runtime-security.sock\n policies:\n dir: /etc/datadog-agent/runtime-security.d\n syscall_monitor:\n enabled: false\n network:\n enabled: true\n remote_configuration:\n enabled: true \n activity_dump:\n enabled: true\n traced_cgroups_count: 3\n cgroup_dump_timeout: 20\n cgroup_wait_list_size: 0\n path_merge:\n enabled: false\n\n security_profile:\n enabled: true\n anomaly_detection:\n enabled: true\n auto_suppression:\n enabled: true\n" kind: ConfigMap metadata: labels: diff --git a/test/datadog/baseline/manifests/usm_daemonset_default.yaml b/test/datadog/baseline/manifests/usm_daemonset_default.yaml index 57002f4dc..227fb072c 100644 --- a/test/datadog/baseline/manifests/usm_daemonset_default.yaml +++ b/test/datadog/baseline/manifests/usm_daemonset_default.yaml @@ -116,7 +116,7 @@ metadata: --- apiVersion: v1 data: - system-probe.yaml: "system_probe_config:\n enabled: true\n debug_port: 7654\n sysprobe_socket: /var/run/sysprobe/sysprobe.sock\n enable_conntrack: true\n bpf_debug: false\n enable_tcp_queue_length: true\n enable_oom_kill: true\n collect_dns_stats: true\n max_tracked_connections: 131072\n conntrack_max_state_size: 131072\n runtime_compiler_output_dir: /var/tmp/datadog-agent/system-probe/build\n kernel_header_download_dir: /var/tmp/datadog-agent/system-probe/kernel-headers\n apt_config_dir: /host/etc/apt\n yum_repos_dir: /host/etc/yum.repos.d\n zypper_repos_dir: /host/etc/zypp/repos.d\n btf_path: \nnetwork_config:\n enabled: true\n conntrack_init_timeout: 10s\nservice_monitoring_config:\n enabled: false\n tls:\ndiscovery:\n enabled: true\n network_stats:\n enabled: true\ngpu_monitoring:\n enabled: false\n configure_cgroup_perms: false\nruntime_security_config:\n enabled: false\n fim_enabled: true\n use_secruntime_track: true\n socket: /var/run/sysprobe/runtime-security.sock\n policies:\n dir: /etc/datadog-agent/runtime-security.d\n syscall_monitor:\n enabled: false\n network:\n enabled: true\n remote_configuration:\n enabled: false \n activity_dump:\n enabled: true\n traced_cgroups_count: 3\n cgroup_dump_timeout: 20\n cgroup_wait_list_size: 0\n path_merge:\n enabled: false\n\n security_profile:\n enabled: true\n anomaly_detection:\n enabled: true\n auto_suppression:\n enabled: true\n" + system-probe.yaml: "system_probe_config:\n enabled: true\n debug_port: 7654\n sysprobe_socket: /var/run/sysprobe/sysprobe.sock\n enable_conntrack: true\n bpf_debug: false\n enable_tcp_queue_length: true\n enable_oom_kill: true\n collect_dns_stats: true\n max_tracked_connections: 131072\n conntrack_max_state_size: 131072\n runtime_compiler_output_dir: /var/tmp/datadog-agent/system-probe/build\n kernel_header_download_dir: /var/tmp/datadog-agent/system-probe/kernel-headers\n apt_config_dir: /host/etc/apt\n yum_repos_dir: /host/etc/yum.repos.d\n zypper_repos_dir: /host/etc/zypp/repos.d\n btf_path: \nnetwork_config:\n enabled: true\n conntrack_init_timeout: 10s\nservice_monitoring_config:\n enabled: false\n tls:\ntraceroute:\n enabled: false\ndiscovery:\n enabled: true\n network_stats:\n enabled: true\ngpu_monitoring:\n enabled: false\n configure_cgroup_perms: false\nruntime_security_config:\n enabled: false\n fim_enabled: true\n use_secruntime_track: true\n socket: /var/run/sysprobe/runtime-security.sock\n policies:\n dir: /etc/datadog-agent/runtime-security.d\n syscall_monitor:\n enabled: false\n network:\n enabled: true\n remote_configuration:\n enabled: false \n activity_dump:\n enabled: true\n traced_cgroups_count: 3\n cgroup_dump_timeout: 20\n cgroup_wait_list_size: 0\n path_merge:\n enabled: false\n\n security_profile:\n enabled: true\n anomaly_detection:\n enabled: true\n auto_suppression:\n enabled: true\n" kind: ConfigMap metadata: labels: