diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 1a07b4bdb..fc17c224e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.163.0 + +* [AGTMETRICS-393] Update Agent Data Plane support to reflect new "Data Plane" terminology. ([#2313](https://github.com/DataDog/helm-charts/pull/2313)). + ## 3.162.0 * Add injectionMode option for APM instrumentation ([#2308](https://github.com/DataDog/helm-charts/pull/2308)). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 048e4dba5..04b505bb1 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.162.0 +version: 3.163.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a00c35b87..1c6794dca 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.162.0](https://img.shields.io/badge/Version-3.162.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.163.0](https://img.shields.io/badge/Version-3.163.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) > [!WARNING] > The Datadog Operator is now enabled by default since version [3.157.0](https://github.com/DataDog/helm-charts/blob/main/charts/datadog/CHANGELOG.md#31570) to collect chart metadata for display in [Fleet Automation](https://docs.datadoghq.com/agent/fleet_automation/). We are aware of issues affecting some environments and are actively working on fixes. We apologize for the inconvenience and appreciate your patience while we address these issues. @@ -721,12 +721,6 @@ helm install \ | commonLabels | object | `{}` | Labels to apply to all resources | | datadog-crds.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadog-crds.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | -| datadog.agentDataPlane.enabled | bool | `false` | Whether or not Agent Data Plane is enabled | -| datadog.agentDataPlane.image.digest | string | `""` | Define Agent Data Plane image digest to use, takes precedence over tag if specified | -| datadog.agentDataPlane.image.name | string | `"agent-data-plane"` | Agent Data Plane image name to use (relative to `registry`) | -| datadog.agentDataPlane.image.pullPolicy | string | `"IfNotPresent"` | Agent Data Plane image pull policy | -| datadog.agentDataPlane.image.repository | string | `nil` | Override default registry + image.name for Agent Data Plane | -| datadog.agentDataPlane.image.tag | string | `"0.1.11"` | Define the Agent Data Plane version to use | | datadog.apiKey | string | `nil` | Your Datadog API key | | datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | | datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | @@ -780,6 +774,13 @@ helm install \ | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | | datadog.csi.enabled | bool | `false` | Enable datadog csi driver Requires version 7.67 or later of the cluster agent Note: - When set to true, the CSI driver subchart will be installed automatically. - Do not install the CSI driver separately if this is enabled, or you may hit conflicts. | +| datadog.dataPlane.dogstatsd.enabled | bool | `false` | Whether or not DogStatsD is enabled in the data plane | +| datadog.dataPlane.enabled | bool | `false` | Whether or not the data plane is enabled Requires version 7.74 or later of the Datadog Agent. The data plane feature is currently in preview. Please reach out to your Datadog representative for more information. | +| datadog.dataPlane.image.digest | string | `""` | Define the data plane image digest to use, takes precedence over tag if specified | +| datadog.dataPlane.image.name | string | `"agent-data-plane"` | Data plane image name to use (relative to `registry`) | +| datadog.dataPlane.image.pullPolicy | string | `"IfNotPresent"` | Data plane image pull policy | +| datadog.dataPlane.image.repository | string | `nil` | Override default registry + image.name for data plane | +| datadog.dataPlane.image.tag | string | `"0.1.30"` | Define the data plane version to use | | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | | datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | diff --git a/charts/datadog/templates/_container-agent-data-plane.yaml b/charts/datadog/templates/_container-agent-data-plane.yaml index a58f9d560..3a3a948ac 100644 --- a/charts/datadog/templates/_container-agent-data-plane.yaml +++ b/charts/datadog/templates/_container-agent-data-plane.yaml @@ -1,15 +1,15 @@ {{- define "container-agent-data-plane" -}} - name: agent-data-plane - image: "{{ include "image-path" (dict "root" .Values "image" .Values.datadog.agentDataPlane.image) }}" - imagePullPolicy: {{ .Values.datadog.agentDataPlane.image.pullPolicy }} - command: ["agent-data-plane", "run", "--config={{ template "datadog.confPath" . }}/datadog.yaml"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agentDataPlane.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} + image: "{{ include "image-path" (dict "root" .Values "image" .Values.datadog.dataPlane.image) }}" + imagePullPolicy: {{ .Values.datadog.dataPlane.image.pullPolicy }} + command: ["agent-data-plane", "--config", "{{ template "datadog.confPath" . }}/datadog.yaml", "run"] resources: {{- if and (empty .Values.agents.containers.agentDataPlane.resources) .Values.providers.gke.autopilot -}} {{ include "default-container-resources" . | indent 4 }} {{- else }} {{ toYaml .Values.agents.containers.agentDataPlane.resources | indent 4 }} {{- end }} +{{- if .Values.datadog.dataPlane.dogstatsd.enabled }} ports: - containerPort: {{ .Values.datadog.dogstatsd.port }} {{- if .Values.datadog.dogstatsd.useHostPort }} @@ -17,7 +17,7 @@ {{- end }} name: dogstatsdport protocol: UDP - +{{- end }} {{- if .Values.agents.containers.agentDataPlane.ports }} {{ toYaml .Values.agents.containers.agentDataPlane.ports | indent 2 }} {{- end }} @@ -32,20 +32,23 @@ {{- end }} env: {{- include "containers-common-env" . | nindent 4 }} - {{- include "containers-dogstatsd-env" . | nindent 4 }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agentDataPlane.logLevel | default .Values.datadog.logLevel | quote }} {{- end }} - - name: DD_API_LISTEN_ADDRESS + - name: DD_DATA_PLANE_REMOTE_AGENT_ENABLED + value: "true" + - name: DD_DATA_PLANE_USE_NEW_CONFIG_STREAM_ENDPOINT + value: "true" + - name: DD_DATA_PLANE_API_LISTEN_ADDRESS {{- $unprivilegedApiPort := .Values.agents.containers.agentDataPlane.unprivilegedApiPort }} value: "tcp://0.0.0.0:{{ $unprivilegedApiPort }}" - - name: DD_SECURE_API_LISTEN_ADDRESS + - name: DD_DATA_PLANE_SECURE_API_LISTEN_ADDRESS {{- $privilegedApiPort := .Values.agents.containers.agentDataPlane.privilegedApiPort }} value: "tcp://0.0.0.0:{{ $privilegedApiPort }}" - - name: DD_TELEMETRY_ENABLED + - name: DD_DATA_PLANE_TELEMETRY_ENABLED value: "true" - - name: DD_PROMETHEUS_LISTEN_ADDR + - name: DD_DATA_PLANE_TELEMETRY_LISTEN_ADDR {{- $telemetryApiPort := .Values.agents.containers.agentDataPlane.telemetryApiPort }} value: "tcp://127.0.0.1:{{ $telemetryApiPort }}" {{- include "additional-env-entries" .Values.agents.containers.agentDataPlane.env | indent 4 }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 13a709d74..798d4a2ea 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -15,7 +15,7 @@ {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} {{- end }} ports: - {{- if eq (include "should-enable-agent-data-plane" .) "false" }} + {{- if eq (include "should-enable-data-plane" .) "false" }} - containerPort: {{ .Values.datadog.dogstatsd.port }} {{- if .Values.datadog.dogstatsd.useHostPort }} hostPort: {{ .Values.datadog.dogstatsd.port }} @@ -80,14 +80,14 @@ - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} {{- end }} - {{- if eq (include "should-enable-agent-data-plane" .) "true" }} - - name: DD_USE_DOGSTATSD - value: "false" + {{- if eq (include "should-enable-data-plane" .) "true" }} - name: DD_REMOTE_AGENT_REGISTRY_ENABLED value: "true" - {{- else }} - {{- include "containers-dogstatsd-env" . | nindent 4 }} + - name: DD_DATA_PLANE_ENABLED + value: "true" + {{- include "core-agent-data-plane-env" . | nindent 4 }} {{- end }} + {{- include "containers-dogstatsd-env" . | nindent 4 }} {{- if eq (include "cluster-agent-enabled" .) "false" }} {{- if .Values.datadog.leaderElection }} - name: DD_LEADER_ELECTION diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index de0c779ab..f86bc8594 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -154,15 +154,42 @@ false {{/* Return true if Agent Data Plane needs to be deployed + +This considers both whether or not the Data Plane feature is enabled and whether or not there's at least one +data pipeline enabled */}} -{{- define "should-enable-agent-data-plane" -}} -{{- if and .Values.datadog.agentDataPlane.enabled (not .Values.providers.gke.gdc) -}} +{{- define "should-enable-data-plane" -}} +{{- $adpVersion := .Values.datadog.dataPlane.image.tag -}} +{{- if not (semverCompare ">=0.1.29" $adpVersion) -}} +{{- fail "Agent Data Plane 0.1.29 or newer is required to enable the Data Plane feature." -}} +{{- end -}} +{{- if and .Values.datadog.dataPlane.enabled (not .Values.providers.gke.gdc) -}} +{{- if .Values.datadog.dataPlane.dogstatsd.enabled -}} true {{- else -}} +{{- fail "One or more data pipelines must be enabled when the Data Plane feature is enabled." -}} +{{- end -}} +{{- else -}} false {{- end -}} {{- end -}} +{{/* +Return env var settings for Core Agent when Data Plane feature is enabled +*/}} +{{- define "core-agent-data-plane-env" -}} +# If we're running 7.74.x or earlier, disable DogStatsD explicitly on the Core Agent if ADP has the DSD pipeline +# enabled. If ADP isn't handling DogStatsD, then we don't need to modify the value. +{{- if not (semverCompare "^6.75.0-0 || ^7.75.0-0" (include "get-agent-version" .)) -}} +{{- if .Values.datadog.dataPlane.dogstatsd.enabled }} +- name: DD_USE_DOGSTATSD + value: "false" +{{- end }} +{{- end }} +- name: DD_DATA_PLANE_DOGSTATSD_ENABLED + value: {{ .Values.datadog.dataPlane.dogstatsd.enabled | quote }} +{{- end -}} + {{/* Return true if k8sattributes RBAC rules should be added to the OTel Agent ClusterRole */}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 7c7a41ff6..9f8542695 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -73,7 +73,7 @@ spec: {{- if .Values.providers.gke.autopilot }} # Workaround for GKE Autopilot bug in versions >= 1.32.2-gke.1182000 and < 1.32.2-gke.1652000. autopilot.gke.io/no-connect: "true" {{- end }} - {{- if eq (include "should-enable-agent-data-plane" .) "true" }} + {{- if eq (include "should-enable-data-plane" .) "true" }} {{- $telemetryApiPort := .Values.agents.containers.agentDataPlane.telemetryApiPort }} ad.datadoghq.com/agent-data-plane.check_names: '["openmetrics"]' ad.datadoghq.com/agent-data-plane.init_configs: '[{}]' @@ -158,7 +158,7 @@ spec: {{- if eq (include "should-enable-otel-agent" .) "true" }} {{- include "container-otel-agent" . | nindent 6 }} {{- end }} - {{- if eq (include "should-enable-agent-data-plane" .) "true" }} + {{- if eq (include "should-enable-data-plane" .) "true" }} {{- include "container-agent-data-plane" . | nindent 6 }} {{- end }} initContainers: diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index b9c142c62..798230a83 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1281,25 +1281,32 @@ datadog: # - Do not install the CSI driver separately if this is enabled, or you may hit conflicts. enabled: false - ## Agent Data Plane is currently in preview. Please reach out to your Datadog representative for more information. - agentDataPlane: - # datadog.agentDataPlane.enabled -- Whether or not Agent Data Plane is enabled + dataPlane: + # datadog.dataPlane.enabled -- Whether or not the data plane is enabled + # + # Requires version 7.74 or later of the Datadog Agent. + # + # The data plane feature is currently in preview. Please reach out to your Datadog representative for more information. enabled: false + dogstatsd: + # datadog.dataPlane.dogstatsd.enabled -- Whether or not DogStatsD is enabled in the data plane + enabled: false + image: - # datadog.agentDataPlane.image.name -- Agent Data Plane image name to use (relative to `registry`) + # datadog.dataPlane.image.name -- Data plane image name to use (relative to `registry`) name: agent-data-plane - # datadog.agentDataPlane.image.tag -- Define the Agent Data Plane version to use - tag: 0.1.11 + # datadog.dataPlane.image.tag -- Define the data plane version to use + tag: 0.1.30 - # datadog.agentDataPlane.image.digest -- Define Agent Data Plane image digest to use, takes precedence over tag if specified + # datadog.dataPlane.image.digest -- Define the data plane image digest to use, takes precedence over tag if specified digest: "" - # datadog.agentDataPlane.image.repository -- Override default registry + image.name for Agent Data Plane + # datadog.dataPlane.image.repository -- Override default registry + image.name for data plane repository: - # datadog.agentDataPlane.image.pullPolicy -- Agent Data Plane image pull policy + # datadog.dataPlane.image.pullPolicy -- Data plane image pull policy pullPolicy: IfNotPresent ## Datadog Operator diff --git a/test/datadog/baseline/manifests/adp_enabled.yaml b/test/datadog/baseline/manifests/adp-enabled-dsd-enabled-7.74.yaml similarity index 98% rename from test/datadog/baseline/manifests/adp_enabled.yaml rename to test/datadog/baseline/manifests/adp-enabled-dsd-enabled-7.74.yaml index 2debb1494..595b95b39 100644 --- a/test/datadog/baseline/manifests/adp_enabled.yaml +++ b/test/datadog/baseline/manifests/adp-enabled-dsd-enabled-7.74.yaml @@ -1369,10 +1369,22 @@ spec: value: "true" - name: DD_LOG_LEVEL value: INFO + - name: DD_REMOTE_AGENT_REGISTRY_ENABLED + value: "true" + - name: DD_DATA_PLANE_ENABLED + value: "true" - name: DD_USE_DOGSTATSD value: "false" - - name: DD_REMOTE_AGENT_REGISTRY_ENABLED + - name: DD_DATA_PLANE_DOGSTATSD_ENABLED + value: "true" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket - name: DD_CLUSTER_AGENT_ENABLED value: "true" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -1625,8 +1637,9 @@ spec: readOnly: true - command: - agent-data-plane + - --config + - /etc/datadog-agent/datadog.yaml - run - - --config=/etc/datadog-agent/datadog.yaml env: - name: DD_API_KEY valueFrom: @@ -1653,25 +1666,21 @@ spec: value: "false" - name: DD_OTLP_CONFIG_LOGS_ENABLED value: "false" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: low - - name: DD_DOGSTATSD_SOCKET - value: /var/run/datadog/dsd.socket - name: DD_LOG_LEVEL value: INFO - - name: DD_API_LISTEN_ADDRESS + - name: DD_DATA_PLANE_REMOTE_AGENT_ENABLED + value: "true" + - name: DD_DATA_PLANE_USE_NEW_CONFIG_STREAM_ENDPOINT + value: "true" + - name: DD_DATA_PLANE_API_LISTEN_ADDRESS value: tcp://0.0.0.0:5100 - - name: DD_SECURE_API_LISTEN_ADDRESS + - name: DD_DATA_PLANE_SECURE_API_LISTEN_ADDRESS value: tcp://0.0.0.0:5101 - - name: DD_TELEMETRY_ENABLED + - name: DD_DATA_PLANE_TELEMETRY_ENABLED value: "true" - - name: DD_PROMETHEUS_LISTEN_ADDR + - name: DD_DATA_PLANE_TELEMETRY_LISTEN_ADDR value: tcp://127.0.0.1:5102 - image: gcr.io/datadoghq/agent-data-plane:0.1.11 + image: gcr.io/datadoghq/agent-data-plane:0.1.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 12 @@ -1699,8 +1708,6 @@ spec: successThreshold: 1 timeoutSeconds: 5 resources: {} - securityContext: - readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp name: tmpdir diff --git a/test/datadog/baseline/manifests/adp-enabled-dsd-enabled-7.75.yaml b/test/datadog/baseline/manifests/adp-enabled-dsd-enabled-7.75.yaml new file mode 100644 index 000000000..4a905fdab --- /dev/null +++ b/test/datadog/baseline/manifests/adp-enabled-dsd-enabled-7.75.yaml @@ -0,0 +1,2208 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 1.22.0 + name: datadog-operator + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - controllerrevisions + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key-secret-name: datadog-secret + app-key-secret-name: datadog-secret +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-endpoint-config + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 1.22.0 + name: datadog-operator +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - componentstatuses + - deployments + - limitranges + - namespaces + - persistentvolumeclaims + - persistentvolumes + - replicationcontrollers + - resourcequotas + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes/configz + - nodes/healthz + - nodes/logs + - nodes/metrics + - nodes/pods + - nodes/proxy + - nodes/spec + - nodes/stats + verbs: + - get + - apiGroups: + - '*' + resources: + - '*/scale' + verbs: + - get + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - '*' + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - rollouts + verbs: + - list + - watch + - patch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - get + - apiGroups: + - auto.gke.io + resources: + - allowlistsynchronizers + verbs: + - create + - get + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - watch + - apiGroups: + - cilium.io + resources: + - ciliumnetworkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagents + - datadogagents/finalizers + - datadoggenericresources + - datadoggenericresources/finalizers + - datadogmonitors + - datadogmonitors/finalizers + - datadogslos + - datadogslos/finalizers + - extendeddaemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagents/status + - datadoggenericresources/status + - datadogmonitors/status + - datadogslos/status + verbs: + - get + - patch + - update + - apiGroups: + - datadoghq.com + resources: + - datadogmetrics/status + verbs: + - update + - apiGroups: + - datadoghq.com + resources: + - datadogmetrics + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogpodautoscalers + - datadogpodautoscalers/status + verbs: + - '*' + - apiGroups: + - datadoghq.com + resources: + - extendeddaemonsetreplicasets + - watermarkpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - datadoghq.com + - karpenter.azure.com + resources: + - '*' + verbs: + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - apiGroups: + - external.metrics.k8s.io + - karpenter.k8s.aws + resources: + - '*' + verbs: + - get + - list + - watch + - apiGroups: + - gateway.envoyproxy.io + resources: + - envoyextensionpolicies + verbs: + - create + - delete + - get + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + verbs: + - get + - list + - patch + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - create + - delete + - get + - patch + - apiGroups: + - karpenter.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get + - apiGroups: + - networking.istio.io + resources: + - envoyfilters + verbs: + - create + - delete + - get + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - patch + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - restricted + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - get + - list + - watch + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + - /metrics + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - apiGroups: + - datadoghq.com + - karpenter.azure.com + - karpenter.k8s.aws + - karpenter.sh + resources: + - '*' + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - rollouts + - applications + - applicationsets + verbs: + - list + - watch + - get + - apiGroups: + - source.toolkit.fluxcd.io + resources: + - buckets + - helmcharts + - externalartifacts + - gitrepositories + - helmrepositories + - ocirepositories + verbs: + - list + - watch + - get + - apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - kustomizations + verbs: + - list + - watch + - get + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - gatewayclasses + verbs: + - get + - list + - watch + - patch + - apiGroups: + - gateway.networking.k8s.io + resources: + - referencegrants + verbs: + - get + - delete + - create + - patch + - apiGroups: + - gateway.envoyproxy.io + resources: + - envoyextensionpolicies + verbs: + - get + - delete + - create + - apiGroups: + - networking.istio.io + resources: + - envoyfilters + verbs: + - get + - create + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + - controllerrevisions + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: datadog-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-operator +subjects: + - kind: ServiceAccount + name: datadog-operator + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + agent.datadoghq.com/component: agent + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog-agent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/part-of: datadog--agent-datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: + ad.datadoghq.com/agent-data-plane.check_names: '["openmetrics"]' + ad.datadoghq.com/agent-data-plane.init_configs: '[{}]' + ad.datadoghq.com/agent-data-plane.instances: | + [{ + "prometheus_url":"http://127.0.0.1:5102/metrics", + "metrics":["*"], + "namespace": "datadog.agent", + "send_distribution_buckets": true, + "max_returned_metrics": 4000 + }] + labels: + admission.datadoghq.com/enabled: "false" + agent.datadoghq.com/component: agent + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog-agent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/part-of: datadog--agent-datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_CSI_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_KUBELET_USE_API_SERVER + value: "false" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_REMOTE_AGENT_REGISTRY_ENABLED + value: "true" + - name: DD_DATA_PLANE_ENABLED + value: "true" + - name: DD_DATA_PLANE_DOGSTATSD_ENABLED + value: "true" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + - name: DD_KUBERNETES_KUBE_SERVICE_IGNORE_READINESS + value: "false" + - name: DD_ORCHESTRATOR_EXPLORER_KUBELET_CONFIG_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.75.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: null + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - mountPath: /opt/datadog-agent/run + name: datadogrun + - command: + - trace-loader + - /etc/datadog-agent/datadog.yaml + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_CSI_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_KUBELET_USE_API_SERVER + value: "false" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.75.0 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - command: + - agent-data-plane + - --config + - /etc/datadog-agent/datadog.yaml + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_CSI_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_KUBELET_USE_API_SERVER + value: "false" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DATA_PLANE_REMOTE_AGENT_ENABLED + value: "true" + - name: DD_DATA_PLANE_USE_NEW_CONFIG_STREAM_ENDPOINT + value: "true" + - name: DD_DATA_PLANE_API_LISTEN_ADDRESS + value: tcp://0.0.0.0:5100 + - name: DD_DATA_PLANE_SECURE_API_LISTEN_ADDRESS + value: tcp://0.0.0.0:5101 + - name: DD_DATA_PLANE_TELEMETRY_ENABLED + value: "true" + - name: DD_DATA_PLANE_TELEMETRY_LISTEN_ADDR + value: tcp://127.0.0.1:5102 + image: gcr.io/datadoghq/agent-data-plane:0.1.30 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 12 + httpGet: + path: /live + port: 5100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + name: agent-data-plane + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 12 + httpGet: + path: /ready + port: 5100 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + volumeMounts: + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.75.0 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_CSI_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_KUBELET_USE_API_SERVER + value: "false" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.75.0 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + - emptyDir: {} + name: datadogrun + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: operator + app.kubernetes.io/version: 1.22.0 + name: datadog-operator + namespace: datadog-agent +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/name: operator + template: + metadata: + annotations: + ad.datadoghq.com/operator.check_names: '["openmetrics"]' + ad.datadoghq.com/operator.init_configs: '[{}]' + ad.datadoghq.com/operator.instances: | + [{ + "prometheus_url": "http://%%host%%:8383/metrics", + "namespace": "datadog.operator", + "metrics": ["*"] + }] + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/name: operator + spec: + containers: + - args: + - -supportExtendedDaemonset=false + - -logEncoder=json + - -metrics-addr=:8383 + - -loglevel=info + - -operatorMetricsEnabled=true + - -introspectionEnabled=false + - -datadogAgentProfileEnabled=false + - -datadogMonitorEnabled=false + - -datadogAgentEnabled=false + - -datadogSLOEnabled=true + - -datadogDashboardEnabled=false + - -datadogGenericResourceEnabled=true + - -remoteConfigEnabled=false + - -datadogAgentInternalEnabled=false + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_TOOL_VERSION + value: helm + image: gcr.io/datadoghq/operator:1.21.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz/ + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 10 + name: operator + ports: + - containerPort: 8383 + name: metrics + protocol: TCP + resources: {} + volumeMounts: null + serviceAccountName: datadog-operator + volumes: null +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + agent.datadoghq.com/component: cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog-cluster-agent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/part-of: datadog--agent-datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + agent.datadoghq.com/component: cluster-agent + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog-cluster-agent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/part-of: datadog--agent-datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_CSI_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_APP_KEY + valueFrom: + secretKeyRef: + key: app-key + name: datadog-secret + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_TRACE_AGENT_HOST_SOCKET_PATH + value: /var/run/datadog + - name: DD_DOGSTATSD_HOST_SOCKET_PATH + value: /var/run/datadog + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_APM_INSTRUMENTATION_INJECTION_MODE + value: auto + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_KUBE_SERVICE_IGNORE_READINESS + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.74.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.74.0 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.d/kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.d/kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/values/adp_enabled.yaml b/test/datadog/baseline/values/adp-enabled-dsd-enabled-7.74.yaml similarity index 56% rename from test/datadog/baseline/values/adp_enabled.yaml rename to test/datadog/baseline/values/adp-enabled-dsd-enabled-7.74.yaml index 9ca96c611..1785f5947 100644 --- a/test/datadog/baseline/values/adp_enabled.yaml +++ b/test/datadog/baseline/values/adp-enabled-dsd-enabled-7.74.yaml @@ -2,5 +2,11 @@ datadog: apiKeyExistingSecret: datadog-secret appKeyExistingSecret: datadog-secret - agentDataPlane: + dataPlane: enabled: true + dogstatsd: + enabled: true + +agents: + image: + tag: 7.74.0 diff --git a/test/datadog/baseline/values/adp-enabled-dsd-enabled-7.75.yaml b/test/datadog/baseline/values/adp-enabled-dsd-enabled-7.75.yaml new file mode 100644 index 000000000..90e49518e --- /dev/null +++ b/test/datadog/baseline/values/adp-enabled-dsd-enabled-7.75.yaml @@ -0,0 +1,12 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + + dataPlane: + enabled: true + dogstatsd: + enabled: true + +agents: + image: + tag: 7.75.0