├── charts ├── datadog-operator │ ├── ci │ │ └── kubeval.yaml │ ├── README.md.gotmpl │ ├── Chart.lock │ ├── templates │ │ ├── service_account.yaml │ │ ├── secret_api_key.yaml │ │ ├── secret_application_key.yaml │ │ ├── pod_disruption_budget.yaml │ │ ├── role_binding.yaml │ │ ├── clusterrole_binding.yaml │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ └── clusterrole.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── CHANGELOG.md │ ├── README.md │ └── values.yaml ├── extended-daemon-set │ ├── ci │ │ └── kubeval.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── serviceaccount.yaml │ │ ├── clusterrole.yaml │ │ ├── role_binding.yaml │ │ ├── clusterrole_binding.yaml │ │ ├── role.yaml │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── CHANGELOG.md │ ├── requirements.yaml │ ├── requirements.lock │ ├── Chart.yaml │ ├── .helmignore │ ├── README.md.gotmpl │ ├── README.md │ └── values.yaml ├── synthetics-private-location │ ├── ci │ │ └── kubeval.yaml │ ├── templates │ │ ├── service_account.yaml │ │ ├── secret.yaml │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── deployment.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── CHANGELOG.md │ ├── README.md.gotmpl │ ├── values.yaml │ └── README.md ├── datadog-crds │ ├── ci │ │ └── kubeval.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── datadoghq.com_datadogmetrics_v1beta1.yaml │ │ ├── datadoghq.com_datadogmetrics_v1.yaml │ │ └── datadoghq.com_extendeddaemonsetsettings_v1beta1.yaml │ ├── .helmignore │ ├── Chart.yaml │ ├── CHANGELOG.md │ ├── values.yaml │ ├── README.md.gotmpl │ ├── README.md │ └── update-crds.sh └── datadog │ ├── ci │ ├── default-values.yaml │ ├── securitycontext-nil-values.yaml │ ├── no_hardened_seccomp-values.yaml │ ├── agent-with-dynamic-annotations-values.yaml │ ├── psp-test-values.yaml │ ├── cluster-agent-metrics-server-service-port-values.yaml │ ├── security-agent-compliance-values.yaml │ ├── dogstastd-socket-values.yaml │ ├── disable-apparmor-values.yaml │ ├── network-policy-values.yaml │ ├── gke-autopilot-values.yaml │ ├── cluster-agent-with-dynamic-annotations-values.yaml │ ├── cluster-agent-values.yaml │ ├── cluster-agent-and-worker-with-dedicated-rbac-values.yaml │ └── kubeval.yaml │ ├── requirements.lock │ ├── templates │ ├── secret-api-key.yaml │ ├── checksd-configmap.yaml │ ├── cluster-agent-pdb.yaml │ ├── agent-clusterchecks-pdb.yaml │ ├── secret-application-key.yaml │ ├── cluster-agent-psp.yaml │ ├── install_info-configmap.yaml │ ├── _daemonset-volumes-windows.yaml │ ├── secret-cluster-agent-token.yaml │ ├── _system-probe-init.yaml │ ├── cluster-agent-config-configmap.yaml │ ├── agent-apiservice.yaml │ ├── confd-configmap.yaml │ ├── kube-state-metrics-network-policy.yaml │ ├── cluster-agent-scc.yaml │ ├── cluster-agent-confd-configmap.yaml │ ├── agent-clusterchecks-rbac.yaml │ ├── hpa-external-metrics-rbac.yaml │ ├── agent-clusterchecks-network-policy.yaml │ ├── agent-network-policy.yaml │ ├── _containers-init-windows.yaml │ ├── cluster-agent-network-policy.yaml │ ├── datadog-yaml-configmap.yaml │ ├── agent-psp.yaml │ ├── kube-state-metrics-cilium-network-policy.yaml │ ├── _containers-init-linux.yaml │ ├── agent-scc.yaml │ ├── _container-system-probe.yaml │ ├── agent-services.yaml │ ├── agent-clusterchecks-cilium-network-policy.yaml │ ├── rbac.yaml │ ├── _daemonset-volumes-linux.yaml │ ├── _container-trace-agent.yaml │ ├── _container-process-agent.yaml │ ├── _container-security-agent.yaml │ ├── cluster-agent-cilium-network-policy.yaml │ ├── agent-cilium-network-policy.yaml │ ├── _containers-common-env.yaml │ └── system-probe-configmap.yaml │ ├── requirements.yaml │ ├── Chart.yaml │ └── .helmignore ├── .gitignore ├── Makefile ├── .github ├── ISSUE_TEMPLATE.md ├── ct.yaml ├── helm-docs.sh ├── PULL_REQUEST_TEMPLATE.md ├── CODEOWNERS ├── workflows │ ├── release.yaml │ └── ci.yaml └── kubeval.sh ├── README.md ├── CONTRIBUTING.md ├── examples └── datadog │ ├── agent_on_aks_values_windows.yaml │ ├── agent_basic_values.yaml │ ├── agent_with_cluster_agent_values.yaml │ ├── agent_on_aks_values.yaml │ ├── agent_on_rancher_values.yaml │ └── agent_on_openshift_values.yaml └── crds └── datadoghq.com_datadogmetrics.yaml /charts/datadog-operator/ci/kubeval.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/ci/kubeval.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/ci/kubeval.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | charts/*/charts 2 | helm-docs 3 | kubeval 4 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all: docs 2 | 3 | docs: 4 | ./.github/helm-docs.sh 5 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 0.1.0 4 | 5 | * Initial version 6 | -------------------------------------------------------------------------------- /charts/datadog-crds/ci/kubeval.yaml: -------------------------------------------------------------------------------- 1 | crds: 2 | datadogMetrics: true 3 | datadogAgents: true 4 | datadogMonitors: true 5 | -------------------------------------------------------------------------------- /charts/datadog/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | # Empty values file for testing default parameters. 2 | datadog: 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | -------------------------------------------------------------------------------- /charts/datadog-crds/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Datadog CRD(s) installed: 2 | {{- if .Values.crds.datadogMetrics }} 3 | * DatadogMetric 4 | {{- end }} 5 | {{- if .Values.crds.datadogAgents }} 6 | * DatadogAgent 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: datadog-crds 3 | version: "=0.3.4" 4 | repository: https://helm.datadoghq.com 5 | condition: true 6 | tags: 7 | - install-crds 8 | -------------------------------------------------------------------------------- /charts/datadog-operator/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # Datadog Operator 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | {{ template "chart.valuesSection" . }} -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | **Describe what happened:** 2 | 3 | 4 | **Describe what you expected:** 5 | 6 | 7 | **Steps to reproduce the issue:** 8 | 9 | 10 | **Additional environment details (Operating System, Cloud provider, etc):** 11 | 12 | -------------------------------------------------------------------------------- /charts/datadog-operator/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: datadog-crds 3 | repository: https://helm.datadoghq.com 4 | version: 0.3.0 5 | digest: sha256:1406eb79da66a64048b90d085942e9e01f8bcd98695a70891aeeabcc6331ac67 6 | generated: "2021-05-04T22:47:27.89225+02:00" 7 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: datadog-crds 3 | repository: https://helm.datadoghq.com 4 | version: 0.3.4 5 | digest: sha256:d9bf1befc92cbf2572ed2fe02404ae71ef0590220937e0f519fae94bb2cc3839 6 | generated: "2021-08-04T10:58:57.57067+02:00" 7 | -------------------------------------------------------------------------------- /charts/datadog/ci/securitycontext-nil-values.yaml: -------------------------------------------------------------------------------- 1 | # Test the support of `securitContext` set to `nil` 2 | datadog: 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | kubeStateMetricsEnabled: false 6 | 7 | securityContext: 8 | -------------------------------------------------------------------------------- /charts/datadog/ci/no_hardened_seccomp-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: "00000000000000000000000000000000" 3 | appKey: "0000000000000000000000000000000000000000" 4 | kubeStateMetricsEnabled: false 5 | networkMonitoring: 6 | enabled: true 7 | systemProbe: 8 | seccomp: runtime/default 9 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "datadog-operator.serviceAccountName" . }} 6 | labels: 7 | {{ include "datadog-operator.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /charts/datadog/ci/agent-with-dynamic-annotations-values.yaml: -------------------------------------------------------------------------------- 1 | agents: 2 | enabled: true 3 | podAnnotations: 4 | pod-annotation: "{{.Values.agents.enabled}}" 5 | rbac: 6 | enabled: true 7 | serviceAccountAnnotations: 8 | "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/datadog" 9 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "extendeddaemonset.serviceAccountName" . }} 6 | labels: 7 | {{ include "extendeddaemonset.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /.github/ct.yaml: -------------------------------------------------------------------------------- 1 | remote: origin 2 | target-branch: main 3 | chart-dirs: 4 | - charts 5 | chart-repos: 6 | - datadog=https://helm.datadoghq.com 7 | - kube-state-metrics=https://prometheus-community.github.io/helm-charts 8 | helm-extra-args: --timeout 300s 9 | check-version-increment: true 10 | debug: true 11 | -------------------------------------------------------------------------------- /charts/datadog/ci/psp-test-values.yaml: -------------------------------------------------------------------------------- 1 | # Empty values file for testing default parameters. 2 | datadog: 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | kubeStateMetricsEnabled: false 6 | agents: 7 | podSecurity: 8 | podSecurityPolicy: 9 | create: true 10 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/templates/service_account.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "synthetics-private-location.serviceAccountName" . }} 6 | labels: 7 | {{ include "synthetics-private-location.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /charts/datadog/ci/cluster-agent-metrics-server-service-port-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: "00000000000000000000000000000000" 3 | appKey: "0000000000000000000000000000000000000000" 4 | kubeStateMetricsEnabled: false 5 | 6 | clusterAgent: 7 | enabled: true 8 | 9 | metricsProvider: 10 | enabled: true 11 | 12 | service: 13 | port: 4443 14 | -------------------------------------------------------------------------------- /charts/datadog/ci/security-agent-compliance-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: "00000000000000000000000000000000" 3 | appKey: "0000000000000000000000000000000000000000" 4 | 5 | clusterAgent: 6 | enabled: true 7 | 8 | securityAgent: 9 | compliance: 10 | enabled: true 11 | # Set an empty configMap so that we don't try to mount one 12 | configMap: 13 | -------------------------------------------------------------------------------- /charts/datadog/ci/dogstastd-socket-values.yaml: -------------------------------------------------------------------------------- 1 | # Empty values file for testing default parameters. 2 | datadog: 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | kubeStateMetricsEnabled: false 6 | 7 | dogstatsd: 8 | useSocketVolume: true 9 | 10 | apm: 11 | enabled: true 12 | useSocketVolume: true 13 | -------------------------------------------------------------------------------- /charts/datadog/requirements.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: datadog-crds 3 | repository: https://helm.datadoghq.com 4 | version: 0.3.2 5 | - name: kube-state-metrics 6 | repository: https://prometheus-community.github.io/helm-charts 7 | version: 2.13.2 8 | digest: sha256:fba58e151b8e26c07874746e72e17385da6e6e85883c3777397050bbb8fe4e32 9 | generated: "2021-07-28T17:51:46.994751+02:00" 10 | -------------------------------------------------------------------------------- /charts/datadog/ci/disable-apparmor-values.yaml: -------------------------------------------------------------------------------- 1 | # Tests that disabling apparmor is supported 2 | datadog: 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | kubeStateMetricsEnabled: false 6 | networkMonitoring: 7 | enabled: true 8 | agents: 9 | podSecurity: 10 | podSecurityPolicy: 11 | create: true 12 | apparmor: 13 | enabled: false 14 | -------------------------------------------------------------------------------- /charts/datadog/templates/secret-api-key.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.datadog.apiKeyExistingSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "datadog.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | api-key: {{ default "MISSING" .Values.datadog.apiKey | b64enc | quote }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/datadog/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: datadog-crds 3 | version: "=0.3.2" 4 | repository: https://helm.datadoghq.com 5 | condition: clusterAgent.metricsProvider.useDatadogMetrics 6 | tags: 7 | - install-crds 8 | - name: kube-state-metrics 9 | version: "=2.13.2" 10 | repository: https://prometheus-community.github.io/helm-charts 11 | condition: datadog.kubeStateMetricsEnabled 12 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "extendeddaemonset.fullname" . }} 6 | labels: 7 | {{ include "extendeddaemonset.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - nodes 13 | verbs: 14 | - get 15 | - watch 16 | - list 17 | {{- end -}} 18 | -------------------------------------------------------------------------------- /charts/datadog/ci/network-policy-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: "00000000000000000000000000000000" 3 | appKey: "0000000000000000000000000000000000000000" 4 | agents: 5 | enabled: true 6 | networkPolicy: 7 | create: true 8 | clusterAgent: 9 | enabled: true 10 | metricsProvider: 11 | enabled: true 12 | networkPolicy: 13 | create: true 14 | clusterChecksRunner: 15 | enabled: true 16 | networkPolicy: 17 | create: true 18 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.configConfigMap) (not .Values.configSecret) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "synthetics-private-location.fullname" . }}-config 6 | labels: 7 | {{- include "synthetics-private-location.labels" . | nindent 4 }} 8 | data: 9 | synthetics-check-runner.json: {{ .Values.configFile | b64enc | quote }} 10 | --- 11 | {{- end }} 12 | 13 | -------------------------------------------------------------------------------- /.github/helm-docs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | HELM_DOCS_VERSION="0.15.0" 5 | OS=$(uname) 6 | 7 | # install helm-docs 8 | curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_${OS}_x86_64.tar.gz 9 | tar -xf /tmp/helm-docs.tar.gz helm-docs 10 | 11 | # validate docs 12 | ./helm-docs 13 | git diff --exit-code 14 | -------------------------------------------------------------------------------- /charts/datadog-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/secret_api_key.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.apiKey (not .Values.apiKeyExistingSecret) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "datadog-operator.apiKeySecretName" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ include "datadog-operator.name" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | type: Opaque 10 | data: 11 | api-key: {{ .Values.apiKey | b64enc | quote }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: v0.6.0 3 | description: Extended Daemonset Controller 4 | name: extendeddaemonset 5 | version: v0.1.0 6 | keywords: 7 | - monitoring 8 | - alerting 9 | - metric 10 | home: https://www.datadoghq.com 11 | icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png 12 | sources: 13 | - https://github.com/DataDog/extendeddaemonset 14 | maintainers: 15 | - name: Datadog 16 | email: support@datadoghq.com 17 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/datadog-crds/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/secret_application_key.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.appKey (not .Values.appKeyExistingSecret) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "datadog-operator.appKeySecretName" . }} 6 | labels: 7 | app.kubernetes.io/name: {{ include "datadog-operator.name" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | type: Opaque 10 | data: 11 | app-key: {{ .Values.appKey | b64enc | quote }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/datadog/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: datadog 3 | version: 2.20.1 4 | appVersion: "7" 5 | description: Datadog Agent 6 | keywords: 7 | - monitoring 8 | - alerting 9 | - metric 10 | home: https://www.datadoghq.com 11 | icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png 12 | sources: 13 | - https://app.datadoghq.com/account/settings#agent/kubernetes 14 | - https://github.com/DataDog/datadog-agent 15 | maintainers: 16 | - name: Datadog 17 | email: support@datadoghq.com 18 | -------------------------------------------------------------------------------- /charts/datadog/templates/checksd-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.datadog.checksd }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-checksd 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | annotations: 10 | checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} 11 | data: 12 | {{ tpl (toYaml .Values.datadog.checksd) . | indent 2 }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /charts/datadog/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | # OWNERS file for Kubernetes 23 | OWNERS 24 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterAgent.createPodDisruptionBudget -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | minAvailable: 1 11 | selector: 12 | matchLabels: 13 | app: {{ template "datadog.fullname" . }}-cluster-agent 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/datadog/ci/gke-autopilot-values.yaml: -------------------------------------------------------------------------------- 1 | # Empty values file for testing default parameters. 2 | datadog: 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | 6 | logs: 7 | enabled: true 8 | apm: 9 | enabled: true 10 | 11 | kubeStateMetricsEnabled: false 12 | kubeStateMetricsCore: 13 | enabled: true 14 | 15 | providers: 16 | gke: 17 | autopilot: true 18 | 19 | clusterAgent: 20 | metricsProvider: 21 | enabled: true 22 | -------------------------------------------------------------------------------- /charts/datadog/ci/cluster-agent-with-dynamic-annotations-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | clusterName: kubernetes-cluster.example.comkubernetes-cluster.example.com.kube.rnetes-80chars 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | kubeStateMetricsEnabled: false 6 | clusterChecks: 7 | enabled: true 8 | 9 | clusterAgent: 10 | enabled: true 11 | wpaController: true 12 | podAnnotations: 13 | pod-annotation: "{{.Values.datadog.clusterName}}" 14 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-clusterchecks-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterChecksRunner.createPodDisruptionBudget -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-clusterchecks 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | maxUnavailable: 1 11 | selector: 12 | matchLabels: 13 | app: {{ template "datadog.fullname" . }}-clusterchecks 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/pod_disruption_budget.yaml: -------------------------------------------------------------------------------- 1 | {{- if gt .Values.replicaCount 1.0 -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "datadog-operator.fullname" . }} 6 | labels: 7 | {{ include "datadog-operator.labels" . | indent 4 }} 8 | spec: 9 | minAvailable: 1 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: {{ include "datadog-operator.name" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/role_binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "datadog-operator.fullname" . }} 6 | labels: 7 | {{ include "datadog-operator.labels" . | indent 4 }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ include "datadog-operator.fullname" . }} 11 | roleRef: 12 | kind: Role 13 | name: {{ include "datadog-operator.fullname" . }} 14 | apiGroup: rbac.authorization.k8s.io 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/clusterrole_binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "datadog-operator.fullname" . }} 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: {{ include "datadog-operator.fullname" . }} 10 | subjects: 11 | - kind: ServiceAccount 12 | name: {{ template "datadog-operator.serviceAccountName" . }} 13 | namespace: {{ .Release.Namespace }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Datadog Helm Charts 2 | 3 | [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/datadog)](https://artifacthub.io/packages/search?repo=datadog) 4 | 5 | Official Helm charts for Datadog products. Currently supported: 6 | - [Datadog Agents](charts/datadog/README.md) (datadog/datadog) 7 | 8 | ## How to use Datadog Helm repository 9 | 10 | You need to add this repository to your Helm repositories: 11 | 12 | ``` 13 | helm repo add datadog https://helm.datadoghq.com 14 | helm repo update 15 | ``` 16 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/role_binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "extendeddaemonset.fullname" . }} 6 | labels: 7 | {{ include "extendeddaemonset.labels" . | indent 4 }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ template "extendeddaemonset.serviceAccountName" . }} 11 | roleRef: 12 | kind: Role 13 | name: {{ include "extendeddaemonset.fullname" . }} 14 | apiGroup: rbac.authorization.k8s.io 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: synthetics-private-location 3 | version: 0.8.0 4 | appVersion: 1.4.0 5 | description: Datadog Synthetics Private Location 6 | keywords: 7 | - monitoring 8 | - synthetics 9 | home: https://www.datadoghq.com 10 | icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png 11 | sources: 12 | - https://docs.datadoghq.com/synthetics/private_locations 13 | - https://app.datadoghq.com/synthetics/settings/private-locations 14 | maintainers: 15 | - name: Datadog 16 | email: support@datadoghq.com 17 | -------------------------------------------------------------------------------- /charts/datadog/templates/secret-application-key.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.datadog.appKeyExistingSecret }} 2 | {{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ template "datadog.appKeySecretName" . }} 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "datadog.labels" . | indent 4 }} 10 | type: Opaque 11 | data: 12 | app-key: {{ default "MISSING" .Values.datadog.appKey | b64enc | quote }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterAgent.podSecurity.podSecurityPolicy.create }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | spec: 9 | volumes: 10 | - configMap 11 | - hostPath 12 | - secret 13 | fsGroup: 14 | rule: RunAsAny 15 | runAsUser: 16 | rule: RunAsAny 17 | seLinux: 18 | rule: RunAsAny 19 | supplementalGroups: 20 | rule: RunAsAny 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/datadog/templates/install_info-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "datadog.fullname" . }}-installinfo 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | annotations: 9 | checksum/install_info: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} 10 | data: 11 | install_info: | 12 | --- 13 | install_method: 14 | tool: helm 15 | tool_version: {{ .Release.Service }} 16 | installer_version: {{ .Chart.Name }}-{{ .Chart.Version }} 17 | -------------------------------------------------------------------------------- /charts/datadog-crds/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: datadog-crds 3 | description: Datadog Kubernetes CRDs chart 4 | version: 0.3.4 5 | appVersion: "1" 6 | keywords: 7 | - monitoring 8 | - alerting 9 | - metric 10 | home: https://www.datadoghq.com 11 | icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png 12 | sources: 13 | - https://app.datadoghq.com/account/settings#agent/kubernetes 14 | - https://github.com/DataDog/datadog-operator 15 | - https://docs.datadoghq.com/agent/cluster_agent/external_metrics 16 | maintainers: 17 | - name: Datadog 18 | email: support@datadoghq.com 19 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/clusterrole_binding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "extendeddaemonset.fullname" . }} 6 | labels: 7 | {{ include "extendeddaemonset.labels" . | indent 4 }} 8 | subjects: 9 | - kind: ServiceAccount 10 | namespace: {{ .Release.Namespace }} 11 | name: {{ template "extendeddaemonset.serviceAccountName" . }} 12 | roleRef: 13 | kind: ClusterRole 14 | name: {{ include "extendeddaemonset.fullname" . }} 15 | apiGroup: rbac.authorization.k8s.io 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | #### What this PR does / why we need it: 2 | 3 | #### Which issue this PR fixes 4 | *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)* 5 | - fixes # 6 | 7 | #### Special notes for your reviewer: 8 | 9 | #### Checklist 10 | [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] 11 | - [ ] Documentation has been updated with helm-docs (run: `.github/helm-docs.sh`) 12 | - [ ] Chart Version bumped 13 | - [ ] `CHANGELOG.md` has beed updated 14 | - [ ] Variables are documented in the `README.md` 15 | -------------------------------------------------------------------------------- /charts/datadog/templates/_daemonset-volumes-windows.yaml: -------------------------------------------------------------------------------- 1 | {{- define "daemonset-volumes-windows" -}} 2 | {{- if .Values.datadog.kubelet.hostCAPath }} 3 | - hostPath: 4 | path: {{ dir .Values.datadog.kubelet.hostCAPath }} 5 | type: Directory 6 | name: kubelet-ca 7 | {{- end }} 8 | {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} 9 | - hostPath: 10 | path: C:/var/log 11 | name: pointerdir 12 | - hostPath: 13 | path: C:/var/log/pods 14 | name: logpodpath 15 | - hostPath: 16 | path: C:/ProgramData/docker/containers 17 | name: logdockercontainerpath 18 | {{- end }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/datadog/templates/secret-cluster-agent-token.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.clusterAgent.tokenExistingSecret }} 2 | {{- if eq (include "should-deploy-cluster-agent" .) "true" -}} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ template "clusterAgent.tokenSecretName" . }} 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "datadog.labels" . | indent 4 }} 10 | type: Opaque 11 | data: 12 | {{ if .Values.clusterAgent.token -}} 13 | token: {{ .Values.clusterAgent.token | b64enc | quote }} 14 | {{ else -}} 15 | token: {{ randAlphaNum 32 | b64enc | quote }} 16 | {{ end }} 17 | {{- end }} 18 | {{ end }} 19 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Code owners for charts 2 | 3 | * @DataDog/container-integrations 4 | 5 | # Documentation 6 | *.md @DataDog/documentation @DataDog/container-integrations 7 | 8 | # Charts 9 | charts/datadog/templates/container-system-probe.yaml @DataDog/agent-network @DataDog/container-integrations 10 | charts/datadog/templates/system-probe-configmap.yaml @DataDog/agent-network @DataDog/container-integrations 11 | charts/datadog/templates/system-probe-init.yaml @DataDog/agent-network @DataDog/container-integrations 12 | charts/synthetics-private-location/* @Datadog/synthetics @DataDog/container-integrations 13 | -------------------------------------------------------------------------------- /charts/datadog/ci/cluster-agent-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | clusterName: kubernetes-cluster.example.comkubernetes-cluster.example.com.kube.rnetes-80chars 3 | apiKey: "00000000000000000000000000000000" 4 | appKey: "0000000000000000000000000000000000000000" 5 | kubeStateMetricsEnabled: false 6 | clusterChecks: 7 | enabled: true 8 | 9 | clusterAgent: 10 | enabled: true 11 | wpaController: true 12 | 13 | clusterChecksRunner: 14 | enabled: true 15 | replicas: 1 16 | 17 | volumes: 18 | - name: tmp 19 | hostPath: 20 | path: /tmp 21 | 22 | volumeMounts: 23 | - name: tmp 24 | mountPath: /etc/tmp 25 | readOnly: true 26 | -------------------------------------------------------------------------------- /charts/datadog/templates/_system-probe-init.yaml: -------------------------------------------------------------------------------- 1 | {{- define "system-probe-init" -}} 2 | - name: seccomp-setup 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | command: 5 | - cp 6 | - /etc/config/system-probe-seccomp.json 7 | - /host/var/lib/kubelet/seccomp/system-probe 8 | volumeMounts: 9 | - name: datadog-agent-security 10 | mountPath: /etc/config 11 | - name: seccomp-root 12 | mountPath: /host/var/lib/kubelet/seccomp 13 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 14 | resources: 15 | {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/datadog-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: datadog-operator 3 | version: 0.6.3 4 | appVersion: 0.6.0 5 | description: Datadog Operator 6 | keywords: 7 | - monitoring 8 | - alerting 9 | - metric 10 | home: https://www.datadoghq.com 11 | icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png 12 | sources: 13 | - https://app.datadoghq.com/account/settings#agent/kubernetes 14 | - https://github.com/DataDog/datadog-agent 15 | maintainers: 16 | - name: Datadog 17 | email: support@datadoghq.com 18 | dependencies: 19 | - name: datadog-crds 20 | version: "=0.3.0" 21 | repository: https://helm.datadoghq.com 22 | condition: installCRDs 23 | tags: 24 | - install-crds 25 | -------------------------------------------------------------------------------- /charts/datadog-crds/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 0.3.4 4 | 5 | * Include only `v1beta1` CRDs from the EDS v0.6.0 tag. 6 | 7 | ## 0.3.3 8 | 9 | * Add CRDs from Extended Daemon Set v0.6.0 tag. 10 | 11 | ## 0.3.2 12 | 13 | * Set `apiVersion` to `v1` for compatibility with helm 2. 14 | 15 | ## 0.3.1 16 | 17 | * Fix typo in DatadogMetrics CRD 18 | 19 | ## 0.3.0 20 | 21 | * Update all the CRDs from operator v0.6.0 tag. 22 | 23 | ## 0.2.0 24 | 25 | * Update all the CRDs from operator v0.5.0 tag. 26 | 27 | ## 0.1.1 28 | 29 | * Move back `chart.yaml` `apiVersion` to `v1` for compatibily with helm2. 30 | 31 | ## 0.1.0 32 | 33 | * Initial version 34 | * Add `DatadogMetrics` and `DatadogAgents` CRDs 35 | -------------------------------------------------------------------------------- /charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: "00000000000000000000000000000000" 3 | appKey: "0000000000000000000000000000000000000000" 4 | kubeStateMetricsEnabled: false 5 | clusterChecks: 6 | enabled: true 7 | 8 | clusterAgent: 9 | enabled: true 10 | rbac: 11 | create: true 12 | serviceAccountAnnotations: 13 | "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/datadog-cluster-agent" 14 | 15 | clusterChecksRunner: 16 | enabled: true 17 | replicas: 1 18 | rbac: 19 | dedicated: true 20 | serviceAccountAnnotations: 21 | "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/datadog-clusterchecker" 22 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-config-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterAgent.datadog_cluster_yaml }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent-config 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: "{{ template "datadog.fullname" . }}" 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | {{ include "datadog.labels" . | indent 4 }} 13 | annotations: 14 | checksum/clusteragent-config: {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | sha256sum }} 15 | data: 16 | datadog-cluster.yaml: | 17 | {{ tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | indent 4 }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/datadog-crds/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for datadog-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | crds: 6 | # crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD 7 | datadogMetrics: false 8 | # crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD 9 | datadogAgents: false 10 | # crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD 11 | datadogMonitors: false 12 | # crds.extendedDaemonSets -- Set to true to deploy all the EDS CRDs 13 | # (ExtendedDaemonSet, ExtendedDaemonSetReplicaSet, ExtendedDaemonSettings) 14 | extendedDaemonSets: false 15 | 16 | # nameOverride -- Override name of app 17 | nameOverride: "" 18 | 19 | # fullnameOverride -- Override the fully qualified app name 20 | fullnameOverride: "" 21 | -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'charts/**' 9 | 10 | jobs: 11 | release: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v1 16 | - name: Configure Git 17 | run: | 18 | git config user.name "$GITHUB_ACTOR" 19 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 20 | - name: Add repo 21 | run: | 22 | helm repo add datadog https://helm.datadoghq.com 23 | helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts 24 | - name: Run chart-releaser 25 | uses: helm/chart-releaser-action@v1.2.0 26 | env: 27 | CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' 28 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-apiservice.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.clusterAgent.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled -}} 2 | apiVersion: apiregistration.k8s.io/v1 3 | kind: APIService 4 | metadata: 5 | name: v1beta1.external.metrics.k8s.io 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | spec: 9 | service: 10 | name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api 11 | namespace: {{ .Release.Namespace }} 12 | {{- if semverCompare "^1.15-0" .Capabilities.KubeVersion.GitVersion }} 13 | port: {{ template "clusterAgent.metricsProvider.port" . }} 14 | {{- end }} 15 | version: v1beta1 16 | insecureSkipTLSVerify: true 17 | group: external.metrics.k8s.io 18 | groupPriorityMinimum: 100 19 | versionPriority: 100 20 | {{- end -}} 21 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Datadog changelog 2 | 3 | ### 0.8.0 4 | 5 | * Update private location image version to `1.14.0`. 6 | 7 | ### 0.7.0 8 | 9 | * Update private location image version to `1.13.0`. 10 | 11 | ### 0.6.0 12 | 13 | * Use secret instead of Config Map for `configFile`. 14 | * Added `configSecret` to support passing the json config using a Secret. 15 | 16 | ### 0.5.0 17 | 18 | * Update private location image version to `1.11.0`. 19 | 20 | ### 0.4.0 21 | 22 | * Add 'envFrom' and 'env' to support configuration via environment variables 23 | 24 | ### 0.3.0 25 | 26 | * Added `configConfigMap` to support passing the json config using a Config Map. 27 | * Update the Synthetics Private Location version to `1.10.0` 28 | 29 | ### 0.2.0 30 | 31 | * Use `gcr.io` instead of `Dockerhub` 32 | 33 | ### 0.1.0 34 | 35 | * Initial version 36 | -------------------------------------------------------------------------------- /charts/datadog/templates/confd-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-confd 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | annotations: 10 | checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} 11 | checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} 12 | data: 13 | {{/* 14 | Merge the legacy autoconf dict before so confd static configurations 15 | override duplicates 16 | */}} 17 | {{- if .Values.datadog.autoconf }} 18 | {{ tpl (toYaml .Values.datadog.autoconf) . | indent 2 }} 19 | {{- end }} 20 | {{- if .Values.datadog.confd }} 21 | {{ tpl (toYaml .Values.datadog.confd) . | indent 2 }} 22 | {{- end }} 23 | {{- end -}} 24 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | All contributions improving our Helm charts are welcome. If you'd like to contribute a bug fix or a feature, you can directly open a pull request with your changes. 4 | 5 | We aim to follow high quality standards, thus your PR must follow some rules: 6 | 7 | - Make sure any new parameter is documented 8 | - Make sure the chart version has been bumped in the corresponding chart's `Chart.yaml`. 9 | - Make sure to describe your change in the corresponding chart's `CHANGELOG.md`. 10 | - Make sure any new feature is tested by modifying or adding a file in `ci/` 11 | - Make sure your changes are compatible (or protected) with older Kubernetes version (CI will validate this down to 1.14) 12 | - Make sure you updated documentation (after bumping `Chart.yaml`) by running `.github/helm-docs.sh` 13 | 14 | Our team will then happily review and merge contributions! 15 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # Extended DaemonSet 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | This chart installs the Extended DaemonSet (EDS). It aims to provide a new implementation of the Kubernetes DaemonSet resource with key features: 6 | - Canary Deployment: Deploy a new DaemonSet version with only a few nodes. 7 | - Custom Rolling Update: Improve the default rolling update logic available in Kubernetes batch/v1 Daemonset. 8 | 9 | For more information, please refer to the [EDS repo](https://github.com/DataDog/extendeddaemonset/). 10 | 11 | 12 | ## How to use the Datadog Helm repository 13 | 14 | You need to add this repository to your Helm repositories: 15 | 16 | ``` 17 | helm repo add datadog https://helm.datadoghq.com 18 | helm repo update 19 | ``` 20 | 21 | {{ template "chart.valuesSection" . }} 22 | -------------------------------------------------------------------------------- /examples/datadog/agent_on_aks_values_windows.yaml: -------------------------------------------------------------------------------- 1 | # Datadog Agent with Logs, APM, Processes, and System Probe enabled 2 | # with specific configuration to work on AKS. 3 | 4 | targetSystem: "windows" 5 | datadog: 6 | # apiKey: 7 | # appKey: 8 | # If not using secrets, then use apiKey and appKey instead 9 | apiKeyExistingSecret: 10 | appKeyExistingSecret: 11 | tags: [] 12 | kubelet: 13 | # On Windows, AKS uses node-name (like akswin000000) as only SAN in Kubelet certificate 14 | # However, the DNS name akswin000000 is not resolvable, so cannot be used to reach Kubelet 15 | tlsVerify: "false" 16 | logs: 17 | enabled: true 18 | containerCollectAll: false 19 | containerCollectUsingFiles: true 20 | apm: 21 | enabled: true 22 | processAgent: 23 | enabled: true 24 | processCollection: false 25 | -------------------------------------------------------------------------------- /.github/kubeval.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | KUBEVAL_VERSION="v0.16.1" 5 | SCHEMA_LOCATION="https://kubernetesjsonschema.dev/" 6 | OS=$(uname) 7 | 8 | CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} 9 | if [ -n "$CHANGED_CHARTS" ]; 10 | then 11 | CHART_DIRS=$CHANGED_CHARTS 12 | else 13 | CHART_DIRS=$(ls -d charts/*) 14 | fi 15 | 16 | # install kubeval 17 | curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-${OS}-amd64.tar.gz 18 | tar -xf /tmp/kubeval.tar.gz kubeval 19 | 20 | # validate charts 21 | for CHART_DIR in ${CHART_DIRS}; do 22 | echo "Running kubeval for folder: '$CHART_DIR'" 23 | helm dep up "${CHART_DIR}" && helm template --values "${CHART_DIR}"/ci/kubeval.yaml "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" 24 | done 25 | -------------------------------------------------------------------------------- /charts/datadog-crds/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # Datadog CRDs 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. 6 | 7 | ## How to use Datadog Helm repository 8 | 9 | You need to add this repository to your Helm repositories: 10 | 11 | ``` 12 | helm repo add datadog https://helm.datadoghq.com 13 | helm repo update 14 | ``` 15 | 16 | ## Prerequisites 17 | 18 | This chart can be used with Kubernetes `1.11+` or OpenShift `3.11+` since `CustomResourceDefinitions` are supported starting with these versions. 19 | But the recommended Kubernetes versions are `1.16+`. 20 | 21 | {{ template "chart.valuesSection" . }} 22 | 23 | 24 | ## Developers 25 | 26 | ### How to update CRDs 27 | 28 | ```shell 29 | ./update-crds.sh 30 | ``` 31 | -------------------------------------------------------------------------------- /examples/datadog/agent_basic_values.yaml: -------------------------------------------------------------------------------- 1 | # Datadog Agent with Logs, APM, Processes, and System Probe enabled 2 | 3 | targetSystem: "linux" 4 | datadog: 5 | # apiKey: 6 | # appKey: 7 | # If not using secrets, then use apiKey and appKey instead 8 | apiKeyExistingSecret: 9 | appKeyExistingSecret: 10 | clusterName: 11 | tags: [] 12 | # datadog.kubelet.tlsVerify should be `false` on kind and minikube 13 | # to establish communication with the kubelet 14 | # kubelet: 15 | # tlsVerify: "false" 16 | logs: 17 | enabled: true 18 | containerCollectAll: false 19 | containerCollectUsingFiles: true 20 | apm: 21 | enabled: true 22 | socketPath: /var/run/datadog/apm.socket 23 | hostSocketPath: /var/run/datadog/ 24 | processAgent: 25 | enabled: true 26 | processCollection: false 27 | systemProbe: 28 | enableTCPQueueLength: false 29 | enableOOMKill: true 30 | collectDNSStats: false 31 | -------------------------------------------------------------------------------- /examples/datadog/agent_with_cluster_agent_values.yaml: -------------------------------------------------------------------------------- 1 | # Datadog Agent with Datadog Cluster Agent and 2 | # OrchestratorExplorer (Live Containers), Check Runners, and 3 | # External Metrics Server enabled 4 | 5 | targetSystem: "linux" 6 | datadog: 7 | # apiKey: 8 | # appKey: 9 | # If not using secrets, then use apiKey and appKey instead 10 | apiKeyExistingSecret: 11 | appKeyExistingSecret: 12 | clusterName: 13 | tags: [] 14 | orchestratorExplorer: 15 | enabled: true 16 | clusterAgent: 17 | replicas: 2 18 | rbac: 19 | create: true 20 | serviceAccountName: default 21 | metricsProvider: 22 | enabled: true 23 | createReaderRbac: true 24 | useDatadogMetrics: true 25 | service: 26 | type: ClusterIP 27 | port: 8443 28 | agents: 29 | rbac: 30 | create: true 31 | serviceAccountName: default 32 | clusterChecksRunner: 33 | enabled: true 34 | rbac: 35 | create: true 36 | serviceAccountName: default 37 | replicas: 2 38 | -------------------------------------------------------------------------------- /examples/datadog/agent_on_aks_values.yaml: -------------------------------------------------------------------------------- 1 | # Datadog Agent with Logs, APM, Processes, and System Probe enabled 2 | # with specific configuration to work on AKS. 3 | 4 | targetSystem: "linux" 5 | datadog: 6 | # apiKey: 7 | # appKey: 8 | # If not using secrets, then use apiKey and appKey instead 9 | apiKeyExistingSecret: 10 | appKeyExistingSecret: 11 | clusterName: 12 | tags: [] 13 | kubelet: 14 | host: 15 | valueFrom: 16 | fieldRef: 17 | fieldPath: spec.nodeName 18 | hostCAPath: /etc/kubernetes/certs/kubeletserver.crt 19 | logs: 20 | enabled: true 21 | containerCollectAll: false 22 | containerCollectUsingFiles: true 23 | apm: 24 | enabled: true 25 | socketPath: /var/run/datadog/apm.socket 26 | hostSocketPath: /var/run/datadog/ 27 | processAgent: 28 | enabled: true 29 | processCollection: false 30 | systemProbe: 31 | enableTCPQueueLength: false 32 | enableOOMKill: true 33 | collectDNSStats: false 34 | -------------------------------------------------------------------------------- /charts/datadog/templates/kube-state-metrics-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.datadog.kubeStateMetricsNetworkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "kubernetes") -}} 2 | apiVersion: "networking.k8s.io/v1" 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-kube-state-metrics 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | podSelector: 11 | matchLabels: 12 | app.kubernetes.io/name: kube-state-metrics 13 | policyTypes: 14 | - Ingress 15 | - Egress 16 | egress: 17 | - # Egress to Kube API server 18 | ports: 19 | - port: 443 20 | - port: 6443 21 | ingress: 22 | - # Ingress from the node agents and the cluster check runners 23 | ports: 24 | - port: 8080 25 | from: 26 | - podSelector: 27 | matchExpressions: 28 | - {key: app, operator: In, values: [ {{ template "datadog.fullname" . }}, {{ template "datadog.fullname" . }}-clusterchecks ]} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/datadog-crds/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "datadog-crds.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "datadog-crds.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "datadog-crds.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "extendeddaemonset.fullname" . }} 6 | labels: 7 | {{ include "extendeddaemonset.labels" . | indent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - events 13 | verbs: 14 | - create 15 | - apiGroups: 16 | - "" 17 | resources: 18 | - pods 19 | verbs: 20 | - '*' 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - configmaps 25 | verbs: 26 | - create 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - configmaps 31 | resourceNames: 32 | - extendeddaemonset-lock 33 | verbs: 34 | - update 35 | - get 36 | - watch 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - services 41 | verbs: 42 | - get 43 | - watch 44 | - apiGroups: 45 | - datadoghq.com 46 | resources: 47 | - 'extendeddaemonsets' 48 | - 'extendeddaemonsets/status' 49 | - 'extendeddaemonsetreplicasets' 50 | - 'extendeddaemonsetreplicasets/status' 51 | - 'extendeddaemonsetsettings' 52 | - 'extendeddaemonsetsettings/status' 53 | verbs: 54 | - '*' 55 | {{- end -}} 56 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # Datadog Synthetics Private Location 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). 6 | 7 | ## How to use Datadog Helm repository 8 | 9 | You need to add this repository to your Helm repositories: 10 | 11 | ``` 12 | helm repo add datadog https://helm.datadoghq.com 13 | helm repo update 14 | ``` 15 | 16 | ## Quick start 17 | 18 | To install the chart with the release name ``, retrieve your Private Location configuration file from your [Synthetics Private Location settings page](https://app.datadoghq.com/synthetics/settings/private-locations/) and save it under `config.json` then run: 19 | 20 | ```bash 21 | helm install datadog/synthetics-private-location --set-file configFile=config.json 22 | ``` 23 | 24 | {{ template "chart.valuesSection" . }} 25 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.datadogMonitor.enabled }} 2 | {{- if (and ( not .Values.apiKeyExistingSecret) (not .Values.apiKey)) }} 3 | ############################################################################## 4 | #### ERROR: You did not set a apiKey value. #### 5 | ############################################################################## 6 | 7 | This deployment will be incomplete until you get your API key from Datadog. 8 | One can sign up for a free Datadog trial at https://app.datadoghq.com/signup 9 | 10 | Once registered you can request an API key at https://app.datadoghq.com/account/settings#agent/kubernetes 11 | {{- end }} 12 | 13 | {{- if (and ( not .Values.appKeyExistingSecret) (not .Values.appKey)) }} 14 | ############################################################################## 15 | #### ERROR: You did not set a appKey value. #### 16 | ############################################################################## 17 | 18 | This deployment will be incomplete until you get your APP key from Datadog. 19 | Create an application key at https://app.datadoghq.com/account/settings#api 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-scc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.clusterAgent.podSecurity.securityContextConstraints.create }} 2 | kind: SecurityContextConstraints 3 | apiVersion: security.openshift.io/v1 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | users: 9 | - system:serviceaccount:{{ .Release.Namespace }}:{{ template "datadog.fullname" . }}-cluster-agent 10 | priority: 10 11 | # Allow host ports if hostNetwork 12 | allowHostPorts: {{ .Values.clusterAgent.useHostNetwork }} 13 | allowHostNetwork: {{ .Values.clusterAgent.useHostNetwork}} 14 | # Default from restricted SCC 15 | allowHostDirVolumePlugin: false 16 | allowHostIPC: false 17 | allowHostPID: false 18 | allowPrivilegeEscalation: false 19 | allowPrivilegedContainer: false 20 | allowedCapabilities: null 21 | defaultAddCapabilities: null 22 | fsGroup: 23 | type: MustRunAs 24 | readOnlyRootFilesystem: false 25 | requiredDropCapabilities: 26 | - KILL 27 | - MKNOD 28 | - SETUID 29 | - SETGID 30 | runAsUser: 31 | type: MustRunAsRange 32 | seLinuxContext: 33 | type: MustRunAs 34 | supplementalGroups: 35 | type: RunAsAny 36 | users: [] 37 | volumes: 38 | - configMap 39 | - downwardAPI 40 | - emptyDir 41 | - persistentVolumeClaim 42 | - projected 43 | - secret 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-confd-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "need-cluster-agent-confd" .) "true" }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent-confd 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | annotations: 10 | checksum/confd-config: {{ tpl (toYaml .Values.clusterAgent.confd) . | sha256sum }} 11 | data: 12 | {{- if .Values.clusterAgent.confd }} 13 | {{ tpl (toYaml .Values.clusterAgent.confd) . | indent 2 }} 14 | {{- end }} 15 | {{- if .Values.datadog.kubeStateMetricsCore.enabled }} 16 | kubernetes_state_core.yaml.default: |- 17 | init_config: 18 | instances: 19 | - collectors: 20 | - secrets 21 | - nodes 22 | - pods 23 | - services 24 | - resourcequotas 25 | - replicationcontrollers 26 | - limitranges 27 | - persistentvolumeclaims 28 | - persistentvolumes 29 | - namespaces 30 | - endpoints 31 | - daemonsets 32 | - deployments 33 | - replicasets 34 | - statefulsets 35 | - cronjobs 36 | - jobs 37 | - horizontalpodautoscalers 38 | - poddisruptionbudgets 39 | - storageclasses 40 | - volumeattachments 41 | {{- end }} 42 | {{- end -}} 43 | -------------------------------------------------------------------------------- /examples/datadog/agent_on_rancher_values.yaml: -------------------------------------------------------------------------------- 1 | # Datadog Agent with Logs, APM, Processes, and System Probe enabled 2 | # with specific configurations to work on Rancher 3 | 4 | targetSystem: "linux" 5 | datadog: 6 | # apiKey: 7 | # appKey: 8 | # If not using secrets, then use apiKey and appKey instead 9 | apiKeyExistingSecret: 10 | appKeyExistingSecret: 11 | clusterName: 12 | tags: [] 13 | # datadog.kubelet.tlsVerify should be `false` to establish communication with the kubelet 14 | kubelet: 15 | tlsVerify: "false" 16 | logs: 17 | enabled: true 18 | containerCollectAll: false 19 | containerCollectUsingFiles: true 20 | apm: 21 | enabled: true 22 | socketPath: /var/run/datadog/apm.socket 23 | hostSocketPath: /var/run/datadog/ 24 | processAgent: 25 | enabled: true 26 | processCollection: false 27 | systemProbe: 28 | enableTCPQueueLength: false 29 | enableOOMKill: true 30 | collectDNSStats: false 31 | agents: 32 | tolerations: 33 | # These tolerations are needed to run the agent on master nodes 34 | - effect: NoSchedule 35 | key: node-role.kubernetes.io/controlplane 36 | operator: Exists 37 | - effect: NoExecute 38 | key: node-role.kubernetes.io/etcd 39 | operator: Exists 40 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if and ( ne .Values.configFile "{}" ) .Values.configConfigMap }} 2 | 3 | ################################################################# 4 | #### WARNING: Configuration notice #### 5 | ################################################################# 6 | 7 | You provided configConfigMap and configFile. The config map provided by configConfigMap takes precedence over configFile, so configFile was ignored. 8 | {{- end }} 9 | 10 | {{- if and ( ne .Values.configFile "{}" ) .Values.configSecret }} 11 | 12 | ################################################################# 13 | #### WARNING: Configuration notice #### 14 | ################################################################# 15 | 16 | You provided configSecret and configFile. The secret provided by configSecret takes precedence over configFile, so configFile was ignored. 17 | {{- end }} 18 | 19 | {{- if and .Values.configConfigMap .Values.configSecret }} 20 | 21 | ################################################################# 22 | #### WARNING: Configuration notice #### 23 | ################################################################# 24 | 25 | You provided configConfigMap and configSecret. The config map provided by configConfigMap takes precedence over configSecret, so configSecret was ignored. 26 | {{- end }} -------------------------------------------------------------------------------- /charts/datadog/templates/agent-clusterchecks-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.clusterChecksRunner.rbac.create (eq (include "should-deploy-cluster-agent" .) "true") .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled .Values.clusterChecksRunner.rbac.dedicated -}} 2 | apiVersion: {{ template "rbac.apiVersion" . }} 3 | kind: ClusterRoleBinding 4 | metadata: 5 | labels: 6 | {{ include "datadog.labels" . | indent 4 }} 7 | name: {{ template "datadog.fullname" . }}-cluster-checks 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ template "datadog.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "datadog.fullname" . }}-cluster-checks 15 | namespace: {{ .Release.Namespace }} 16 | --- 17 | apiVersion: v1 18 | kind: ServiceAccount 19 | metadata: 20 | labels: 21 | {{ include "datadog.labels" . | indent 4 }} 22 | app: "{{ template "datadog.fullname" . }}" 23 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 24 | heritage: {{ .Release.Service | quote }} 25 | release: {{ .Release.Name | quote }} 26 | name: {{ template "datadog.fullname" . }}-cluster-checks 27 | namespace: {{ .Release.Namespace }} 28 | {{- if .Values.clusterChecksRunner.rbac.serviceAccountAnnotations }} 29 | annotations: {{ toYaml .Values.clusterChecksRunner.rbac.serviceAccountAnnotations | nindent 4 }} 30 | {{- end }} 31 | {{- end -}} 32 | -------------------------------------------------------------------------------- /charts/datadog/ci/kubeval.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: "00000000000000000000000000000000" 3 | appKey: "0000000000000000000000000000000000000000" 4 | kubelet: 5 | hostCAPath: /foo/bar/cert.ca 6 | agentCAPath: /bar/foo/cert.ca 7 | env: 8 | - name: "DD_KUBELET_TLS_VERIFY" 9 | value: "false" 10 | logs: 11 | enabled: true 12 | containerCollectAll: true 13 | apm: 14 | enabled: true 15 | processAgent: 16 | enabled: true 17 | processCollection: true 18 | networkMonitoring: 19 | enabled: true 20 | systemProbe: 21 | enableConntrack: true 22 | enableTCPQueueLength: true 23 | enableOOMKill: true 24 | collectDNSStats: true 25 | orchestratorExplorer: 26 | enabled: true 27 | clusterChecks: 28 | enabled: true 29 | kubeStateMetricsEnabled: true 30 | securityAgent: 31 | compliance: 32 | enabled: true 33 | runtime: 34 | enabled: true 35 | clusterAgent: 36 | enabled: true 37 | createPodDisruptionBudget: true 38 | nodeSelector: 39 | kubernetes.io/os: linux 40 | metricsProvider: 41 | enabled: false 42 | admissionController: 43 | enabled: true 44 | mutateUnlabelled: true 45 | clusterChecksRunner: 46 | enabled: true 47 | createPodDisruptionBudget: true 48 | nodeSelector: 49 | kubernetes.io/os: linux 50 | agents: 51 | nodeSelector: 52 | kubernetes.io/os: linux 53 | podSecurity: 54 | podSecurityPolicy: 55 | create: true 56 | containers: 57 | agent: 58 | ports: 59 | - containerPort: 6666 60 | name: testport 61 | protocol: UDP 62 | -------------------------------------------------------------------------------- /charts/datadog/templates/hpa-external-metrics-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled .Values.clusterAgent.metricsProvider.createReaderRbac -}} 2 | apiVersion: {{ template "rbac.apiVersion" . }} 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | {{ include "datadog.labels" . | indent 4 }} 7 | {{- if eq (include "is-gke-without-external-metrics" .) "true" }} 8 | name: external-metrics-reader 9 | {{- else }} 10 | name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader 11 | {{- end }} 12 | rules: 13 | - apiGroups: 14 | - "external.metrics.k8s.io" 15 | resources: 16 | - "*" 17 | verbs: 18 | - list 19 | - get 20 | - watch 21 | --- 22 | apiVersion: {{ template "rbac.apiVersion" . }} 23 | kind: ClusterRoleBinding 24 | metadata: 25 | labels: 26 | {{ include "datadog.labels" . | indent 4 }} 27 | {{- if eq (include "is-gke-without-external-metrics" .) "true" }} 28 | name: external-metrics-reader 29 | {{- else }} 30 | name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader 31 | {{- end }} 32 | roleRef: 33 | apiGroup: rbac.authorization.k8s.io 34 | kind: ClusterRole 35 | {{- if eq (include "is-gke-without-external-metrics" .) "true" }} 36 | name: external-metrics-reader 37 | {{- else }} 38 | name: {{ template "datadog.fullname" . }}-cluster-agent-external-metrics-reader 39 | {{- end }} 40 | subjects: 41 | - kind: ServiceAccount 42 | name: horizontal-pod-autoscaler 43 | namespace: kube-system 44 | {{- end -}} 45 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-clusterchecks-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.clusterChecksRunner.networkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "kubernetes") -}} 2 | apiVersion: "networking.k8s.io/v1" 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-clusterchecks 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | podSelector: 11 | matchLabels: 12 | app: {{ template "datadog.fullname" . }}-clusterchecks 13 | policyTypes: 14 | - Ingress 15 | - Egress 16 | egress: 17 | - # Egress to 18 | # * Datadog intake 19 | # * Kube API server 20 | ports: 21 | - port: 443 22 | {{- if eq (include "cluster-agent-enabled" .) "true" }} 23 | - # Egress to cluster agent 24 | ports: 25 | - port: 5005 26 | to: 27 | - podSelector: 28 | matchLabels: 29 | app: {{ template "datadog.fullname" . }}-cluster-agent 30 | {{- end }} 31 | # The cluster check runners are susceptible to connect to any service 32 | # that would be annotated with auto-discovery annotations. 33 | # 34 | # When a user wants to add a check on one of its service, he needs to 35 | # * annotate its service 36 | # * add an ingress policy from the CLC on its own pod 37 | # In order to not ask end-users to inject NetworkPolicy on the agent in 38 | # the agent namespace, the agent must be allowed to probe any service. 39 | - {} # Egress to anything for service checks 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.agents.networkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "kubernetes") -}} 2 | apiVersion: "networking.k8s.io/v1" 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | podSelector: 11 | matchLabels: 12 | app: {{ template "datadog.fullname" . }} 13 | policyTypes: 14 | - Ingress 15 | - Egress 16 | ingress: 17 | {{- if $.Values.datadog.dogstatsd.port }} 18 | - # Ingress for dogstatsd 19 | ports: 20 | - port: {{ $.Values.datadog.dogstatsd.port }} 21 | protocol: UDP 22 | {{- end }} 23 | {{- if $.Values.datadog.apm.enabled }} 24 | - # Ingress for APM trace 25 | ports: 26 | - port: {{ $.Values.datadog.apm.port }} 27 | protocol: TCP 28 | {{- end }} 29 | egress: 30 | - # Egress to 31 | # * Datadog intake 32 | # * Kube API server 33 | ports: 34 | - port: 443 35 | # The agents are susceptible to connect to any pod 36 | # that would be annotated with auto-discovery annotations. 37 | # 38 | # When a user wants to add a check on one of its pod, he needs to 39 | # * annotate its pod 40 | # * add an ingress policy from the agent on its own pod 41 | # In order to not ask end-users to inject NetworkPolicy on the agent in 42 | # the agent namespace, the agent must be allowed to probe any pod. 43 | - {} # Egress to anything for checks 44 | {{- end }} 45 | -------------------------------------------------------------------------------- /charts/datadog-crds/README.md: -------------------------------------------------------------------------------- 1 | # Datadog CRDs 2 | 3 | ![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) 4 | 5 | This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. 6 | 7 | ## How to use Datadog Helm repository 8 | 9 | You need to add this repository to your Helm repositories: 10 | 11 | ``` 12 | helm repo add datadog https://helm.datadoghq.com 13 | helm repo update 14 | ``` 15 | 16 | ## Prerequisites 17 | 18 | This chart can be used with Kubernetes `1.11+` or OpenShift `3.11+` since `CustomResourceDefinitions` are supported starting with these versions. 19 | But the recommended Kubernetes versions are `1.16+`. 20 | 21 | ## Values 22 | 23 | | Key | Type | Default | Description | 24 | |-----|------|---------|-------------| 25 | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | 26 | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | 27 | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | 28 | | crds.extendedDaemonSets | bool | `false` | Set to true to deploy all the EDS CRDs (ExtendedDaemonSet, ExtendedDaemonSetReplicaSet, ExtendedDaemonSettings) | 29 | | fullnameOverride | string | `""` | Override the fully qualified app name | 30 | | nameOverride | string | `""` | Override name of app | 31 | 32 | ## Developers 33 | 34 | ### How to update CRDs 35 | 36 | ```shell 37 | ./update-crds.sh 38 | ``` 39 | -------------------------------------------------------------------------------- /charts/datadog/templates/_containers-init-windows.yaml: -------------------------------------------------------------------------------- 1 | {{- define "containers-init-windows" -}} 2 | - name: init-volume 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 5 | command: ["pwsh", "-Command"] 6 | args: 7 | - | 8 | Copy-Item -Recurse -Force {{ template "datadog.confPath" . }} C:/Temp 9 | Copy-Item -Force C:/Temp/install_info/install_info C:/Temp/Datadog/install_info 10 | volumeMounts: 11 | - name: config 12 | mountPath: C:/Temp/Datadog 13 | - name: installinfo 14 | mountPath: C:/Temp/install_info 15 | resources: 16 | {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} 17 | - name: init-config 18 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 19 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 20 | command: ["pwsh", "-Command"] 21 | args: 22 | - Get-ChildItem 'entrypoint-ps1' | ForEach-Object { & $_.FullName if (-Not $?) { exit 1 } } 23 | volumeMounts: 24 | - name: config 25 | mountPath: {{ template "datadog.confPath" . }} 26 | {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} 27 | - name: confd 28 | mountPath: C:/conf.d 29 | readOnly: true 30 | {{- end }} 31 | {{- if .Values.datadog.checksd }} 32 | - name: checksd 33 | mountPath: C:/checks.d 34 | readOnly: true 35 | {{- end }} 36 | - name: runtimesocket 37 | mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} 38 | env: 39 | {{- include "containers-common-env" . | nindent 4 }} 40 | resources: 41 | {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} 42 | {{- end -}} 43 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.clusterAgent.networkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "kubernetes") -}} 2 | apiVersion: "networking.k8s.io/v1" 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | podSelector: 11 | matchLabels: 12 | app: {{ template "datadog.fullname" . }}-cluster-agent 13 | policyTypes: 14 | - Ingress 15 | - Egress 16 | ingress: 17 | - # Ingress from the node agents (for the metadata provider and prometheus check) 18 | ports: 19 | - port: 5005 20 | - port: 5000 21 | from: 22 | - podSelector: 23 | matchLabels: 24 | app: {{ template "datadog.fullname" . }} 25 | {{- if $.Values.clusterChecksRunner.enabled }} 26 | - # Ingress from cluster checks runner 27 | ports: 28 | - port: 5005 29 | from: 30 | - podSelector: 31 | matchLabels: 32 | app: {{ template "datadog.fullname" . }}-clusterchecks 33 | {{- end }} 34 | {{- if .Values.clusterAgent.admissionController.enabled }} 35 | - ports: 36 | - port: 8000 37 | {{- end }} 38 | {{- if .Values.clusterAgent.metricsProvider.enabled }} 39 | - # Ingress from API server for external metrics 40 | ports: 41 | - port: {{ template "clusterAgent.metricsProvider.port" . }} 42 | {{- end }} 43 | egress: 44 | - # Egress to 45 | # * Datadog intake 46 | # * Kube API server 47 | # * DNS 48 | ports: 49 | - port: 443 50 | - port: 6443 51 | - port: 53 52 | protocol: UDP 53 | {{- end}} 54 | -------------------------------------------------------------------------------- /charts/datadog/templates/datadog-yaml-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.agents.useConfigMap }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-datadog-yaml 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | annotations: 10 | {{- if .Values.agents.customAgentConfig }} 11 | checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} 12 | {{- end }} 13 | data: 14 | datadog.yaml: | 15 | {{- if .Values.agents.customAgentConfig }} 16 | {{ tpl (toYaml .Values.agents.customAgentConfig) . | indent 4 }} 17 | {{- else }} 18 | ## Provides autodetected defaults, for kubernetes environments, 19 | ## please see datadog.yaml.example for all supported options 20 | 21 | # Autodiscovery for Kubernetes 22 | listeners: 23 | - name: kubelet 24 | config_providers: 25 | - name: kubelet 26 | polling: true 27 | 28 | # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration 29 | apm_config: 30 | enabled: true 31 | apm_non_local_traffic: true 32 | max_memory: 0 33 | max_cpu_percent: 0 34 | 35 | {{- $version := (.Values.agents.image.tag | toString | trimSuffix "-jmx") }} 36 | {{- $length := len (split "." $version ) -}} 37 | {{- if and (eq $length 1) (ge $version "6") -}} 38 | {{- $version := "6.15" }} 39 | {{- end -}} 40 | {{ if semverCompare ">=6.15" $version }} 41 | # Enable java container awareness (agent version >= 6.15) 42 | jmx_use_container_support: true 43 | {{ else }} 44 | # Enable java cgroup memory awareness (agent version < 6.15) 45 | jmx_use_cgroup_memory_limit: true 46 | {{ end }} 47 | {{- end }} 48 | {{- end }} 49 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.agents.podSecurity.podSecurityPolicy.create}} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }} 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | annotations: 9 | {{- if .Values.agents.podSecurity.apparmor.enabled }} 10 | apparmor.security.beta.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.apparmorProfiles | quote }} 11 | apparmor.security.beta.kubernetes.io/defaultProfileName: "runtime/default" 12 | {{- end }} 13 | seccomp.security.alpha.kubernetes.io/allowedProfileNames: {{ join "," .Values.agents.podSecurity.seccompProfiles | quote }} 14 | seccomp.security.alpha.kubernetes.io/defaultProfileName: "runtime/default" 15 | spec: 16 | privileged: {{ .Values.agents.podSecurity.privileged }} 17 | hostNetwork: {{ .Values.agents.useHostNetwork }} 18 | {{- if or .Values.datadog.dogstatsd.useHostPort .Values.datadog.apm.enabled }} 19 | hostPorts: 20 | - min: 8125 21 | max: 8126 22 | {{- end }} 23 | hostPID: {{ or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID }} 24 | allowedCapabilities: 25 | {{ toYaml .Values.agents.podSecurity.capabilities | indent 4 }} 26 | volumes: 27 | {{ toYaml .Values.agents.podSecurity.volumes | indent 4 }} 28 | fsGroup: 29 | rule: RunAsAny 30 | runAsUser: 31 | rule: RunAsAny 32 | seLinux: 33 | {{- if .Values.agents.podSecurity.securityContext }} 34 | rule: MustRunAs 35 | {{ toYaml .Values.agents.podSecurity.securityContext | indent 4 }} 36 | {{- else if .Values.agents.podSecurity.seLinuxContext }} 37 | {{ toYaml .Values.agents.podSecurity.seLinuxContext | indent 4 }} 38 | {{- end }} 39 | supplementalGroups: 40 | rule: RunAsAny 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/datadog-operator/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 0.6.3 4 | 5 | * Add missing `poddisruptionbudgets` RBAC when the compliance feature is enabled. 6 | 7 | ## 0.6.2 8 | 9 | * Add a configuration field `collectOperatorMetrics` to disable/enable collecting operator metrics 10 | 11 | ## 0.6.1 12 | 13 | * Update chart for operator release `v0.6.1` 14 | * Support for Datadog API endpoint can change to different region, `dd_url` 15 | 16 | ## 0.6.0 17 | 18 | * Update chart for Operator release `v0.6.0` 19 | * Support Datadog Monitors controller 20 | 21 | ## 0.5.4 22 | 23 | * Add apiKey, apiKeyExistingSecret, appKey, and appKeyExistingSecret values to values.yaml and set their respective env vars using a Kubernetes secret 24 | 25 | ## 0.5.3 26 | 27 | * Only deploy a `PodDisruptionBudget` when `replicaCount` is greater than `1` 28 | 29 | ## 0.5.2 30 | 31 | * Support configuring the secret backend command arguments (requires Datadog Operator v0.5.0+) 32 | 33 | ## 0.5.1 34 | 35 | * Support configuring the secret backend command arguments (requires Datadog Operator v0.5.0+) 36 | 37 | ## 0.5.0 38 | 39 | * Update chart for Operator release `v0.5.0` 40 | 41 | ## 0.4.1 42 | 43 | * Added support for `podAnnotations` and `podLabels` values 44 | 45 | ## 0.4.0 46 | 47 | * BREAKING CHANGES 48 | * Update to work with Operator 0.4: https://github.com/DataDog/datadog-operator/releases/tag/v0.4.0 49 | * Datadog Operator was updated to be based on Operator SDK 1.0. CLI flags are not compatible between 0.x and 0.4 50 | 51 | ## 0.2.1 52 | 53 | * Add "datadog-crds" chart as dependency. It is used to install the datadog's CRDs. 54 | 55 | ## 0.2.0 56 | 57 | * Use `gcr.io` instead of Dockerhub 58 | 59 | ## 0.1.2 60 | 61 | * Fix name of serviceAccount used in Deployment if serviceAccount.name is set 62 | 63 | ## 0.1.1 64 | 65 | * Add automatic README.md generation from `Values.yaml` 66 | 67 | ## 0.1.0 68 | 69 | * Initial version 70 | -------------------------------------------------------------------------------- /charts/datadog/templates/kube-state-metrics-cilium-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.datadog.kubeStateMetricsNetworkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "cilium") -}} 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-kube-state-metrics 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | specs: 10 | - description: "Egress to Kube API server" 11 | endpointSelector: 12 | matchLabels: 13 | app.kubernetes.io/name: kube-state-metrics 14 | egress: 15 | # toServices works only for endpoints outside of the cluster 16 | # This section handles the case where the control plane is outside 17 | # of the cluster. 18 | - toServices: 19 | - k8sService: 20 | namespace: default 21 | serviceName: kubernetes 22 | # When the control plane is on the same cluster, we must allow connections 23 | # to the node entity. 24 | - toEntities: 25 | - host 26 | - remote-node 27 | toPorts: 28 | - ports: 29 | - port: "443" 30 | protocol: TCP 31 | - description: Ingress from agent 32 | endpointSelector: 33 | matchLabels: 34 | app.kubernetes.io/name: kube-state-metrics 35 | ingress: 36 | - 37 | {{- if $.Values.agents.useHostNetwork }} 38 | fromEntities: 39 | - host 40 | - remote-node 41 | {{- else }} 42 | fromEndpoints: 43 | - matchLabels: 44 | app: {{ template "datadog.fullname" . }} 45 | {{- if .Values.agents.podLabels }} 46 | {{ toYaml .Values.agents.podLabels | indent 10 }} 47 | {{- end }} 48 | {{- end }} 49 | toPorts: 50 | - ports: 51 | - port: "8080" 52 | protocol: TCP 53 | {{- end }} 54 | -------------------------------------------------------------------------------- /examples/datadog/agent_on_openshift_values.yaml: -------------------------------------------------------------------------------- 1 | # Datadog Agent with Logs, APM, Processes, and System Probe enabled 2 | # with specific configurations to work on OpenShift 4. 3 | # When installing the chart, install onto a non-default namespace with 4 | # `helm install --namespace ` due to existing SecurityContextConstraints 5 | # on the default namespace. For more details about setting appropriate security 6 | # constraints, see https://docs.datadoghq.com/integrations/openshift/ and 7 | # https://www.datadoghq.com/blog/openshift-monitoring-with-datadog/ 8 | 9 | targetSystem: "linux" 10 | datadog: 11 | # apiKey: 12 | # appKey: 13 | # If not using secrets, then use apiKey and appKey instead 14 | apiKeyExistingSecret: 15 | appKeyExistingSecret: 16 | clusterName: 17 | tags: [] 18 | criSocketPath: /var/run/crio/crio.sock 19 | # Depending on your DNS/SSL setup, it might not be possible to verify the Kubelet cert properly 20 | # If you have proper CA, you can switch it to true 21 | kubelet: 22 | tlsVerify: false 23 | confd: 24 | cri.yaml: |- 25 | init_config: 26 | instances: 27 | - collect_disk: true 28 | logs: 29 | enabled: false 30 | apm: 31 | enabled: false 32 | processAgent: 33 | enabled: true 34 | processCollection: false 35 | agents: 36 | useHostNetwork: true 37 | podSecurity: 38 | securityContextConstraints: 39 | create: true 40 | tolerations: 41 | # Deploy Agents on master nodes 42 | - effect: NoSchedule 43 | key: node-role.kubernetes.io/master 44 | operator: Exists 45 | # Deploy Agents on infra nodes 46 | - effect: NoSchedule 47 | key: node-role.kubernetes.io/infra 48 | operator: Exists 49 | clusterAgent: 50 | podSecurity: 51 | securityContextConstraints: 52 | create: true 53 | clusterChecksRunner: 54 | enabled: true 55 | replicas: 2 56 | kube-state-metrics: 57 | securityContext: 58 | enabled: false 59 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "extendeddaemonset.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "extendeddaemonset.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "extendeddaemonset.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "extendeddaemonset.labels" -}} 38 | app.kubernetes.io/name: {{ include "extendeddaemonset.name" . }} 39 | helm.sh/chart: {{ include "extendeddaemonset.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "extendeddaemonset.serviceAccountName" -}} 51 | {{- if .Values.serviceAccount.create -}} 52 | {{ default (include "extendeddaemonset.fullname" .) .Values.serviceAccount.name }} 53 | {{- else -}} 54 | {{ default "default" .Values.serviceAccount.name }} 55 | {{- end -}} 56 | {{- end -}} 57 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "synthetics-private-location.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "synthetics-private-location.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "synthetics-private-location.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "synthetics-private-location.labels" -}} 37 | helm.sh/chart: {{ include "synthetics-private-location.chart" . }} 38 | {{ include "synthetics-private-location.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "synthetics-private-location.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "synthetics-private-location.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "synthetics-private-location.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "synthetics-private-location.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/datadog/templates/_containers-init-linux.yaml: -------------------------------------------------------------------------------- 1 | {{- define "containers-init-linux" -}} 2 | - name: init-volume 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 5 | command: ["bash", "-c"] 6 | args: 7 | - cp -r /etc/datadog-agent /opt 8 | volumeMounts: 9 | - name: config 10 | mountPath: /opt/datadog-agent 11 | resources: 12 | {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} 13 | - name: init-config 14 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 15 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 16 | command: ["bash", "-c"] 17 | args: 18 | - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done 19 | volumeMounts: 20 | - name: logdatadog 21 | mountPath: /var/log/datadog 22 | - name: config 23 | mountPath: /etc/datadog-agent 24 | {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} 25 | - name: confd 26 | mountPath: /conf.d 27 | readOnly: true 28 | {{- end }} 29 | {{- if .Values.datadog.checksd }} 30 | - name: checksd 31 | mountPath: /checks.d 32 | readOnly: true 33 | {{- end }} 34 | - name: procdir 35 | mountPath: /host/proc 36 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 37 | readOnly: true 38 | - name: runtimesocketdir 39 | mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} 40 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 41 | readOnly: true 42 | {{- if eq (include "should-enable-system-probe" .) "true" }} 43 | - name: sysprobe-config 44 | mountPath: /etc/datadog-agent/system-probe.yaml 45 | subPath: system-probe.yaml 46 | {{- end }} 47 | env: 48 | {{- include "containers-common-env" . | nindent 4 }} 49 | {{- if and (eq (include "cluster-agent-enabled" .) "false") .Values.datadog.leaderElection }} 50 | - name: DD_LEADER_ELECTION 51 | value: {{ .Values.datadog.leaderElection | quote }} 52 | {{- end }} 53 | resources: 54 | {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} 55 | {{- end -}} 56 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-scc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.agents.podSecurity.securityContextConstraints.create }} 2 | kind: SecurityContextConstraints 3 | apiVersion: security.openshift.io/v1 4 | metadata: 5 | name: {{ template "datadog.fullname" . }} 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | users: 9 | - system:serviceaccount:{{ .Release.Namespace }}:{{ template "datadog.fullname" . }} 10 | priority: 10 11 | # Allow host ports for dsd / trace intake 12 | allowHostPorts: {{ or .Values.datadog.dogstatsd.useHostPort .Values.datadog.apm.enabled .Values.agents.useHostNetwork }} 13 | # Allow host PID for dogstatsd origin detection 14 | allowHostPID: {{ or .Values.datadog.securityAgent.compliance.enabled .Values.datadog.dogstatsd.useHostPID }} 15 | # Allow host network for the CRIO check to reach Prometheus through localhost 16 | allowHostNetwork: {{ .Values.agents.useHostNetwork }} 17 | # Allow hostPath for docker / process metrics 18 | volumes: 19 | {{ toYaml .Values.agents.podSecurity.volumes | indent 2 }} 20 | # Use the `spc_t` selinux type to access the 21 | # docker/cri socket + proc and cgroup stats 22 | seLinuxContext: 23 | {{- if .Values.agents.podSecurity.securityContext }} 24 | rule: MustRunAs 25 | {{ toYaml .Values.agents.podSecurity.securityContext | indent 2 }} 26 | {{- else if .Values.agents.podSecurity.seLinuxContext }} 27 | {{ toYaml .Values.agents.podSecurity.seLinuxContext | replace "rule:" "type:" | indent 2 }} 28 | {{- end }} 29 | # system-probe requires some specific seccomp and capabilities 30 | seccompProfiles: 31 | {{ toYaml .Values.agents.podSecurity.seccompProfiles | indent 2 }} 32 | allowedCapabilities: 33 | {{ toYaml .Values.agents.podSecurity.capabilities | indent 2 }} 34 | # 35 | # The rest is copied from restricted SCC 36 | # 37 | allowHostDirVolumePlugin: true 38 | allowHostIPC: false 39 | allowPrivilegedContainer: {{ .Values.agents.podSecurity.privileged }} 40 | allowedFlexVolumes: [] 41 | defaultAddCapabilities: [] 42 | fsGroup: 43 | type: MustRunAs 44 | readOnlyRootFilesystem: false 45 | runAsUser: 46 | type: RunAsAny 47 | supplementalGroups: 48 | type: RunAsAny 49 | # If your environment restricts user access to the Docker socket or journald (for logging) 50 | # create or use an existing group that has access and add the GID to 51 | # the lines below (also remove the previous line, `type: RunAsAny`) 52 | # type: MustRunAs 53 | # ranges: 54 | # - min: 55 | # - max: 56 | requiredDropCapabilities: [] 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "datadog-operator.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "datadog-operator.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "datadog-operator.chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Common labels 36 | */}} 37 | {{- define "datadog-operator.labels" -}} 38 | app.kubernetes.io/name: {{ include "datadog-operator.name" . }} 39 | helm.sh/chart: {{ include "datadog-operator.chart" . }} 40 | app.kubernetes.io/instance: {{ .Release.Name }} 41 | {{- if .Chart.AppVersion }} 42 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 43 | {{- end }} 44 | app.kubernetes.io/managed-by: {{ .Release.Service }} 45 | {{- end -}} 46 | 47 | {{/* 48 | Create the name of the service account to use 49 | */}} 50 | {{- define "datadog-operator.serviceAccountName" -}} 51 | {{ default (include "datadog-operator.fullname" .) .Values.serviceAccount.name }} 52 | {{- end -}} 53 | 54 | {{/* 55 | Return secret name to be used based on provided values. 56 | */}} 57 | {{- define "datadog-operator.apiKeySecretName" -}} 58 | {{- $fullName := printf "%s-apikey" (include "datadog-operator.fullname" .) -}} 59 | {{- default $fullName .Values.apiKeyExistingSecret | quote -}} 60 | {{- end -}} 61 | 62 | {{/* 63 | Return secret name to be used based on provided values. 64 | */}} 65 | {{- define "datadog-operator.appKeySecretName" -}} 66 | {{- $fullName := printf "%s-appkey" (include "datadog-operator.fullname" .) -}} 67 | {{- default $fullName .Values.appKeyExistingSecret | quote -}} 68 | {{- end -}} 69 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "extendeddaemonset.fullname" . }} 5 | labels: 6 | {{ include "extendeddaemonset.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "extendeddaemonset.name" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "extendeddaemonset.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | spec: 19 | {{- with .Values.imagePullSecrets }} 20 | imagePullSecrets: 21 | {{- toYaml . | nindent 8 }} 22 | {{- end }} 23 | serviceAccountName: {{ template "extendeddaemonset.serviceAccountName" . }} 24 | securityContext: 25 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 26 | containers: 27 | - name: {{ .Chart.Name }} 28 | securityContext: 29 | {{- toYaml .Values.securityContext | nindent 12 }} 30 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 31 | imagePullPolicy: {{ .Values.image.pullPolicy }} 32 | args: 33 | - -loglevel={{ .Values.logLevel }} 34 | {{- if .Values.pprof.enabled }} 35 | - -pprof 36 | {{- end }} 37 | env: 38 | - name: WATCH_NAMESPACE 39 | {{- if .Values.clusterScope }} 40 | value: "" 41 | {{- else }} 42 | valueFrom: 43 | fieldRef: 44 | fieldPath: metadata.namespace 45 | {{- end }} 46 | - name: POD_NAME 47 | valueFrom: 48 | fieldRef: 49 | fieldPath: metadata.name 50 | - name: OPERATOR_NAME 51 | value: {{ .Chart.Name }} 52 | ports: 53 | - name: metrics 54 | containerPort: 8080 55 | protocol: TCP 56 | livenessProbe: 57 | httpGet: 58 | path: /healthz/ 59 | port: 8081 60 | resources: 61 | {{- toYaml .Values.resources | nindent 12 }} 62 | {{- with .Values.nodeSelector }} 63 | nodeSelector: 64 | {{- toYaml . | nindent 8 }} 65 | {{- end }} 66 | {{- with .Values.affinity }} 67 | affinity: 68 | {{- toYaml . | nindent 8 }} 69 | {{- end }} 70 | {{- with .Values.tolerations }} 71 | tolerations: 72 | {{- toYaml . | nindent 8 }} 73 | {{- end }} 74 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/README.md: -------------------------------------------------------------------------------- 1 | # Extended DaemonSet 2 | 3 | ![Version: v0.1.0](https://img.shields.io/badge/Version-v0.1.0-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square) 4 | 5 | This chart installs the Extended DaemonSet (EDS). It aims to provide a new implementation of the Kubernetes DaemonSet resource with key features: 6 | - Canary Deployment: Deploy a new DaemonSet version with only a few nodes. 7 | - Custom Rolling Update: Improve the default rolling update logic available in Kubernetes batch/v1 Daemonset. 8 | 9 | For more information, please refer to the [EDS repo](https://github.com/DataDog/extendeddaemonset/). 10 | 11 | ## How to use the Datadog Helm repository 12 | 13 | You need to add this repository to your Helm repositories: 14 | 15 | ``` 16 | helm repo add datadog https://helm.datadoghq.com 17 | helm repo update 18 | ``` 19 | 20 | ## Values 21 | 22 | | Key | Type | Default | Description | 23 | |-----|------|---------|-------------| 24 | | affinity | object | `{}` | Allows to specify affinity for the Extended DaemonSet PODs | 25 | | clusterScope | bool | `false` | Allows ExtendedDaemonset controller to watch all namespaces | 26 | | datadog-crds.crds.extendedDaemonSets | bool | `true` | Set to true to deploy all the EDS CRDs (ExtendedDaemonSet, ExtendedDaemonSetReplicaSet, ExtendedDaemonSettings) | 27 | | fullnameOverride | string | `""` | Overrides the full qualified app name | 28 | | image.pullPolicy | string | `"IfNotPresent"` | Defines the pullPolicy for the Extended DaemonSet image | 29 | | image.repository | string | `"datadog/extendeddaemonset"` | Repository to use for the Extended DaemonSet image | 30 | | image.tag | string | `"v0.6.0"` | Defines the Extended DaemonSet version to use | 31 | | imagePullSecrets | list | `[]` | Extended DaemonSet image repository pullSecret (ex: specify docker registry credentials) | 32 | | logLevel | string | `"info"` | Sets the log level (debug, info, error, panic, fatal) | 33 | | nameOverride | string | `""` | Overrides name of app | 34 | | nodeSelector | object | `{}` | Allows to schedule on specific nodes | 35 | | podSecurityContext | object | `{}` | Sets the pod security context | 36 | | pprof.enabled | bool | `false` | Set to true to enable pprof | 37 | | rbac.create | bool | `true` | Specifies whether the RBAC resources should be created | 38 | | replicaCount | int | `1` | Number of instances of the Extended DaemonSet | 39 | | resources | object | `{}` | Sets resources requests/limits for Datadog Operator PODs | 40 | | securityContext | object | `{}` | Sets the security context | 41 | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | 42 | | serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | 43 | | tolerations | list | `[]` | Allows to schedule on tainted nodes | 44 | -------------------------------------------------------------------------------- /charts/extended-daemon-set/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for extendeddaemonset. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # replicaCount -- Number of instances of the Extended DaemonSet 6 | replicaCount: 1 7 | image: 8 | # image.repository -- Repository to use for the Extended DaemonSet image 9 | repository: datadog/extendeddaemonset 10 | # image.tag -- Defines the Extended DaemonSet version to use 11 | tag: v0.6.0 12 | # image.pullPolicy -- Defines the pullPolicy for the Extended DaemonSet image 13 | pullPolicy: IfNotPresent 14 | # imagePullSecrets -- Extended DaemonSet image repository pullSecret (ex: specify docker registry credentials) 15 | imagePullSecrets: [] 16 | # nameOverride -- Overrides name of app 17 | nameOverride: "" 18 | # fullnameOverride -- Overrides the full qualified app name 19 | fullnameOverride: "" 20 | # logLevel -- Sets the log level (debug, info, error, panic, fatal) 21 | logLevel: "info" 22 | # clusterScope -- Allows ExtendedDaemonset controller to watch all namespaces 23 | clusterScope: false 24 | pprof: 25 | # pprof.enabled -- Set to true to enable pprof 26 | enabled: false 27 | rbac: 28 | # rbac.create -- Specifies whether the RBAC resources should be created 29 | create: true 30 | serviceAccount: 31 | # serviceAccount.create -- Specifies whether a service account should be created 32 | create: true 33 | # serviceAccount.name -- The name of the service account to use. 34 | # If not set and create is true, a name is generated using the fullname template 35 | name: 36 | # podSecurityContext -- Sets the pod security context 37 | podSecurityContext: {} 38 | # fsGroup: 2000 39 | 40 | # securityContext -- Sets the security context 41 | securityContext: {} 42 | # capabilities: 43 | # drop: 44 | # - ALL 45 | # readOnlyRootFilesystem: true 46 | # runAsNonRoot: true 47 | # runAsUser: 1000 48 | 49 | # resources -- Sets resources requests/limits for Datadog Operator PODs 50 | resources: {} 51 | # We usually recommend not to specify default resources and to leave this as a conscious 52 | # choice for the user. This also increases chances charts run on environments with little 53 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 54 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 55 | # limits: 56 | # cpu: 100m 57 | # memory: 128Mi 58 | # requests: 59 | # cpu: 100m 60 | # memory: 128Mi 61 | 62 | # nodeSelector -- Allows to schedule on specific nodes 63 | nodeSelector: {} 64 | # tolerations -- Allows to schedule on tainted nodes 65 | tolerations: [] 66 | # affinity -- Allows to specify affinity for the Extended DaemonSet PODs 67 | affinity: {} 68 | 69 | datadog-crds: 70 | crds: 71 | # datadog-crds.crds.extendedDaemonSets -- Set to true to deploy all the EDS CRDs 72 | # (ExtendedDaemonSet, ExtendedDaemonSetReplicaSet, ExtendedDaemonSettings) 73 | extendedDaemonSets: true 74 | -------------------------------------------------------------------------------- /charts/datadog/templates/_container-system-probe.yaml: -------------------------------------------------------------------------------- 1 | {{- define "container-system-probe" -}} 2 | - name: system-probe 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 5 | securityContext: 6 | {{ toYaml .Values.agents.containers.systemProbe.securityContext | indent 4 }} 7 | command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] 8 | {{- if .Values.agents.containers.systemProbe.ports }} 9 | ports: 10 | {{ toYaml .Values.agents.containers.systemProbe.ports | indent 2 }} 11 | {{- end }} 12 | {{- if .Values.datadog.envFrom }} 13 | envFrom: 14 | {{ toYaml .Values.datadog.envFrom | indent 4 }} 15 | {{- end }} 16 | env: 17 | {{- include "containers-common-env" . | nindent 4 }} 18 | - name: DD_LOG_LEVEL 19 | value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} 20 | {{- if .Values.agents.containers.systemProbe.env }} 21 | {{ toYaml .Values.agents.containers.systemProbe.env | indent 4 }} 22 | {{- end }} 23 | resources: 24 | {{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} 25 | volumeMounts: 26 | - name: logdatadog 27 | mountPath: /var/log/datadog 28 | - name: tmpdir 29 | mountPath: /tmp 30 | readOnly: false 31 | - name: debugfs 32 | mountPath: /sys/kernel/debug 33 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 34 | - name: config 35 | mountPath: {{ template "datadog.confPath" . }} 36 | {{- if .Values.agents.useConfigMap }} 37 | - name: {{ template "datadog.fullname" . }}-datadog-yaml 38 | mountPath: {{ template "datadog.confPath" . }}/datadog.yaml 39 | subPath: datadog.yaml 40 | {{- end }} 41 | - name: sysprobe-config 42 | mountPath: /etc/datadog-agent/system-probe.yaml 43 | subPath: system-probe.yaml 44 | - name: sysprobe-socket-dir 45 | mountPath: /var/run/sysprobe 46 | - name: procdir 47 | mountPath: /host/proc 48 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 49 | readOnly: true 50 | {{- if or .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill }} 51 | - name: modules 52 | mountPath: /lib/modules 53 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 54 | readOnly: true 55 | - name: src 56 | mountPath: /usr/src 57 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 58 | readOnly: true 59 | {{- end }} 60 | {{- if and .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.policies.configMap }} 61 | - name: runtimepoliciesdir 62 | mountPath: /etc/datadog-agent/runtime-security.d 63 | readOnly: true 64 | {{- end }} 65 | {{- if .Values.agents.volumeMounts }} 66 | {{ toYaml .Values.agents.volumeMounts | indent 4 }} 67 | {{- end }} 68 | {{- end -}} 69 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "synthetics-private-location.fullname" . }} 5 | labels: 6 | {{- include "synthetics-private-location.labels" . | nindent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | {{- include "synthetics-private-location.selectorLabels" . | nindent 6 }} 12 | template: 13 | metadata: 14 | {{- with .Values.podAnnotations }} 15 | annotations: 16 | {{- toYaml . | nindent 8 }} 17 | {{- end }} 18 | labels: 19 | {{- include "synthetics-private-location.selectorLabels" . | nindent 8 }} 20 | spec: 21 | {{- with .Values.imagePullSecrets }} 22 | imagePullSecrets: 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | securityContext: 26 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 27 | serviceAccountName: {{ include "synthetics-private-location.serviceAccountName" . }} 28 | containers: 29 | - name: {{ .Chart.Name }} 30 | securityContext: 31 | {{- toYaml .Values.securityContext | nindent 12 }} 32 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 33 | imagePullPolicy: {{ .Values.image.pullPolicy }} 34 | livenessProbe: 35 | exec: 36 | command: 37 | - /bin/sh 38 | - -c 39 | - '[ $(expr $(cat /tmp/liveness.date) + 300000) -gt $(date +%s%3N) ]' 40 | initialDelaySeconds: 30 41 | periodSeconds: 10 42 | timeoutSeconds: 2 43 | failureThreshold: 3 44 | volumeMounts: 45 | - mountPath: /etc/datadog 46 | name: worker-config 47 | resources: 48 | {{- toYaml .Values.resources | nindent 12 }} 49 | {{- if .Values.envFrom }} 50 | envFrom: 51 | {{ toYaml .Values.envFrom | indent 12 }} 52 | {{- end }} 53 | {{- if .Values.env }} 54 | env: 55 | {{ toYaml .Values.env | indent 12 }} 56 | {{- end }} 57 | {{- with .Values.nodeSelector }} 58 | nodeSelector: 59 | {{- toYaml . | nindent 8 }} 60 | {{- end }} 61 | {{- with .Values.affinity }} 62 | affinity: 63 | {{- toYaml . | nindent 8 }} 64 | {{- end }} 65 | {{- with .Values.tolerations }} 66 | tolerations: 67 | {{- toYaml . | nindent 8 }} 68 | {{- end }} 69 | volumes: 70 | - name: worker-config 71 | {{- if .Values.configConfigMap }} 72 | configMap: 73 | name: {{ .Values.configConfigMap | quote }} 74 | {{- else }} 75 | secret: 76 | {{- if .Values.configSecret }} 77 | secretName: {{ .Values.configSecret | quote }} 78 | {{- else }} 79 | secretName: {{ include "synthetics-private-location.fullname" . }}-config 80 | {{- end }} 81 | {{- end }} 82 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-services.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "should-deploy-cluster-agent" .) "true" -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | spec: 10 | type: ClusterIP 11 | selector: 12 | app: {{ template "datadog.fullname" . }}-cluster-agent 13 | ports: 14 | - port: 5005 15 | name: agentport 16 | protocol: TCP 17 | {{ end }} 18 | 19 | {{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.metricsProvider.enabled -}} 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: {{ template "datadog.fullname" . }}-cluster-agent-metrics-api 25 | namespace: {{ .Release.Namespace }} 26 | labels: 27 | app: "{{ template "datadog.fullname" . }}" 28 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 29 | release: {{ .Release.Name | quote }} 30 | heritage: {{ .Release.Service | quote }} 31 | {{ include "datadog.labels" . | indent 4 }} 32 | spec: 33 | type: {{ .Values.clusterAgent.metricsProvider.service.type }} 34 | selector: 35 | app: {{ template "datadog.fullname" . }}-cluster-agent 36 | ports: 37 | - port: {{ template "clusterAgent.metricsProvider.port" . }} 38 | name: metricsapi 39 | protocol: TCP 40 | {{ end }} 41 | 42 | {{- if and (eq (include "should-deploy-cluster-agent" .) "true") .Values.clusterAgent.admissionController.enabled -}} 43 | --- 44 | apiVersion: v1 45 | kind: Service 46 | metadata: 47 | name: {{ template "datadog.fullname" . }}-cluster-agent-admission-controller 48 | namespace: {{ .Release.Namespace }} 49 | labels: 50 | app: "{{ template "datadog.fullname" . }}" 51 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 52 | release: {{ .Release.Name | quote }} 53 | heritage: {{ .Release.Service | quote }} 54 | {{ include "datadog.labels" . | indent 4 }} 55 | spec: 56 | selector: 57 | app: {{ template "datadog.fullname" . }}-cluster-agent 58 | ports: 59 | - port: 443 60 | targetPort: 8000 61 | {{ end }} 62 | 63 | {{- if .Values.datadog.serviceTopology.enabled -}} 64 | --- 65 | apiVersion: v1 66 | kind: Service 67 | metadata: 68 | name: {{ .Values.datadog.serviceTopology.serviceName | quote }} 69 | namespace: {{ .Release.Namespace }} 70 | labels: 71 | app: "{{ template "datadog.fullname" . }}" 72 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 73 | release: {{ .Release.Name | quote }} 74 | heritage: {{ .Release.Service | quote }} 75 | {{ include "datadog.labels" . | indent 4 }} 76 | spec: 77 | selector: 78 | app: {{ template "datadog.fullname" . }} 79 | ports: 80 | - protocol: UDP 81 | port: {{ .Values.datadog.dogstatsd.port }} 82 | targetPort: {{ .Values.datadog.dogstatsd.port }} 83 | name: dogstatsd 84 | {{- if .Values.datadog.apm.enabled }} 85 | - protocol: TCP 86 | port: {{ .Values.datadog.apm.port }} 87 | targetPort: {{ .Values.datadog.apm.port }} 88 | name: apm 89 | {{- end }} 90 | topologyKeys: 91 | - "kubernetes.io/hostname" 92 | {{ end }} 93 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-clusterchecks-cilium-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.clusterChecksRunner.networkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "cilium") -}} 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-clusterchecks 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | specs: 10 | - description: "Egress to metadata server" 11 | endpointSelector: 12 | matchLabels: 13 | app: {{ template "datadog.fullname" . }}-clusterchecks 14 | egress: 15 | - toCIDR: 16 | - 169.254.169.254/32 17 | toPorts: 18 | - ports: 19 | - port: "80" 20 | protocol: TCP 21 | - description: "Egress to DNS" 22 | endpointSelector: 23 | matchLabels: 24 | app: {{ template "datadog.fullname" . }}-clusterchecks 25 | egress: 26 | - {{ toYaml .Values.datadog.networkPolicy.cilium.dnsSelector | nindent 8 }} 27 | toPorts: 28 | - ports: 29 | - port: "53" 30 | protocol: ANY 31 | rules: 32 | dns: 33 | - matchPattern: "*" 34 | - description: "Egress to Datadog intake" 35 | endpointSelector: 36 | matchLabels: 37 | app: {{ template "datadog.fullname" . }}-clusterchecks 38 | egress: 39 | - toFQDNs: 40 | {{- if $.Values.datadog.dd_url}} 41 | - matchName: {{ trimPrefix "https://" $.Values.datadog.dd_url }} 42 | {{- end}} 43 | {{- if $.Values.datadog.site}} 44 | - matchPattern: "*-app.agent.{{ $.Values.datadog.site }}" 45 | {{- else}} 46 | - matchPattern: "*-app.agent.datadoghq.com" 47 | {{- end}} 48 | toPorts: 49 | - ports: 50 | - port: "443" 51 | protocol: TCP 52 | - description: "Egress to cluster agent" 53 | endpointSelector: 54 | matchLabels: 55 | app: {{ template "datadog.fullname" . }}-clusterchecks 56 | egress: 57 | - toEndpoints: 58 | - matchLabels: 59 | app: {{ template "datadog.fullname" . }}-cluster-agent 60 | {{- if .Values.clusterAgent.podLabels }} 61 | {{ toYaml .Values.clusterAgent.podLabels | indent 12 }} 62 | {{- end }} 63 | toPorts: 64 | - ports: 65 | - port: "5005" 66 | protocol: TCP 67 | # The cluster check runners are susceptible to connect to any service 68 | # that would be annotated with auto-discovery annotations. 69 | # 70 | # When a user wants to add a check on one of its service, he needs to 71 | # * annotate its service 72 | # * add an ingress policy from the CLC on its own pod 73 | # In order to not ask end-users to inject NetworkPolicy on the agent in 74 | # the agent namespace, the agent must be allowed to probe any service. 75 | - description: "Egress to anything for service checks" 76 | endpointSelector: 77 | matchLabels: 78 | app: {{ template "datadog.fullname" . }}-clusterchecks 79 | egress: 80 | - toEndpoints: 81 | - matchExpressions: 82 | - key: k8s:io.kubernetes.pod.namespace 83 | operator: Exists 84 | {{- end }} 85 | -------------------------------------------------------------------------------- /charts/datadog/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.agents.rbac.create -}} 2 | apiVersion: {{ template "rbac.apiVersion" . }} 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "datadog.fullname" . }} 6 | labels: 7 | {{ include "datadog.labels" . | indent 4 }} 8 | rules: 9 | {{- if eq (include "should-deploy-cluster-agent" .) "false" }} 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - services 14 | - events 15 | - endpoints 16 | - pods 17 | - nodes 18 | - namespaces 19 | - componentstatuses 20 | verbs: 21 | - get 22 | - list 23 | - watch 24 | - apiGroups: ["quota.openshift.io"] 25 | resources: 26 | - clusterresourcequotas 27 | verbs: 28 | - get 29 | - list 30 | {{- if .Values.datadog.collectEvents }} 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - configmaps 35 | resourceNames: 36 | - datadogtoken # Kubernetes event collection state 37 | verbs: 38 | - get 39 | - update 40 | {{- end }} 41 | {{- if .Values.datadog.leaderElection }} 42 | - apiGroups: 43 | - "" 44 | resources: 45 | - configmaps 46 | resourceNames: 47 | - datadog-leader-election # Leader election token 48 | verbs: 49 | - get 50 | - update 51 | - apiGroups: # To create the leader election token 52 | - "" 53 | resources: 54 | - configmaps 55 | verbs: 56 | - create 57 | {{- end }} 58 | - nonResourceURLs: 59 | - "/version" 60 | - "/healthz" 61 | verbs: 62 | - get 63 | {{- end }} 64 | - nonResourceURLs: 65 | - "/metrics" 66 | verbs: 67 | - get 68 | - apiGroups: # Kubelet connectivity 69 | - "" 70 | resources: 71 | - nodes/metrics 72 | - nodes/spec 73 | - nodes/proxy 74 | - nodes/stats 75 | verbs: 76 | - get 77 | - apiGroups: # leader election check 78 | - "" 79 | resources: 80 | - endpoints 81 | verbs: 82 | - get 83 | - apiGroups: 84 | - policy 85 | resources: 86 | - podsecuritypolicies 87 | verbs: 88 | - use 89 | resourceNames: 90 | - {{ template "datadog.fullname" . }} 91 | - apiGroups: 92 | - "security.openshift.io" 93 | resources: 94 | - securitycontextconstraints 95 | verbs: 96 | - use 97 | resourceNames: 98 | - {{ template "datadog.fullname" . }} 99 | - hostaccess 100 | - privileged 101 | - apiGroups: # leader election check 102 | - "coordination.k8s.io" 103 | resources: 104 | - leases 105 | verbs: 106 | - get 107 | --- 108 | apiVersion: {{ template "rbac.apiVersion" . }} 109 | kind: ClusterRoleBinding 110 | metadata: 111 | name: {{ template "datadog.fullname" . }} 112 | labels: 113 | {{ include "datadog.labels" . | indent 4 }} 114 | roleRef: 115 | apiGroup: rbac.authorization.k8s.io 116 | kind: ClusterRole 117 | name: {{ template "datadog.fullname" . }} 118 | subjects: 119 | - kind: ServiceAccount 120 | name: {{ template "datadog.fullname" . }} 121 | namespace: {{ .Release.Namespace }} 122 | --- 123 | apiVersion: v1 124 | kind: ServiceAccount 125 | metadata: 126 | name: {{ template "datadog.fullname" . }} 127 | namespace: {{ .Release.Namespace }} 128 | {{- if .Values.agents.rbac.serviceAccountAnnotations }} 129 | annotations: {{ tpl (toYaml .Values.agents.rbac.serviceAccountAnnotations) . | nindent 4}} 130 | {{- end }} 131 | labels: 132 | {{ include "datadog.labels" . | indent 4 }} 133 | {{- end -}} 134 | -------------------------------------------------------------------------------- /charts/datadog-operator/README.md: -------------------------------------------------------------------------------- 1 | # Datadog Operator 2 | 3 | ![Version: 0.6.3](https://img.shields.io/badge/Version-0.6.3-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) 4 | 5 | ## Values 6 | 7 | | Key | Type | Default | Description | 8 | |-----|------|---------|-------------| 9 | | affinity | object | `{}` | Allows to specify affinity for Datadog Operator PODs | 10 | | apiKey | string | `nil` | Your Datadog API key | 11 | | apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one | 12 | | appKey | string | `nil` | Your Datadog APP key | 13 | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | 14 | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | 15 | | datadog-crds.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | 16 | | datadog-crds.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | 17 | | datadog-crds.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | 18 | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | 19 | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | 20 | | fullnameOverride | string | `""` | | 21 | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | 22 | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | 23 | | image.tag | string | `"0.6.0"` | Define the Datadog Operator version to use | 24 | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | 25 | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | 26 | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | 27 | | metricsPort | int | `8383` | Port used for OpenMetrics endpoint | 28 | | nameOverride | string | `""` | Override name of app | 29 | | nodeSelector | object | `{}` | Allows to schedule Datadog Operator on specific nodes | 30 | | podAnnotations | object | `{}` | Allows setting additional annotations for Datadog Operator PODs | 31 | | podLabels | object | `{}` | Allows setting additional labels for for Datadog Operator PODs | 32 | | rbac.create | bool | `true` | Specifies whether the RBAC resources should be created | 33 | | replicaCount | int | `1` | Number of instances of Datadog Operator | 34 | | resources | object | `{}` | Set resources requests/limits for Datadog Operator PODs | 35 | | secretBackend.arguments | string | `""` | Specifies the space-separated arguments passed to the command that implements the secret backend api | 36 | | secretBackend.command | string | `""` | Specifies the path to the command that implements the secret backend api | 37 | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | 38 | | serviceAccount.name | string | `nil` | The name of the service account to use. If not set name is generated using the fullname template | 39 | | supportExtendedDaemonset | string | `"false"` | If true, supports using ExtendedDeamonSet CRD | 40 | | tolerations | list | `[]` | Allows to schedule Datadog Operator on tainted nodes | -------------------------------------------------------------------------------- /charts/synthetics-private-location/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for synthetics-private-location. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # replicaCount -- Number of instances of Datadog Synthetics Private Location 6 | replicaCount: 1 7 | 8 | image: 9 | # image.repository -- Repository to use for Datadog Synthetics Private Location image 10 | repository: gcr.io/datadoghq/synthetics-private-location-worker 11 | # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image 12 | pullPolicy: IfNotPresent 13 | # image.tag -- Define the Datadog Synthetics Private Location version to use 14 | tag: 1.14.0 15 | 16 | # imagePullSecrets -- Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) 17 | imagePullSecrets: [] 18 | # nameOverride -- Override name of app 19 | nameOverride: "" 20 | # fullnameOverride -- Override the full qualified app name 21 | fullnameOverride: "" 22 | 23 | serviceAccount: 24 | # serviceAccount.create -- Specifies whether a service account should be created 25 | create: true 26 | # serviceAccount.name -- The name of the service account to use. If not set name is generated using the fullname template 27 | name: "" 28 | 29 | # podAnnotations -- Annotations to set to Datadog Synthetics Private Location PODs 30 | podAnnotations: {} 31 | 32 | # podSecurityContext -- Security context to set to Datadog Synthetics Private Location PODs 33 | podSecurityContext: {} 34 | # fsGroup: 2000 35 | 36 | # securityContext -- Security context to set to the Datadog Synthetics Private Location container 37 | securityContext: {} 38 | # capabilities: 39 | # drop: 40 | # - ALL 41 | # readOnlyRootFilesystem: true 42 | # runAsNonRoot: true 43 | # runAsUser: 1000 44 | 45 | # resources -- Set resources requests/limits for Datadog Synthetics Private Location PODs 46 | resources: {} 47 | # We usually recommend not to specify default resources and to leave this as a conscious 48 | # choice for the user. This also increases chances charts run on environments with little 49 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 50 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 51 | # limits: 52 | # cpu: 100m 53 | # memory: 128Mi 54 | # requests: 55 | # cpu: 100m 56 | # memory: 128Mi 57 | 58 | # nodeSelector -- Allows to schedule Datadog Synthetics Private Location on specific nodes 59 | nodeSelector: {} 60 | # tolerations -- Allows to schedule Datadog Synthetics Private Location on tainted nodes 61 | tolerations: [] 62 | # affinity -- Allows to specify affinity for Datadog Synthetics Private Location PODs 63 | affinity: {} 64 | 65 | # configFile -- JSON string containing the configuration of the private location worker 66 | configFile: "{}" 67 | 68 | # configConfigMap -- Config Map that stores the configuration of the private location worked for the deployment 69 | configConfigMap: "" 70 | 71 | # configSecret -- Secret that stores the configuration of the private location worker for the deployment 72 | configSecret: "" 73 | 74 | # envFrom -- Set environment variables from configMaps and/or secrets 75 | envFrom: [] 76 | # - configMapRef: 77 | # name: 78 | # - secretRef: 79 | # name: 80 | 81 | # env -- Set environment variables 82 | env: [] 83 | # - name: 84 | # value: 85 | -------------------------------------------------------------------------------- /charts/datadog/templates/_daemonset-volumes-linux.yaml: -------------------------------------------------------------------------------- 1 | {{- define "daemonset-volumes-linux" -}} 2 | - name: logdatadog 3 | emptyDir: {} 4 | - name: tmpdir 5 | emptyDir: {} 6 | - hostPath: 7 | path: /proc 8 | name: procdir 9 | - hostPath: 10 | path: /sys/fs/cgroup 11 | name: cgroups 12 | {{- if .Values.datadog.dogstatsd.useSocketVolume }} 13 | - hostPath: 14 | path: {{ .Values.datadog.dogstatsd.hostSocketPath }} 15 | type: DirectoryOrCreate 16 | name: dsdsocket 17 | {{- else }} 18 | - emptyDir: {} 19 | name: dsdsocket 20 | {{- end }} 21 | {{- if .Values.datadog.kubelet.hostCAPath }} 22 | - hostPath: 23 | path: {{ .Values.datadog.kubelet.hostCAPath }} 24 | type: File 25 | name: kubelet-ca 26 | {{- end }} 27 | {{- if .Values.datadog.apm.useSocketVolume }} 28 | - hostPath: 29 | path: {{ .Values.datadog.apm.hostSocketPath }} 30 | type: DirectoryOrCreate 31 | name: apmsocket 32 | {{- end }} 33 | - name: s6-run 34 | emptyDir: {} 35 | {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} 36 | - name: confd 37 | configMap: 38 | name: {{ template "datadog.fullname" . }}-confd 39 | {{- end }} 40 | {{- if eq (include "should-enable-system-probe" .) "true" }} 41 | - name: sysprobe-config 42 | configMap: 43 | name: {{ template "datadog.fullname" . }}-system-probe-config 44 | {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} 45 | - name: datadog-agent-security 46 | configMap: 47 | name: {{ template "datadog.fullname" . }}-security 48 | - hostPath: 49 | path: {{ .Values.datadog.systemProbe.seccompRoot }} 50 | name: seccomp-root 51 | {{- end }} 52 | - hostPath: 53 | path: /sys/kernel/debug 54 | name: debugfs 55 | - name: sysprobe-socket-dir 56 | emptyDir: {} 57 | {{- if or .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill }} 58 | - hostPath: 59 | path: /lib/modules 60 | name: modules 61 | - hostPath: 62 | path: /usr/src 63 | name: src 64 | {{- end }} 65 | {{- end }} 66 | {{- if or .Values.datadog.processAgent.enabled (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} 67 | - hostPath: 68 | path: /etc/passwd 69 | name: passwd 70 | {{- end }} 71 | {{- if eq (include "should-enable-security-agent" .) "true" }} 72 | {{- if .Values.datadog.securityAgent.compliance.enabled }} 73 | - hostPath: 74 | path: /etc/group 75 | name: group 76 | - hostPath: 77 | path: / 78 | name: hostroot 79 | {{- if .Values.datadog.securityAgent.compliance.configMap }} 80 | - name: complianceconfigdir 81 | configMap: 82 | name: {{ .Values.datadog.securityAgent.compliance.configMap }} 83 | {{- end }} 84 | {{- end }} 85 | {{- if and .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.policies.configMap }} 86 | - name: runtimepoliciesdir 87 | configMap: 88 | name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} 89 | {{- end }} 90 | {{- end }} 91 | {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} 92 | - hostPath: 93 | path: {{ template "datadog.hostMountRoot" . }}/logs 94 | name: pointerdir 95 | - hostPath: 96 | path: /var/log/pods 97 | name: logpodpath 98 | - hostPath: 99 | path: /var/log/containers 100 | name: logscontainerspath 101 | {{- if not .Values.datadog.criSocketPath }} 102 | - hostPath: 103 | path: /var/lib/docker/containers 104 | name: logdockercontainerpath 105 | {{- end }} 106 | {{- end }} 107 | {{- end -}} 108 | -------------------------------------------------------------------------------- /charts/synthetics-private-location/README.md: -------------------------------------------------------------------------------- 1 | # Datadog Synthetics Private Location 2 | 3 | ![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) 4 | 5 | [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). 6 | 7 | ## How to use Datadog Helm repository 8 | 9 | You need to add this repository to your Helm repositories: 10 | 11 | ``` 12 | helm repo add datadog https://helm.datadoghq.com 13 | helm repo update 14 | ``` 15 | 16 | ## Quick start 17 | 18 | To install the chart with the release name ``, retrieve your Private Location configuration file from your [Synthetics Private Location settings page](https://app.datadoghq.com/synthetics/settings/private-locations/) and save it under `config.json` then run: 19 | 20 | ```bash 21 | helm install datadog/synthetics-private-location --set-file configFile=config.json 22 | ``` 23 | 24 | ## Values 25 | 26 | | Key | Type | Default | Description | 27 | |-----|------|---------|-------------| 28 | | affinity | object | `{}` | Allows to specify affinity for Datadog Synthetics Private Location PODs | 29 | | configConfigMap | string | `""` | Config Map that stores the configuration of the private location worked for the deployment | 30 | | configFile | string | `"{}"` | JSON string containing the configuration of the private location worker | 31 | | configSecret | string | `""` | Secret that stores the configuration of the private location worker for the deployment | 32 | | env | list | `[]` | Set environment variables | 33 | | envFrom | list | `[]` | Set environment variables from configMaps and/or secrets | 34 | | fullnameOverride | string | `""` | Override the full qualified app name | 35 | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | 36 | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | 37 | | image.tag | string | `"1.14.0"` | Define the Datadog Synthetics Private Location version to use | 38 | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | 39 | | nameOverride | string | `""` | Override name of app | 40 | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | 41 | | podAnnotations | object | `{}` | Annotations to set to Datadog Synthetics Private Location PODs | 42 | | podSecurityContext | object | `{}` | Security context to set to Datadog Synthetics Private Location PODs | 43 | | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | 44 | | resources | object | `{}` | Set resources requests/limits for Datadog Synthetics Private Location PODs | 45 | | securityContext | object | `{}` | Security context to set to the Datadog Synthetics Private Location container | 46 | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | 47 | | serviceAccount.name | string | `""` | The name of the service account to use. If not set name is generated using the fullname template | 48 | | tolerations | list | `[]` | Allows to schedule Datadog Synthetics Private Location on tainted nodes | 49 | -------------------------------------------------------------------------------- /charts/datadog-crds/update-crds.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | ROOT=$(git rev-parse --show-toplevel) 5 | 6 | DATADOG_OPERATOR_REPO=Datadog/datadog-operator 7 | DATADOG_EXTENDED_DAEMON_SET_REPO=Datadog/extendeddaemonset 8 | 9 | DATADOG_OPERATOR_TAG=main 10 | if [[ $# -eq 1 ]] || [[ $# -eq 2 ]]; then 11 | DATADOG_OPERATOR_TAG=$1 12 | fi 13 | 14 | DATADOG_EXTENDED_DAEMON_SET_TAG=main 15 | if [[ $# -eq 2 ]] ; then 16 | DATADOG_EXTENDED_DAEMON_SET_TAG=$2 17 | fi 18 | 19 | download_crd() { 20 | repo=$1 21 | tag=$2 22 | name=$3 23 | installOption=$4 # Name of the option to install the CRD (defined in values.yaml) 24 | version=$5 25 | 26 | inFile=datadoghq.com_$name.yaml 27 | # shellcheck disable=SC2154 28 | outFile=datadoghq.com_"$name"_"$version".yaml 29 | path=$ROOT/charts/datadog-crds/templates/$outFile 30 | echo "Download CRD \"$inFile\" version \"$version\" from repo \"$repo\" tag \"$tag\"" 31 | curl --silent --show-error --fail --location --output "$path" "https://raw.githubusercontent.com/$repo/$tag/config/crd/bases/$version/$inFile" 32 | 33 | # This case is needed because v1 CRDs are not present in any released version of the EDS yet. 34 | # Once they are, the EDS case should be handled as the operator is now. 35 | case "$repo" in 36 | "$DATADOG_OPERATOR_REPO") 37 | ifCondition="{{- if and .Values.crds.$installOption (not (.Capabilities.APIVersions.Has \"apiextensions.k8s.io/v1/CustomResourceDefinition\")) }}" 38 | if [ "$version" = "v1" ]; then 39 | ifCondition="{{- if and .Values.crds.$installOption (.Capabilities.APIVersions.Has \"apiextensions.k8s.io/v1/CustomResourceDefinition\") }}" 40 | cp "$path" "$ROOT/crds/datadoghq.com_$name.yaml" 41 | fi 42 | ;; 43 | "$DATADOG_EXTENDED_DAEMON_SET_REPO") 44 | ifCondition="{{- if .Values.crds.$installOption }}" 45 | cp "$path" "$ROOT/crds/datadoghq.com_$name.yaml" 46 | ;; 47 | esac 48 | 49 | VALUE="'{{ include \"datadog-crds.chart\" . }}'" \ 50 | yq eval '.metadata.labels."helm.sh/chart" = env(VALUE)' -i "$path" 51 | yq eval '.metadata.labels."app.kubernetes.io/managed-by" = "{{ .Release.Service }}"' -i "$path" 52 | VALUE="'{{ include \"datadog-crds.name\" . }}'" \ 53 | yq eval '.metadata.labels."app.kubernetes.io/name" = env(VALUE)' -i "$path" 54 | yq eval '.metadata.labels."app.kubernetes.io/instance" = "{{ .Release.Name }}"' -i "$path" 55 | 56 | { echo "$ifCondition"; cat "$path"; } > tmp.file 57 | mv tmp.file "$path" 58 | echo '{{- end }}' >> "$path" 59 | } 60 | 61 | mkdir -p "$ROOT/crds" 62 | download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1beta1 63 | download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1 64 | download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1beta1 65 | download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 66 | download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 67 | download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 68 | 69 | # v1 CRDs are not present in any released version yet. Add them here when they are. 70 | eds_crds=(extendeddaemonsetreplicasets extendeddaemonsets extendeddaemonsetsettings) 71 | for eds_crd in "${eds_crds[@]}" 72 | do 73 | download_crd "$DATADOG_EXTENDED_DAEMON_SET_REPO" "$DATADOG_EXTENDED_DAEMON_SET_TAG" "$eds_crd" extendedDaemonSets v1beta1 74 | done 75 | -------------------------------------------------------------------------------- /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | name: Lint and Test Charts 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - "charts/**" 7 | 8 | jobs: 9 | changed: 10 | runs-on: ubuntu-latest 11 | outputs: 12 | charts: ${{ steps.list-changed.outputs.changed }} 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v1 16 | - name: Set up Helm 17 | uses: azure/setup-helm@v1 18 | with: 19 | version: v3.4.1 20 | - uses: actions/setup-python@v2 21 | with: 22 | python-version: 3.7 23 | - name: Set up chart-testing 24 | uses: helm/chart-testing-action@v2.1.0 25 | - name: Run chart-testing (list-changed) 26 | id: list-changed 27 | env: 28 | CT_DEBUG: "false" 29 | run: | 30 | changed=$(ct list-changed --config .github/ct.yaml) 31 | if [[ -n "$changed" ]]; then 32 | echo -n "Charts changed:" 33 | echo "$changed" 34 | echo "::set-output name=changed::$changed" 35 | else 36 | echo "PR without any chart changes - failing" 37 | exit 1 38 | fi 39 | 40 | lint-chart: 41 | runs-on: ubuntu-latest 42 | needs: 43 | - changed 44 | steps: 45 | - name: Checkout 46 | uses: actions/checkout@v1 47 | - uses: actions/setup-python@v2 48 | with: 49 | python-version: 3.7 50 | - name: Set up chart-testing 51 | uses: helm/chart-testing-action@v2.1.0 52 | - name: Run chart-testing (lint) 53 | run: ct lint --config .github/ct.yaml 54 | 55 | lint-docs: 56 | runs-on: ubuntu-latest 57 | needs: 58 | - changed 59 | steps: 60 | - name: Checkout 61 | uses: actions/checkout@v1 62 | - name: Run helm-docs 63 | run: .github/helm-docs.sh 64 | 65 | kubeval-chart: 66 | runs-on: ubuntu-latest 67 | needs: 68 | - changed 69 | strategy: 70 | matrix: 71 | # When changing versions here, check that the version exists at: https://github.com/instrumenta/kubernetes-json-schema 72 | k8s: 73 | - v1.14.10 74 | - v1.16.4 75 | - v1.18.1 76 | steps: 77 | - name: Checkout 78 | uses: actions/checkout@v1 79 | - name: Add datadog helm repo 80 | run: helm repo add datadog https://helm.datadoghq.com && helm repo update 81 | - name: Add KSM helm repo 82 | run: helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts 83 | - name: Run kubeval 84 | env: 85 | KUBERNETES_VERSION: ${{ matrix.k8s }} 86 | CHANGED_CHARTS: ${{needs.changed.outputs.charts}} 87 | run: .github/kubeval.sh 88 | 89 | install-chart: 90 | name: install-chart 91 | runs-on: ubuntu-latest 92 | needs: 93 | - lint-chart 94 | - kubeval-chart 95 | strategy: 96 | matrix: 97 | k8s: 98 | - v1.14.10 99 | - v1.16.9 100 | - v1.18.4 101 | steps: 102 | - name: Checkout 103 | uses: actions/checkout@v1 104 | - name: Create kind ${{ matrix.k8s }} cluster 105 | uses: helm/kind-action@main 106 | with: 107 | node_image: kindest/node:${{ matrix.k8s }} 108 | - uses: actions/setup-python@v2 109 | with: 110 | python-version: 3.7 111 | - name: Set up chart-testing 112 | uses: helm/chart-testing-action@v2.1.0 113 | - name: Run chart-testing (install) 114 | run: ct install --config .github/ct.yaml 115 | 116 | pr-validated: 117 | name: pr-validated 118 | runs-on: ubuntu-latest 119 | needs: 120 | - install-chart 121 | steps: 122 | - name: validate 123 | run: echo "PR OK" 124 | -------------------------------------------------------------------------------- /charts/datadog/templates/_container-trace-agent.yaml: -------------------------------------------------------------------------------- 1 | {{- define "container-trace-agent" -}} 2 | - name: trace-agent 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 5 | {{- if eq .Values.targetSystem "linux" }} 6 | command: ["trace-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] 7 | {{- end }} 8 | {{- if eq .Values.targetSystem "windows" }} 9 | command: ["trace-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] 10 | {{- end }} 11 | {{- if .Values.agents.containers.traceAgent.securityContext }} 12 | securityContext: 13 | {{ toYaml .Values.agents.containers.traceAgent.securityContext | nindent 4 }} 14 | {{- end }} 15 | resources: 16 | {{ toYaml .Values.agents.containers.traceAgent.resources | indent 4 }} 17 | ports: 18 | - containerPort: {{ .Values.datadog.apm.port }} 19 | hostPort: {{ .Values.datadog.apm.port }} 20 | name: traceport 21 | protocol: TCP 22 | {{- if .Values.agents.containers.traceAgent.ports }} 23 | {{ toYaml .Values.agents.containers.traceAgent.ports | indent 2 }} 24 | {{- end }} 25 | {{- if .Values.datadog.envFrom }} 26 | envFrom: 27 | {{ toYaml .Values.datadog.envFrom | indent 4 }} 28 | {{- end }} 29 | env: 30 | {{- include "containers-common-env" . | nindent 4 }} 31 | {{- include "containers-cluster-agent-env" . | nindent 4 }} 32 | - name: DD_LOG_LEVEL 33 | value: {{ .Values.agents.containers.traceAgent.logLevel | default .Values.datadog.logLevel | quote }} 34 | - name: DD_APM_ENABLED 35 | value: "true" 36 | - name: DD_APM_NON_LOCAL_TRAFFIC 37 | value: "true" 38 | - name: DD_APM_RECEIVER_PORT 39 | value: {{ .Values.datadog.apm.port | quote }} 40 | {{- if .Values.datadog.apm.useSocketVolume }} 41 | - name: DD_APM_RECEIVER_SOCKET 42 | value: {{ .Values.datadog.apm.socketPath | quote }} 43 | {{- end }} 44 | {{- if eq .Values.targetSystem "linux" }} 45 | - name: DD_DOGSTATSD_SOCKET 46 | value: {{ .Values.datadog.dogstatsd.socketPath | quote }} 47 | {{- end }} 48 | {{- if .Values.agents.containers.traceAgent.env }} 49 | {{ toYaml .Values.agents.containers.traceAgent.env | indent 4 }} 50 | {{- end }} 51 | volumeMounts: 52 | - name: config 53 | mountPath: {{ template "datadog.confPath" . }} 54 | {{- if .Values.agents.useConfigMap }} 55 | - name: {{ template "datadog.fullname" . }}-datadog-yaml 56 | mountPath: {{ template "datadog.confPath" . }}/datadog.yaml 57 | subPath: datadog.yaml 58 | {{- end }} 59 | {{- if eq .Values.targetSystem "linux" }} 60 | - name: logdatadog 61 | mountPath: /var/log/datadog 62 | - name: tmpdir 63 | mountPath: /tmp 64 | readOnly: false 65 | - name: dsdsocket 66 | mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} 67 | {{- if and .Values.datadog.apm.useSocketVolume (ne (dir .Values.datadog.dogstatsd.socketPath) (dir .Values.datadog.apm.socketPath)) }} 68 | - name: apmsocket 69 | mountPath: {{ (dir .Values.datadog.apm.socketPath) }} 70 | {{- end }} 71 | - name: runtimesocketdir 72 | mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} 73 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 74 | readOnly: true 75 | {{- end }} 76 | {{- if eq .Values.targetSystem "windows" }} 77 | - name: runtimesocket 78 | mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} 79 | {{- end }} 80 | {{- if .Values.datadog.kubelet.hostCAPath }} 81 | {{ include "datadog.kubelet.volumeMount" . | indent 4 }} 82 | {{- end }} 83 | {{- if .Values.agents.volumeMounts }} 84 | {{ toYaml .Values.agents.volumeMounts | indent 4 }} 85 | {{- end }} 86 | livenessProbe: 87 | {{- $live := .Values.agents.containers.traceAgent.livenessProbe }} 88 | {{ include "probe.tcp" (dict "port" .Values.datadog.apm.port "settings" $live ) | indent 4 }} 89 | {{- end -}} 90 | -------------------------------------------------------------------------------- /charts/datadog-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for datadog-operator. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | # replicaCount -- Number of instances of Datadog Operator 6 | replicaCount: 1 7 | 8 | # apiKey -- Your Datadog API key 9 | apiKey: # 10 | 11 | # apiKeyExistingSecret -- Use existing Secret which stores API key instead of creating a new one 12 | ## If set, this parameter takes precedence over "apiKey". 13 | apiKeyExistingSecret: # 14 | 15 | # appKey -- Your Datadog APP key 16 | appKey: # 17 | 18 | # dd_url -- The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL 19 | ## Overrides the site setting defined in "site". 20 | dd_url: # 21 | 22 | # appKeyExistingSecret -- Use existing Secret which stores APP key instead of creating a new one 23 | ## If set, this parameter takes precedence over "appKey". 24 | appKeyExistingSecret: # 25 | 26 | image: 27 | # image.repository -- Repository to use for Datadog Operator image 28 | repository: gcr.io/datadoghq/operator 29 | # image.tag -- Define the Datadog Operator version to use 30 | tag: 0.6.0 31 | # image.pullPolicy -- Define the pullPolicy for Datadog Operator image 32 | pullPolicy: IfNotPresent 33 | # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) 34 | imagePullSecrets: [] 35 | # nameOverride -- Override name of app 36 | nameOverride: "" 37 | # fullNameOverride -- Override the full qualified app name 38 | fullnameOverride: "" 39 | # logLevel -- Set Datadog Operator log level (debug, info, error, panic, fatal) 40 | logLevel: "info" 41 | # supportExtendedDaemonset -- If true, supports using ExtendedDeamonSet CRD 42 | supportExtendedDaemonset: "false" 43 | # metricsPort -- Port used for OpenMetrics endpoint 44 | metricsPort: 8383 45 | secretBackend: 46 | # secretBackend.command -- Specifies the path to the command that implements the secret backend api 47 | command: "" 48 | # secretBackend.arguments -- Specifies the space-separated arguments passed to the command that implements the secret backend api 49 | arguments: "" 50 | datadogMonitor: 51 | # datadogMonitor.enabled -- Enables the Datadog Monitor controller 52 | enabled: false 53 | rbac: 54 | # rbac.create -- Specifies whether the RBAC resources should be created 55 | create: true 56 | serviceAccount: 57 | # serviceAccount.create -- Specifies whether a service account should be created 58 | create: true 59 | # serviceAccount.name -- The name of the service account to use. If not set name is generated using the fullname template 60 | name: 61 | # resources -- Set resources requests/limits for Datadog Operator PODs 62 | resources: {} 63 | # We usually recommend not to specify default resources and to leave this as a conscious 64 | # choice for the user. This also increases chances charts run on environments with little 65 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 66 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 67 | # limits: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | # requests: 71 | # cpu: 100m 72 | # memory: 128Mi 73 | 74 | # nodeSelector -- Allows to schedule Datadog Operator on specific nodes 75 | nodeSelector: {} 76 | # tolerations -- Allows to schedule Datadog Operator on tainted nodes 77 | tolerations: [] 78 | # affinity -- Allows to specify affinity for Datadog Operator PODs 79 | affinity: {} 80 | 81 | # installCRDs -- Set to true to deploy the Datadog's CRDs 82 | installCRDs: true 83 | 84 | datadog-crds: 85 | crds: 86 | # datadog-crds.crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD 87 | datadogAgents: true 88 | # datadog-crds.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD 89 | datadogMetrics: true 90 | # datadog-crds.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD 91 | datadogMonitors: true 92 | 93 | # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs 94 | podAnnotations: {} 95 | # podLabels -- Allows setting additional labels for for Datadog Operator PODs 96 | podLabels: {} 97 | 98 | # collectOperatorMetrics -- Configures an openmetrics check to collect operator metrics 99 | collectOperatorMetrics: true 100 | -------------------------------------------------------------------------------- /charts/datadog/templates/_container-process-agent.yaml: -------------------------------------------------------------------------------- 1 | {{- define "container-process-agent" -}} 2 | - name: process-agent 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 5 | {{- if eq .Values.targetSystem "linux" }} 6 | command: ["process-agent", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] 7 | {{- end }} 8 | {{- if eq .Values.targetSystem "windows" }} 9 | command: ["process-agent", "-foreground", "-config={{ template "datadog.confPath" . }}/datadog.yaml"] 10 | {{- end }} 11 | {{- if .Values.agents.containers.processAgent.securityContext }} 12 | securityContext: 13 | {{ toYaml .Values.agents.containers.processAgent.securityContext | nindent 4 }} 14 | {{- end }} 15 | {{- if .Values.agents.containers.processAgent.ports }} 16 | ports: 17 | {{ toYaml .Values.agents.containers.processAgent.ports | indent 2 }} 18 | {{- end }} 19 | resources: 20 | {{ toYaml .Values.agents.containers.processAgent.resources | indent 4 }} 21 | {{- if .Values.datadog.envFrom }} 22 | envFrom: 23 | {{ toYaml .Values.datadog.envFrom | indent 4 }} 24 | {{- end }} 25 | env: 26 | {{- include "containers-common-env" . | nindent 4 }} 27 | {{- include "containers-cluster-agent-env" . | nindent 4 }} 28 | {{- if .Values.datadog.processAgent.processCollection }} 29 | - name: DD_PROCESS_AGENT_ENABLED 30 | value: "true" 31 | {{- end }} 32 | - name: DD_LOG_LEVEL 33 | value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} 34 | - name: DD_SYSTEM_PROBE_ENABLED 35 | value: {{ .Values.datadog.networkMonitoring.enabled | quote }} 36 | {{- if .Values.datadog.networkMonitoring.enabled }} 37 | - name: DD_SYSTEM_PROBE_NETWORK_ENABLED 38 | value: {{ .Values.datadog.networkMonitoring.enabled | quote }} 39 | {{- end }} 40 | {{- if eq .Values.targetSystem "linux" }} 41 | - name: DD_DOGSTATSD_SOCKET 42 | value: {{ .Values.datadog.dogstatsd.socketPath | quote }} 43 | {{- end }} 44 | - name: DD_ORCHESTRATOR_EXPLORER_ENABLED 45 | value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} 46 | {{- if .Values.agents.containers.processAgent.env }} 47 | {{ toYaml .Values.agents.containers.processAgent.env | indent 4 }} 48 | {{- end }} 49 | volumeMounts: 50 | - name: config 51 | mountPath: {{ template "datadog.confPath" . }} 52 | {{- if eq .Values.targetSystem "linux" }} 53 | - name: runtimesocketdir 54 | mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} 55 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 56 | readOnly: true 57 | - name: logdatadog 58 | mountPath: /var/log/datadog 59 | - name: tmpdir 60 | mountPath: /tmp 61 | readOnly: false 62 | {{- end }} 63 | {{- if eq .Values.targetSystem "windows" }} 64 | - name: runtimesocket 65 | mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} 66 | {{- end }} 67 | {{- if .Values.agents.useConfigMap }} 68 | - name: {{ template "datadog.fullname" . }}-datadog-yaml 69 | mountPath: {{ template "datadog.confPath" . }}/datadog.yaml 70 | subPath: datadog.yaml 71 | {{- end }} 72 | {{- if eq .Values.targetSystem "linux" }} 73 | - name: cgroups 74 | mountPath: /host/sys/fs/cgroup 75 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 76 | readOnly: true 77 | - name: passwd 78 | mountPath: /etc/passwd 79 | readOnly: true 80 | - name: procdir 81 | mountPath: /host/proc 82 | mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} 83 | readOnly: true 84 | - name: dsdsocket 85 | mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} 86 | readOnly: true 87 | {{- if eq (include "should-enable-system-probe" .) "true" }} 88 | - name: sysprobe-socket-dir 89 | mountPath: /var/run/sysprobe 90 | readOnly: true 91 | - name: sysprobe-config 92 | mountPath: /etc/datadog-agent/system-probe.yaml 93 | subPath: system-probe.yaml 94 | {{- end }} 95 | {{- end }} 96 | {{- if .Values.datadog.kubelet.hostCAPath }} 97 | {{ include "datadog.kubelet.volumeMount" . | indent 4 }} 98 | {{- end }} 99 | {{- if .Values.agents.volumeMounts }} 100 | {{ toYaml .Values.agents.volumeMounts | indent 4 }} 101 | {{- end }} 102 | {{- end -}} 103 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "datadog-operator.fullname" . }} 5 | labels: 6 | {{ include "datadog-operator.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "datadog-operator.name" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "datadog-operator.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | {{- if .Values.podLabels }} 19 | {{ toYaml .Values.podLabels | indent 8 }} 20 | {{- end }} 21 | annotations: 22 | {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} 23 | checksum/api_key: {{ include (print $.Template.BasePath "/secret_api_key.yaml") . | sha256sum }} 24 | {{- end }} 25 | {{- if or .Values.appKey .Values.appKeyExistingSecret }} 26 | checksum/application_key: {{ include (print $.Template.BasePath "/secret_application_key.yaml") . | sha256sum }} 27 | {{- end }} 28 | {{- if .Values.collectOperatorMetrics }} 29 | ad.datadoghq.com/{{ .Chart.Name }}.check_names: '["openmetrics"]' 30 | ad.datadoghq.com/{{ .Chart.Name }}.init_configs: '[{}]' 31 | ad.datadoghq.com/{{ .Chart.Name }}.instances: | 32 | [{ 33 | "prometheus_url": "http://%%host%%:{{ .Values.metricsPort }}/metrics", 34 | "namespace": "datadog.operator", 35 | "metrics": ["*"] 36 | }] 37 | {{- end }} 38 | {{- if .Values.podAnnotations }} 39 | {{ toYaml .Values.podAnnotations | indent 8 }} 40 | {{- end }} 41 | spec: 42 | {{- with .Values.imagePullSecrets }} 43 | imagePullSecrets: 44 | {{- toYaml . | nindent 8 }} 45 | {{- end }} 46 | serviceAccountName: {{ include "datadog-operator.serviceAccountName" . }} 47 | containers: 48 | - name: {{ .Chart.Name }} 49 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 50 | imagePullPolicy: {{ .Values.image.pullPolicy }} 51 | env: 52 | - name: WATCH_NAMESPACE 53 | valueFrom: 54 | fieldRef: 55 | fieldPath: metadata.namespace 56 | - name: POD_NAME 57 | valueFrom: 58 | fieldRef: 59 | fieldPath: metadata.name 60 | {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} 61 | - name: DD_API_KEY 62 | valueFrom: 63 | secretKeyRef: 64 | name: {{ template "datadog-operator.apiKeySecretName" . }} 65 | key: api-key 66 | {{- end }} 67 | {{- if or .Values.appKey .Values.appKeyExistingSecret }} 68 | - name: DD_APP_KEY 69 | valueFrom: 70 | secretKeyRef: 71 | name: {{ template "datadog-operator.appKeySecretName" . }} 72 | key: app-key 73 | {{- end }} 74 | {{- if .Values.dd_url }} 75 | - name: DD_URL 76 | value: {{ .Values.dd_url }} 77 | {{- end }} 78 | args: 79 | - "-supportExtendedDaemonset={{ .Values.supportExtendedDaemonset }}" 80 | - "-logEncoder=json" 81 | - "-metrics-addr=:{{ .Values.metricsPort }}" 82 | - "-loglevel={{ .Values.logLevel }}" 83 | {{- if .Values.secretBackend.command }} 84 | - "-secretBackendCommand={{ .Values.secretBackend.command }}" 85 | {{- end }} 86 | {{- if .Values.secretBackend.arguments }} 87 | - "-secretBackendArgs={{ .Values.secretBackend.arguments }}" 88 | {{- end }} 89 | - "-datadogMonitorEnabled={{ .Values.datadogMonitor.enabled }}" 90 | ports: 91 | - name: metrics 92 | containerPort: {{ .Values.metricsPort }} 93 | protocol: TCP 94 | livenessProbe: 95 | httpGet: 96 | path: /healthz/ 97 | port: 8081 98 | periodSeconds: 10 99 | resources: 100 | {{- toYaml .Values.resources | nindent 12 }} 101 | {{- with .Values.nodeSelector }} 102 | nodeSelector: 103 | {{- toYaml . | nindent 8 }} 104 | {{- end }} 105 | {{- with .Values.affinity }} 106 | affinity: 107 | {{- toYaml . | nindent 8 }} 108 | {{- end }} 109 | {{- with .Values.tolerations }} 110 | tolerations: 111 | {{- toYaml . | nindent 8 }} 112 | {{- end }} 113 | -------------------------------------------------------------------------------- /charts/datadog/templates/_container-security-agent.yaml: -------------------------------------------------------------------------------- 1 | {{- define "container-security-agent" -}} 2 | - name: security-agent 3 | image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" 4 | imagePullPolicy: {{ .Values.agents.image.pullPolicy }} 5 | securityContext: 6 | capabilities: 7 | add: ["AUDIT_CONTROL", "AUDIT_READ"] 8 | command: ["security-agent", "start", "-c={{ template "datadog.confPath" . }}/datadog.yaml"] 9 | resources: 10 | {{ toYaml .Values.agents.containers.securityAgent.resources | indent 4 }} 11 | {{- if .Values.agents.containers.securityAgent.ports }} 12 | ports: 13 | {{ toYaml .Values.agents.containers.securityAgent.ports | indent 2 }} 14 | {{- end }} 15 | {{- if .Values.datadog.envFrom }} 16 | envFrom: 17 | {{ toYaml .Values.datadog.envFrom | indent 4 }} 18 | {{- end }} 19 | env: 20 | {{- include "containers-common-env" . | nindent 4 }} 21 | - name: DD_LOG_LEVEL 22 | value: {{ .Values.agents.containers.securityAgent.logLevel | default .Values.datadog.logLevel | quote }} 23 | - name: DD_COMPLIANCE_CONFIG_ENABLED 24 | value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} 25 | {{- if .Values.datadog.securityAgent.compliance.enabled }} 26 | - name: DD_COMPLIANCE_CONFIG_CHECK_INTERVAL 27 | value: {{ .Values.datadog.securityAgent.compliance.checkInterval | quote }} 28 | - name: HOST_ROOT 29 | value: /host/root 30 | {{- include "containers-cluster-agent-env" . | nindent 4 }} 31 | {{- end }} 32 | - name: DD_RUNTIME_SECURITY_CONFIG_ENABLED 33 | value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} 34 | {{- if .Values.datadog.securityAgent.runtime.enabled }} 35 | - name: DD_RUNTIME_SECURITY_CONFIG_POLICIES_DIR 36 | value: "/etc/datadog-agent/runtime-security.d" 37 | - name: DD_RUNTIME_SECURITY_CONFIG_SOCKET 38 | value: /var/run/sysprobe/runtime-security.sock 39 | - name: DD_RUNTIME_SECURITY_CONFIG_SYSCALL_MONITOR_ENABLED 40 | value: {{ .Values.datadog.securityAgent.runtime.syscallMonitor.enabled | quote }} 41 | {{- end }} 42 | {{- if eq .Values.targetSystem "linux" }} 43 | - name: DD_DOGSTATSD_SOCKET 44 | value: {{ .Values.datadog.dogstatsd.socketPath | quote }} 45 | {{- end }} 46 | {{- range $value := .Values.agents.containers.securityAgent.env }} 47 | - name: {{ $value.name }} 48 | value: {{ $value.value | quote }} 49 | {{- end }} 50 | volumeMounts: 51 | - name: config 52 | mountPath: {{ template "datadog.confPath" . }} 53 | {{- if eq .Values.targetSystem "linux" }} 54 | - name: logdatadog 55 | mountPath: /var/log/datadog 56 | - name: tmpdir 57 | mountPath: /tmp 58 | readOnly: false 59 | - name: runtimesocketdir 60 | mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} 61 | readOnly: true 62 | - name: dsdsocket 63 | mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} 64 | readOnly: true 65 | {{- end }} 66 | {{- if eq .Values.targetSystem "windows" }} 67 | - name: runtimesocket 68 | mountPath: {{ template "datadog.dockerOrCriSocketPath" . }} 69 | {{- end }} 70 | {{- if .Values.agents.useConfigMap }} 71 | - name: {{ template "datadog.fullname" . }}-datadog-yaml 72 | mountPath: {{ template "datadog.confPath" . }}/datadog.yaml 73 | subPath: datadog.yaml 74 | {{- end }} 75 | {{- if eq .Values.targetSystem "linux" }} 76 | {{- if .Values.datadog.securityAgent.compliance.enabled }} 77 | - name: cgroups 78 | mountPath: /host/sys/fs/cgroup 79 | readOnly: true 80 | - name: passwd 81 | mountPath: /etc/passwd 82 | readOnly: true 83 | - name: group 84 | mountPath: /etc/group 85 | readOnly: true 86 | - name: hostroot 87 | mountPath: /host/root 88 | readOnly: true 89 | {{- if eq .Values.targetSystem "linux" }} 90 | - name: runtimesocketdir 91 | mountPath: {{ print "/host/root" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} 92 | readOnly: true 93 | {{- end }} 94 | - name: procdir 95 | mountPath: /host/proc 96 | readOnly: true 97 | {{- if .Values.datadog.securityAgent.compliance.configMap }} 98 | - name: complianceconfigdir 99 | mountPath: /etc/datadog-agent/compliance.d 100 | readOnly: true 101 | {{- end }} 102 | {{- end }} 103 | {{- if .Values.datadog.securityAgent.runtime.enabled }} 104 | {{- if .Values.datadog.securityAgent.runtime.policies.configMap }} 105 | - name: runtimepoliciesdir 106 | mountPath: /etc/datadog-agent/runtime-security.d 107 | readOnly: true 108 | {{- end }} 109 | - name: sysprobe-socket-dir 110 | mountPath: /var/run/sysprobe 111 | readOnly: true 112 | - name: sysprobe-config 113 | mountPath: /etc/datadog-agent/system-probe.yaml 114 | subPath: system-probe.yaml 115 | {{- end }} 116 | {{- end }} 117 | {{- if .Values.agents.volumeMounts }} 118 | {{ toYaml .Values.agents.volumeMounts | indent 4 }} 119 | {{- end }} 120 | {{- end -}} 121 | -------------------------------------------------------------------------------- /crds/datadoghq.com_datadogmetrics.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | controller-gen.kubebuilder.io/version: v0.4.1 8 | creationTimestamp: null 9 | name: datadogmetrics.datadoghq.com 10 | spec: 11 | group: datadoghq.com 12 | names: 13 | kind: DatadogMetric 14 | listKind: DatadogMetricList 15 | plural: datadogmetrics 16 | singular: datadogmetric 17 | scope: Namespaced 18 | versions: 19 | - additionalPrinterColumns: 20 | - jsonPath: .status.conditions[?(@.type=='Active')].status 21 | name: active 22 | type: string 23 | - jsonPath: .status.conditions[?(@.type=='Valid')].status 24 | name: valid 25 | type: string 26 | - jsonPath: .status.currentValue 27 | name: value 28 | type: string 29 | - jsonPath: .status.autoscalerReferences 30 | name: references 31 | type: string 32 | - jsonPath: .status.conditions[?(@.type=='Updated')].lastUpdateTime 33 | name: update time 34 | type: date 35 | name: v1alpha1 36 | schema: 37 | openAPIV3Schema: 38 | description: DatadogMetric allows autoscaling on arbitrary Datadog query 39 | properties: 40 | apiVersion: 41 | description: 'APIVersion defines the versioned schema of this representation 42 | of an object. Servers should convert recognized schemas to the latest 43 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 44 | type: string 45 | kind: 46 | description: 'Kind is a string value representing the REST resource this 47 | object represents. Servers may infer this from the endpoint the client 48 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 49 | type: string 50 | metadata: 51 | type: object 52 | spec: 53 | description: DatadogMetricSpec defines the desired state of DatadogMetric 54 | properties: 55 | externalMetricName: 56 | description: ExternalMetricName is reversed for internal use 57 | type: string 58 | maxAge: 59 | description: MaxAge provides the max age for the metric query (overrides 60 | the default setting `external_metrics_provider.max_age`) 61 | type: string 62 | query: 63 | description: Query is the raw datadog query 64 | type: string 65 | type: object 66 | status: 67 | description: DatadogMetricStatus defines the observed state of DatadogMetric 68 | properties: 69 | autoscalerReferences: 70 | description: List of autoscalers currently using this DatadogMetric 71 | type: string 72 | conditions: 73 | description: Conditions Represents the latest available observations 74 | of a DatadogMetric's current state. 75 | items: 76 | description: DatadogMetricCondition describes the state of a DatadogMetric 77 | at a certain point. 78 | properties: 79 | lastTransitionTime: 80 | description: Last time the condition transitioned from one status 81 | to another. 82 | format: date-time 83 | type: string 84 | lastUpdateTime: 85 | description: Last time the condition was updated. 86 | format: date-time 87 | type: string 88 | message: 89 | description: A human readable message indicating details about 90 | the transition. 91 | type: string 92 | reason: 93 | description: The reason for the condition's last transition. 94 | type: string 95 | status: 96 | description: Status of the condition, one of True, False, Unknown. 97 | type: string 98 | type: 99 | description: Type of DatadogMetric condition. 100 | type: string 101 | required: 102 | - status 103 | - type 104 | type: object 105 | type: array 106 | x-kubernetes-list-map-keys: 107 | - type 108 | x-kubernetes-list-type: map 109 | currentValue: 110 | description: Value is the latest value of the metric 111 | type: string 112 | required: 113 | - currentValue 114 | type: object 115 | type: object 116 | served: true 117 | storage: true 118 | subresources: 119 | status: {} 120 | status: 121 | acceptedNames: 122 | kind: "" 123 | plural: "" 124 | conditions: [] 125 | storedVersions: [] 126 | -------------------------------------------------------------------------------- /charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.crds.datadogMetrics (not (.Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition")) }} 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.4.1 7 | creationTimestamp: null 8 | name: datadogmetrics.datadoghq.com 9 | labels: 10 | helm.sh/chart: '{{ include "datadog-crds.chart" . }}' 11 | app.kubernetes.io/managed-by: '{{ .Release.Service }}' 12 | app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' 13 | app.kubernetes.io/instance: '{{ .Release.Name }}' 14 | spec: 15 | additionalPrinterColumns: 16 | - JSONPath: .status.conditions[?(@.type=='Active')].status 17 | name: active 18 | type: string 19 | - JSONPath: .status.conditions[?(@.type=='Valid')].status 20 | name: valid 21 | type: string 22 | - JSONPath: .status.currentValue 23 | name: value 24 | type: string 25 | - JSONPath: .status.autoscalerReferences 26 | name: references 27 | type: string 28 | - JSONPath: .status.conditions[?(@.type=='Updated')].lastUpdateTime 29 | name: update time 30 | type: date 31 | group: datadoghq.com 32 | names: 33 | kind: DatadogMetric 34 | listKind: DatadogMetricList 35 | plural: datadogmetrics 36 | singular: datadogmetric 37 | scope: Namespaced 38 | subresources: 39 | status: {} 40 | validation: 41 | openAPIV3Schema: 42 | description: DatadogMetric allows autoscaling on arbitrary Datadog query 43 | properties: 44 | apiVersion: 45 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 46 | type: string 47 | kind: 48 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 49 | type: string 50 | metadata: 51 | type: object 52 | spec: 53 | description: DatadogMetricSpec defines the desired state of DatadogMetric 54 | properties: 55 | externalMetricName: 56 | description: ExternalMetricName is reversed for internal use 57 | type: string 58 | maxAge: 59 | description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) 60 | type: string 61 | query: 62 | description: Query is the raw datadog query 63 | type: string 64 | type: object 65 | status: 66 | description: DatadogMetricStatus defines the observed state of DatadogMetric 67 | properties: 68 | autoscalerReferences: 69 | description: List of autoscalers currently using this DatadogMetric 70 | type: string 71 | conditions: 72 | description: Conditions Represents the latest available observations of a DatadogMetric's current state. 73 | items: 74 | description: DatadogMetricCondition describes the state of a DatadogMetric at a certain point. 75 | properties: 76 | lastTransitionTime: 77 | description: Last time the condition transitioned from one status to another. 78 | format: date-time 79 | type: string 80 | lastUpdateTime: 81 | description: Last time the condition was updated. 82 | format: date-time 83 | type: string 84 | message: 85 | description: A human readable message indicating details about the transition. 86 | type: string 87 | reason: 88 | description: The reason for the condition's last transition. 89 | type: string 90 | status: 91 | description: Status of the condition, one of True, False, Unknown. 92 | type: string 93 | type: 94 | description: Type of DatadogMetric condition. 95 | type: string 96 | required: 97 | - status 98 | - type 99 | type: object 100 | type: array 101 | currentValue: 102 | description: Value is the latest value of the metric 103 | type: string 104 | required: 105 | - currentValue 106 | type: object 107 | type: object 108 | version: v1alpha1 109 | versions: 110 | - name: v1alpha1 111 | served: true 112 | storage: true 113 | status: 114 | acceptedNames: 115 | kind: "" 116 | plural: "" 117 | conditions: [] 118 | storedVersions: [] 119 | {{- end }} 120 | -------------------------------------------------------------------------------- /charts/datadog/templates/cluster-agent-cilium-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.clusterAgent.networkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "cilium") -}} 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }}-cluster-agent 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | specs: 10 | - description: "Egress to metadata server" 11 | endpointSelector: 12 | matchLabels: 13 | app: {{ template "datadog.fullname" . }}-cluster-agent 14 | {{- if .Values.clusterAgent.podLabels }} 15 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 16 | {{- end }} 17 | egress: 18 | - toCIDR: 19 | - 169.254.169.254/32 20 | toPorts: 21 | - ports: 22 | - port: "80" 23 | protocol: TCP 24 | - description: "Egress to DNS" 25 | endpointSelector: 26 | matchLabels: 27 | app: {{ template "datadog.fullname" . }}-cluster-agent 28 | {{- if .Values.clusterAgent.podLabels }} 29 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 30 | {{- end }} 31 | egress: 32 | - {{ toYaml .Values.datadog.networkPolicy.cilium.dnsSelector | nindent 8 }} 33 | toPorts: 34 | - ports: 35 | - port: "53" 36 | protocol: ANY 37 | rules: 38 | dns: 39 | - matchPattern: "*" 40 | - description: "Egress to Datadog intake" 41 | endpointSelector: 42 | matchLabels: 43 | app: {{ template "datadog.fullname" . }}-cluster-agent 44 | {{- if .Values.clusterAgent.podLabels }} 45 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 46 | {{- end }} 47 | egress: 48 | - toFQDNs: 49 | {{- if $.Values.datadog.dd_url}} 50 | - matchName: {{ trimPrefix "https://" $.Values.datadog.dd_url }} 51 | {{- end}} 52 | {{- if $.Values.datadog.site}} 53 | - matchPattern: "*-app.agent.{{ $.Values.datadog.site }}" 54 | - matchName: "orchestrator.{{ $.Values.datadog.site }}" 55 | {{- else}} 56 | - matchPattern: "*-app.agent.datadoghq.com" 57 | - matchName: "orchestrator.datadoghq.com" 58 | {{- end}} 59 | toPorts: 60 | - ports: 61 | - port: "443" 62 | protocol: TCP 63 | - description: "Egress to Kube API server" 64 | endpointSelector: 65 | matchLabels: 66 | app: {{ template "datadog.fullname" . }}-cluster-agent 67 | {{- if .Values.clusterAgent.podLabels }} 68 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 69 | {{- end }} 70 | egress: 71 | # toServices works only for endpoints outside of the cluster 72 | # This section handles the case where the control plane is outside 73 | # of the cluster. 74 | - toServices: 75 | - k8sService: 76 | namespace: default 77 | serviceName: kubernetes 78 | # When the control plane is on the same cluster, we must allow connections 79 | # to the node entity. 80 | - toEntities: 81 | - host 82 | - remote-node 83 | toPorts: 84 | - ports: 85 | - port: "443" 86 | protocol: TCP 87 | {{- if $.Values.agents.enabled }} 88 | - description: Ingress from agent 89 | endpointSelector: 90 | matchLabels: 91 | app: {{ template "datadog.fullname" . }}-cluster-agent 92 | {{- if .Values.clusterAgent.podLabels }} 93 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 94 | {{- end }} 95 | ingress: 96 | - 97 | {{- if $.Values.agents.useHostNetwork }} 98 | fromEntities: 99 | - host 100 | - remote-node 101 | {{- else }} 102 | fromEndpoints: 103 | - matchLabels: 104 | app: {{ template "datadog.fullname" . }} 105 | {{- if .Values.agents.podLabels }} 106 | {{ toYaml .Values.agents.podLabels | indent 10 }} 107 | {{- end }} 108 | {{- end }} 109 | toPorts: 110 | - ports: 111 | - port: "5000" 112 | protocol: TCP 113 | - port: "5005" 114 | protocol: TCP 115 | {{- end }} 116 | {{- if $.Values.clusterChecksRunner.enabled }} 117 | - description: "Ingress from cluster workers" 118 | endpointSelector: 119 | matchLabels: 120 | app: {{ template "datadog.fullname" . }}-cluster-agent 121 | {{- if .Values.clusterAgent.podLabels }} 122 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 123 | {{- end }} 124 | ingress: 125 | - fromEndpoints: 126 | - matchLabels: 127 | app: {{ template "datadog.fullname" . }}-clusterchecks 128 | toPorts: 129 | - ports: 130 | - port: "5005" 131 | protocol: TCP 132 | {{- end }} 133 | {{- if .Values.clusterAgent.metricsProvider.enabled }} 134 | - description: "Ingress from API server for external metrics" 135 | endpointSelector: 136 | matchLabels: 137 | app: {{ template "datadog.fullname" . }}-cluster-agent 138 | {{- if .Values.clusterAgent.podLabels }} 139 | {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} 140 | {{- end }} 141 | ingress: 142 | - fromEntities: 143 | - world 144 | toPorts: 145 | - ports: 146 | - port: {{ include "clusterAgent.metricsProvider.port" . | quote }} 147 | protocol: TCP 148 | {{- end }} 149 | {{- end }} 150 | -------------------------------------------------------------------------------- /charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.crds.datadogMetrics (.Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition") }} 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.4.1 7 | creationTimestamp: null 8 | name: datadogmetrics.datadoghq.com 9 | labels: 10 | helm.sh/chart: '{{ include "datadog-crds.chart" . }}' 11 | app.kubernetes.io/managed-by: '{{ .Release.Service }}' 12 | app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' 13 | app.kubernetes.io/instance: '{{ .Release.Name }}' 14 | spec: 15 | group: datadoghq.com 16 | names: 17 | kind: DatadogMetric 18 | listKind: DatadogMetricList 19 | plural: datadogmetrics 20 | singular: datadogmetric 21 | scope: Namespaced 22 | versions: 23 | - additionalPrinterColumns: 24 | - jsonPath: .status.conditions[?(@.type=='Active')].status 25 | name: active 26 | type: string 27 | - jsonPath: .status.conditions[?(@.type=='Valid')].status 28 | name: valid 29 | type: string 30 | - jsonPath: .status.currentValue 31 | name: value 32 | type: string 33 | - jsonPath: .status.autoscalerReferences 34 | name: references 35 | type: string 36 | - jsonPath: .status.conditions[?(@.type=='Updated')].lastUpdateTime 37 | name: update time 38 | type: date 39 | name: v1alpha1 40 | schema: 41 | openAPIV3Schema: 42 | description: DatadogMetric allows autoscaling on arbitrary Datadog query 43 | properties: 44 | apiVersion: 45 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 46 | type: string 47 | kind: 48 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 49 | type: string 50 | metadata: 51 | type: object 52 | spec: 53 | description: DatadogMetricSpec defines the desired state of DatadogMetric 54 | properties: 55 | externalMetricName: 56 | description: ExternalMetricName is reversed for internal use 57 | type: string 58 | maxAge: 59 | description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) 60 | type: string 61 | query: 62 | description: Query is the raw datadog query 63 | type: string 64 | type: object 65 | status: 66 | description: DatadogMetricStatus defines the observed state of DatadogMetric 67 | properties: 68 | autoscalerReferences: 69 | description: List of autoscalers currently using this DatadogMetric 70 | type: string 71 | conditions: 72 | description: Conditions Represents the latest available observations of a DatadogMetric's current state. 73 | items: 74 | description: DatadogMetricCondition describes the state of a DatadogMetric at a certain point. 75 | properties: 76 | lastTransitionTime: 77 | description: Last time the condition transitioned from one status to another. 78 | format: date-time 79 | type: string 80 | lastUpdateTime: 81 | description: Last time the condition was updated. 82 | format: date-time 83 | type: string 84 | message: 85 | description: A human readable message indicating details about the transition. 86 | type: string 87 | reason: 88 | description: The reason for the condition's last transition. 89 | type: string 90 | status: 91 | description: Status of the condition, one of True, False, Unknown. 92 | type: string 93 | type: 94 | description: Type of DatadogMetric condition. 95 | type: string 96 | required: 97 | - status 98 | - type 99 | type: object 100 | type: array 101 | x-kubernetes-list-map-keys: 102 | - type 103 | x-kubernetes-list-type: map 104 | currentValue: 105 | description: Value is the latest value of the metric 106 | type: string 107 | required: 108 | - currentValue 109 | type: object 110 | type: object 111 | served: true 112 | storage: true 113 | subresources: 114 | status: {} 115 | status: 116 | acceptedNames: 117 | kind: "" 118 | plural: "" 119 | conditions: [] 120 | storedVersions: [] 121 | {{- end }} 122 | -------------------------------------------------------------------------------- /charts/datadog/templates/agent-cilium-network-policy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or $.Values.datadog.networkPolicy.create $.Values.agents.networkPolicy.create) (eq $.Values.datadog.networkPolicy.flavor "cilium") -}} 2 | apiVersion: "cilium.io/v2" 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: {{ template "datadog.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "datadog.labels" . | indent 4 }} 9 | specs: 10 | - description: "Egress ECS agent port 51678" 11 | endpointSelector: 12 | matchLabels: 13 | app: {{ template "datadog.fullname" . }} 14 | {{- if .Values.agents.podLabels }} 15 | {{ toYaml .Values.agents.podLabels | indent 8 }} 16 | {{- end }} 17 | egress: 18 | - toCIDR: 19 | - 169.254.0.0/16 20 | toPorts: 21 | - ports: 22 | - port: "51678" 23 | protocol: TCP 24 | - description: "Egress to ntp" 25 | endpointSelector: 26 | matchLabels: 27 | app: {{ template "datadog.fullname" . }} 28 | {{- if .Values.agents.podLabels }} 29 | {{ toYaml .Values.agents.podLabels | indent 8 }} 30 | {{- end }} 31 | egress: 32 | - toFQDNs: 33 | - matchPattern: "*.datadog.pool.ntp.org" 34 | toPorts: 35 | - ports: 36 | - port: "123" 37 | protocol: UDP 38 | - description: "Egress to metadata server" 39 | endpointSelector: 40 | matchLabels: 41 | app: {{ template "datadog.fullname" . }} 42 | {{- if .Values.agents.podLabels }} 43 | {{ toYaml .Values.agents.podLabels | indent 8 }} 44 | {{- end }} 45 | egress: 46 | - toCIDR: 47 | - 169.254.169.254/32 48 | toPorts: 49 | - ports: 50 | - port: "80" 51 | protocol: TCP 52 | - description: "Egress to DNS" 53 | endpointSelector: 54 | matchLabels: 55 | app: {{ template "datadog.fullname" . }} 56 | {{- if .Values.agents.podLabels }} 57 | {{ toYaml .Values.agents.podLabels | indent 8 }} 58 | {{- end }} 59 | egress: 60 | - {{ toYaml .Values.datadog.networkPolicy.cilium.dnsSelector | nindent 8 }} 61 | toPorts: 62 | - ports: 63 | - port: "53" 64 | protocol: ANY 65 | rules: 66 | dns: 67 | - matchPattern: "*" 68 | - description: "Egress to Datadog intake" 69 | endpointSelector: 70 | matchLabels: 71 | app: {{ template "datadog.fullname" . }} 72 | {{- if .Values.agents.podLabels }} 73 | {{ toYaml .Values.agents.podLabels | indent 8 }} 74 | {{- end }} 75 | egress: 76 | - toFQDNs: 77 | {{- if $.Values.datadog.dd_url}} 78 | - matchName: {{ trimPrefix "https://" $.Values.datadog.dd_url }} 79 | {{- end}} 80 | {{- if $.Values.datadog.site}} 81 | - matchPattern: "*-app.agent.{{ $.Values.datadog.site }}" 82 | - matchName: "agent-intake.logs.{{ $.Values.datadog.site }}" 83 | - matchName: "process.{{ $.Values.datadog.site }}" 84 | - matchName: "orchestrator.{{ $.Values.datadog.site }}" 85 | {{- else}} 86 | - matchPattern: "*-app.agent.datadoghq.com" 87 | - matchName: "agent-intake.logs.datadoghq.com" 88 | - matchName: "process.datadoghq.com" 89 | - matchName: "orchestrator.datadoghq.com" 90 | {{- end}} 91 | toPorts: 92 | - ports: 93 | - port: "443" 94 | protocol: TCP 95 | - port: "10516" 96 | protocol: TCP 97 | - description: "Egress to Kubelet" 98 | endpointSelector: 99 | matchLabels: 100 | app: {{ template "datadog.fullname" . }} 101 | {{- if .Values.agents.podLabels }} 102 | {{ toYaml .Values.agents.podLabels | indent 8 }} 103 | {{- end }} 104 | egress: 105 | - toEntities: 106 | - host 107 | toPorts: 108 | - ports: 109 | - port: "10250" 110 | protocol: TCP 111 | {{- if $.Values.datadog.dogstatsd.port }} 112 | - description: "Ingress for dogstatsd" 113 | endpointSelector: 114 | matchLabels: 115 | app: {{ template "datadog.fullname" . }} 116 | {{- if .Values.agents.podLabels }} 117 | {{ toYaml .Values.agents.podLabels | indent 8 }} 118 | {{- end }} 119 | ingress: 120 | - fromEndpoints: 121 | - {} 122 | toPorts: 123 | - ports: 124 | - port: "{{ $.Values.datadog.dogstatsd.port }}" 125 | protocol: UDP 126 | {{- end }} 127 | {{- if $.Values.datadog.apm.enabled }} 128 | - description: "Ingress for APM trace" 129 | endpointSelector: 130 | matchLabels: 131 | app: {{ template "datadog.fullname" . }} 132 | {{- if .Values.agents.podLabels }} 133 | {{ toYaml .Values.agents.podLabels | indent 8 }} 134 | {{- end }} 135 | ingress: 136 | - fromEndpoints: 137 | - {} 138 | toPorts: 139 | - ports: 140 | - port: {{ $.Values.datadog.apm.port }} 141 | protocol: TCP 142 | {{- end }} 143 | # The agents are susceptible to connect to any pod 144 | # that would be annotated with auto-discovery annotations. 145 | # 146 | # When a user wants to add a check on one of its pod, he needs to 147 | # * annotate its pod 148 | # * add an ingress policy from the agent on its own pod 149 | # In order to not ask end-users to inject NetworkPolicy on the agent in 150 | # the agent namespace, the agent must be allowed to probe any pod. 151 | - description: "Egress to anything for checks" 152 | endpointSelector: 153 | matchLabels: 154 | app: {{ template "datadog.fullname" . }} 155 | {{- if .Values.agents.podLabels }} 156 | {{ toYaml .Values.agents.podLabels | indent 8 }} 157 | {{- end }} 158 | egress: 159 | - toEndpoints: 160 | - matchExpressions: 161 | - key: k8s:io.kubernetes.pod.namespace 162 | operator: Exists 163 | {{- end }} 164 | -------------------------------------------------------------------------------- /charts/datadog/templates/_containers-common-env.yaml: -------------------------------------------------------------------------------- 1 | # The purpose of this template is to define a minimal set of environment 2 | # variables required to operate dedicated containers in the daemonset 3 | {{- define "containers-common-env" -}} 4 | # Needs to be removed when Agent N-2 is built with Golang 1.17 5 | - name: GODEBUG 6 | value: x509ignoreCN=0 7 | - name: DD_API_KEY 8 | valueFrom: 9 | secretKeyRef: 10 | name: {{ template "datadog.apiSecretName" . }} 11 | key: api-key 12 | {{- if .Values.datadog.kubelet.host }} 13 | - name: DD_KUBERNETES_KUBELET_HOST 14 | {{ toYaml .Values.datadog.kubelet.host | indent 2 }} 15 | {{- end }} 16 | {{- if .Values.datadog.kubelet.tlsVerify | quote }} 17 | - name: DD_KUBELET_TLS_VERIFY 18 | value: {{ .Values.datadog.kubelet.tlsVerify | quote }} 19 | {{- end }} 20 | {{- if ne (include "datadog.kubelet.mountPath" .) "" }} 21 | - name: DD_KUBELET_CLIENT_CA 22 | value: {{ include "datadog.kubelet.mountPath" . }} 23 | {{- end }} 24 | {{- if .Values.providers.gke.autopilot }} 25 | - name: DD_KUBERNETES_HTTPS_KUBELET_PORT 26 | value: "0" 27 | {{- end }} 28 | {{- if .Values.datadog.clusterName }} 29 | {{- template "check-cluster-name" . }} 30 | - name: DD_CLUSTER_NAME 31 | value: {{ .Values.datadog.clusterName | quote }} 32 | {{- end }} 33 | {{- if .Values.datadog.tags }} 34 | - name: DD_TAGS 35 | value: {{ tpl (.Values.datadog.tags | join " " | quote) . }} 36 | {{- end }} 37 | {{- if .Values.datadog.nodeLabelsAsTags }} 38 | - name: DD_KUBERNETES_NODE_LABELS_AS_TAGS 39 | value: '{{ toJson .Values.datadog.nodeLabelsAsTags }}' 40 | {{- end }} 41 | {{- if .Values.datadog.podLabelsAsTags }} 42 | - name: DD_KUBERNETES_POD_LABELS_AS_TAGS 43 | value: '{{ toJson .Values.datadog.podLabelsAsTags }}' 44 | {{- end }} 45 | {{- if .Values.datadog.podAnnotationsAsTags }} 46 | - name: DD_KUBERNETES_POD_ANNOTATIONS_AS_TAGS 47 | value: '{{ toJson .Values.datadog.podAnnotationsAsTags }}' 48 | {{- end }} 49 | - name: KUBERNETES 50 | value: "yes" 51 | {{- if .Values.datadog.site }} 52 | - name: DD_SITE 53 | value: {{ .Values.datadog.site | quote }} 54 | {{- end }} 55 | {{- if .Values.datadog.dd_url }} 56 | - name: DD_DD_URL 57 | value: {{ .Values.datadog.dd_url | quote }} 58 | {{- end }} 59 | {{- if .Values.datadog.env }} 60 | {{ toYaml .Values.datadog.env }} 61 | {{- end }} 62 | {{- if .Values.datadog.acInclude }} 63 | - name: DD_AC_INCLUDE 64 | value: {{ .Values.datadog.acInclude | quote }} 65 | {{- end }} 66 | {{- if .Values.datadog.acExclude }} 67 | - name: DD_AC_EXCLUDE 68 | value: {{ .Values.datadog.acExclude | quote }} 69 | {{- end }} 70 | {{- if .Values.datadog.containerInclude }} 71 | - name: DD_CONTAINER_INCLUDE 72 | value: {{ .Values.datadog.containerInclude | quote }} 73 | {{- end }} 74 | {{- if .Values.datadog.containerExclude }} 75 | - name: DD_CONTAINER_EXCLUDE 76 | value: {{ .Values.datadog.containerExclude | quote }} 77 | {{- end }} 78 | {{- if .Values.datadog.containerIncludeMetrics }} 79 | - name: DD_CONTAINER_INCLUDE_METRICS 80 | value: {{ .Values.datadog.containerIncludeMetrics | quote }} 81 | {{- end }} 82 | {{- if .Values.datadog.containerExcludeMetrics }} 83 | - name: DD_CONTAINER_EXCLUDE_METRICS 84 | value: {{ .Values.datadog.containerExcludeMetrics | quote }} 85 | {{- end }} 86 | {{- if .Values.datadog.containerIncludeLogs }} 87 | - name: DD_CONTAINER_INCLUDE_LOGS 88 | value: {{ .Values.datadog.containerIncludeLogs | quote }} 89 | {{- end }} 90 | {{- if .Values.datadog.containerExcludeLogs }} 91 | - name: DD_CONTAINER_EXCLUDE_LOGS 92 | value: {{ .Values.datadog.containerExcludeLogs | quote }} 93 | {{- end }} 94 | {{- if not .Values.datadog.excludePauseContainer }} 95 | - name: DD_EXCLUDE_PAUSE_CONTAINER 96 | value: "false" 97 | {{- end }} 98 | {{- if eq (include "agent-has-env-ad" .) "true" }} 99 | {{- if .Values.datadog.dockerSocketPath }} 100 | - name: DOCKER_HOST 101 | {{- if eq .Values.targetSystem "linux" }} 102 | value: unix://{{ print "/host/" .Values.datadog.dockerSocketPath | clean }} 103 | {{- end }} 104 | {{- if eq .Values.targetSystem "windows" }} 105 | value: npipe://{{ .Values.datadog.dockerSocketPath | replace "\\" "/" }} 106 | {{- end }} 107 | {{- end }} 108 | {{- if .Values.datadog.criSocketPath }} 109 | - name: DD_CRI_SOCKET_PATH 110 | {{- if eq .Values.targetSystem "linux" }} 111 | value: {{ print "/host/" .Values.datadog.criSocketPath | clean }} 112 | {{- end }} 113 | {{- if eq .Values.targetSystem "windows" }} 114 | value: {{ .Values.datadog.criSocketPath }} 115 | {{- end }} 116 | {{- end }} 117 | {{- else }} # No support for env AD 118 | {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} 119 | - name: DD_CRI_SOCKET_PATH 120 | value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} 121 | {{- else }} 122 | - name: DOCKER_HOST 123 | {{- if eq .Values.targetSystem "linux" }} 124 | value: unix://{{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} 125 | {{- end }} 126 | {{- if eq .Values.targetSystem "windows" }} 127 | value: npipe://{{ (include "datadog.dockerOrCriSocketPath" .) | replace "\\" "/" }} 128 | {{- end }} 129 | {{- end }} 130 | {{- end }} 131 | {{ include "provider-env" . }} 132 | {{- end -}} 133 | 134 | 135 | {{/* 136 | Return a list of env-vars if the cluster-agent is enabled 137 | */}} 138 | {{- define "containers-cluster-agent-env" -}} 139 | - name: DD_CLUSTER_AGENT_ENABLED 140 | value: {{ (include "cluster-agent-enabled" .) | quote }} 141 | {{- if eq (include "should-deploy-cluster-agent" .) "true" }} 142 | - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME 143 | value: {{ template "datadog.fullname" . }}-cluster-agent 144 | - name: DD_CLUSTER_AGENT_AUTH_TOKEN 145 | valueFrom: 146 | secretKeyRef: 147 | name: {{ template "clusterAgent.tokenSecretName" . }} 148 | key: token 149 | {{- else if eq (include "existingClusterAgent-configured" .) "true" }} 150 | - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME 151 | value: {{ .Values.existingClusterAgent.serviceName | quote }} 152 | - name: DD_CLUSTER_AGENT_AUTH_TOKEN 153 | valueFrom: 154 | secretKeyRef: 155 | name: {{ .Values.existingClusterAgent.tokenSecretName | quote }} 156 | key: token 157 | {{- end }} 158 | {{ include "provider-env" . }} 159 | {{- end -}} 160 | -------------------------------------------------------------------------------- /charts/datadog-operator/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ include "datadog-operator.fullname" . }} 6 | labels: 7 | {{ include "datadog-operator.labels" . | indent 4 }} 8 | rules: 9 | - nonResourceURLs: 10 | - /metrics 11 | verbs: 12 | - get 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - nodes/metrics 17 | - nodes/proxy 18 | - nodes/spec 19 | - nodes/stats 20 | verbs: 21 | - get 22 | - apiGroups: 23 | - "coordination.k8s.io" 24 | resources: 25 | - leases 26 | verbs: 27 | - '*' 28 | - apiGroups: 29 | - "" 30 | resources: 31 | - namespaces 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | - apiGroups: 37 | - security.openshift.io 38 | resourceNames: 39 | - restricted 40 | resources: 41 | - securitycontextconstraints 42 | verbs: 43 | - use 44 | - apiGroups: 45 | - "" 46 | resources: 47 | - componentstatuses 48 | verbs: 49 | - get 50 | - list 51 | - watch 52 | - apiGroups: 53 | - "" 54 | resources: 55 | - configmaps 56 | verbs: 57 | - '*' 58 | - apiGroups: 59 | - "" 60 | resources: 61 | - endpoints 62 | verbs: 63 | - '*' 64 | - apiGroups: 65 | - "" 66 | resources: 67 | - events 68 | verbs: 69 | - '*' 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - nodes 74 | verbs: 75 | - get 76 | - list 77 | - watch 78 | - apiGroups: 79 | - "" 80 | resources: 81 | - nodes/metrics 82 | verbs: 83 | - get 84 | - apiGroups: 85 | - "" 86 | resources: 87 | - nodes/proxy 88 | verbs: 89 | - get 90 | - apiGroups: 91 | - "" 92 | resources: 93 | - nodes/spec 94 | verbs: 95 | - get 96 | - apiGroups: 97 | - "" 98 | resources: 99 | - nodes/stats 100 | verbs: 101 | - get 102 | - apiGroups: 103 | - "" 104 | resources: 105 | - pods 106 | verbs: 107 | - '*' 108 | - apiGroups: 109 | - "" 110 | resources: 111 | - secrets 112 | verbs: 113 | - '*' 114 | - apiGroups: 115 | - "" 116 | resources: 117 | - serviceaccounts 118 | verbs: 119 | - '*' 120 | - apiGroups: 121 | - "" 122 | resources: 123 | - services 124 | verbs: 125 | - '*' 126 | - apiGroups: 127 | - admissionregistration.k8s.io 128 | resources: 129 | - mutatingwebhookconfigurations 130 | verbs: 131 | - '*' 132 | - apiGroups: 133 | - apiregistration.k8s.io 134 | resources: 135 | - apiservices 136 | verbs: 137 | - '*' 138 | - apiGroups: 139 | - apps 140 | resources: 141 | - daemonsets 142 | verbs: 143 | - '*' 144 | - apiGroups: 145 | - apps 146 | resources: 147 | - deployments 148 | verbs: 149 | - '*' 150 | - apiGroups: 151 | - apps 152 | resources: 153 | - replicasets 154 | verbs: 155 | - get 156 | - watch 157 | - list 158 | - apiGroups: 159 | - apps 160 | resources: 161 | - statefulsets 162 | verbs: 163 | - get 164 | - watch 165 | - list 166 | - apiGroups: 167 | - authorization.k8s.io 168 | resources: 169 | - clusterrolebindings 170 | verbs: 171 | - '*' 172 | - apiGroups: 173 | - authorization.k8s.io 174 | resources: 175 | - clusterroles 176 | verbs: 177 | - '*' 178 | - apiGroups: 179 | - authorization.k8s.io 180 | resources: 181 | - rolebindings 182 | verbs: 183 | - '*' 184 | - apiGroups: 185 | - authorization.k8s.io 186 | resources: 187 | - roles 188 | verbs: 189 | - '*' 190 | - apiGroups: 191 | - authorization.k8s.io 192 | resources: 193 | - subjectaccessreviews 194 | - selfsubjectaccessreviews 195 | - selfsubjectrulesreviews 196 | verbs: 197 | - create 198 | - apiGroups: 199 | - batch 200 | resources: 201 | - cronjobs 202 | verbs: 203 | - get 204 | - list 205 | - watch 206 | - apiGroups: 207 | - batch 208 | resources: 209 | - jobs 210 | verbs: 211 | - get 212 | - list 213 | - watch 214 | - apiGroups: 215 | - datadoghq.com 216 | resources: 217 | - datadogagents 218 | verbs: 219 | - create 220 | - delete 221 | - get 222 | - list 223 | - patch 224 | - update 225 | - watch 226 | - apiGroups: 227 | - datadoghq.com 228 | resources: 229 | - datadogagents/finalizers 230 | verbs: 231 | - create 232 | - delete 233 | - get 234 | - list 235 | - patch 236 | - update 237 | - watch 238 | - apiGroups: 239 | - datadoghq.com 240 | resources: 241 | - datadogagents/status 242 | verbs: 243 | - get 244 | - patch 245 | - update 246 | - apiGroups: 247 | - datadoghq.com 248 | resources: 249 | - extendeddaemonsets 250 | verbs: 251 | - '*' 252 | - apiGroups: 253 | - datadoghq.com 254 | resources: 255 | - watermarkpodautoscalers 256 | verbs: 257 | - get 258 | - list 259 | - watch 260 | - apiGroups: 261 | - networking.k8s.io 262 | resources: 263 | - networkpolicies 264 | verbs: 265 | - '*' 266 | - apiGroups: 267 | - policy 268 | resources: 269 | - poddisruptionbudgets 270 | verbs: 271 | - '*' 272 | - apiGroups: 273 | - policy 274 | resources: 275 | - podsecuritypolicies 276 | verbs: 277 | - get 278 | - list 279 | - watch 280 | - apiGroups: 281 | - quota.openshift.io 282 | resources: 283 | - clusterresourcequotas 284 | verbs: 285 | - get 286 | - list 287 | - apiGroups: 288 | - rbac.authorization.k8s.io 289 | resources: 290 | - clusterrolebindings 291 | verbs: 292 | - '*' 293 | - apiGroups: 294 | - rbac.authorization.k8s.io 295 | resources: 296 | - clusterroles 297 | verbs: 298 | - '*' 299 | - apiGroups: 300 | - rbac.authorization.k8s.io 301 | resources: 302 | - rolebindings 303 | verbs: 304 | - '*' 305 | - apiGroups: 306 | - rbac.authorization.k8s.io 307 | resources: 308 | - roles 309 | verbs: 310 | - '*' 311 | - apiGroups: 312 | - roles.rbac.authorization.k8s.io 313 | resources: 314 | - clusterrolebindings 315 | verbs: 316 | - '*' 317 | - apiGroups: 318 | - roles.rbac.authorization.k8s.io 319 | resources: 320 | - clusterroles 321 | verbs: 322 | - '*' 323 | - apiGroups: 324 | - roles.rbac.authorization.k8s.io 325 | resources: 326 | - rolebindings 327 | verbs: 328 | - '*' 329 | - apiGroups: 330 | - roles.rbac.authorization.k8s.io 331 | resources: 332 | - roles 333 | verbs: 334 | - '*' 335 | - apiGroups: 336 | - datadoghq.com 337 | resources: 338 | - datadogmetrics 339 | - datadogmonitors 340 | verbs: 341 | - list 342 | - get 343 | - watch 344 | - create 345 | - delete 346 | - update 347 | - apiGroups: 348 | - datadoghq.com 349 | resources: 350 | - datadogmetrics/status 351 | - datadogmonitors/status 352 | verbs: 353 | - update 354 | {{- end -}} 355 | -------------------------------------------------------------------------------- /charts/datadog/templates/system-probe-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.datadog.networkMonitoring.enabled }} 2 | {{- if not .Values.agents.image.doNotCheckTag -}} 3 | {{- $version := (.Values.agents.image.tag | toString | trimSuffix "-jmx") }} 4 | {{- $length := len (split "." $version ) -}} 5 | {{- if (gt $length 1) }} 6 | {{- if not (semverCompare "^6.24.1-0 || ^7.24.1-0" $version) -}} 7 | {{- fail "datadog.networkMonitoring.enabled requires agent >= 7.24.1" }} 8 | {{- end }} 9 | {{- end }} 10 | {{- end }} 11 | {{- end }} 12 | 13 | 14 | {{- if eq (include "should-enable-system-probe" .) "true" }} 15 | apiVersion: v1 16 | kind: ConfigMap 17 | metadata: 18 | name: {{ template "datadog.fullname" . }}-system-probe-config 19 | namespace: {{ $.Release.Namespace }} 20 | labels: 21 | {{ include "datadog.labels" . | indent 4 }} 22 | data: 23 | system-probe.yaml: | 24 | system_probe_config: 25 | enabled: true 26 | debug_port: {{ $.Values.datadog.systemProbe.debugPort }} 27 | sysprobe_socket: /var/run/sysprobe/sysprobe.sock 28 | enable_conntrack: {{ $.Values.datadog.systemProbe.enableConntrack }} 29 | bpf_debug: {{ $.Values.datadog.systemProbe.bpfDebug }} 30 | enable_tcp_queue_length: {{ $.Values.datadog.systemProbe.enableTCPQueueLength }} 31 | enable_oom_kill: {{ $.Values.datadog.systemProbe.enableOOMKill }} 32 | collect_dns_stats: {{ $.Values.datadog.systemProbe.collectDNSStats }} 33 | max_tracked_connections: {{ $.Values.datadog.systemProbe.maxTrackedConnections }} 34 | conntrack_max_state_size: {{ $.Values.datadog.systemProbe.conntrackMaxStateSize }} 35 | network_config: 36 | enabled: {{ $.Values.datadog.networkMonitoring.enabled }} 37 | runtime_security_config: 38 | enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} 39 | debug: false 40 | socket: /var/run/sysprobe/runtime-security.sock 41 | policies: 42 | dir: /etc/datadog-agent/runtime-security.d 43 | syscall_monitor: 44 | enabled: {{ $.Values.datadog.securityAgent.runtime.syscallMonitor.enabled }} 45 | 46 | {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} 47 | --- 48 | apiVersion: v1 49 | kind: ConfigMap 50 | metadata: 51 | name: {{ template "datadog.fullname" . }}-security 52 | namespace: {{ $.Release.Namespace }} 53 | labels: 54 | {{ include "datadog.labels" . | indent 4 }} 55 | data: 56 | system-probe-seccomp.json: | 57 | { 58 | "defaultAction": "SCMP_ACT_ERRNO", 59 | "syscalls": [ 60 | { 61 | "names": [ 62 | "accept4", 63 | "access", 64 | "arch_prctl", 65 | "bind", 66 | "bpf", 67 | "brk", 68 | "capget", 69 | "capset", 70 | "chdir", 71 | "clock_gettime", 72 | "clone", 73 | "close", 74 | "connect", 75 | "copy_file_range", 76 | "creat", 77 | "dup", 78 | "dup2", 79 | "dup3", 80 | "epoll_create", 81 | "epoll_create1", 82 | "epoll_ctl", 83 | "epoll_ctl_old", 84 | "epoll_pwait", 85 | "epoll_wait", 86 | "epoll_wait", 87 | "epoll_wait_old", 88 | "eventfd", 89 | "eventfd2", 90 | "execve", 91 | "execveat", 92 | "exit", 93 | "exit_group", 94 | "fchmod", 95 | "fchmodat", 96 | "fchown", 97 | "fchown32", 98 | "fchownat", 99 | "fcntl", 100 | "fcntl64", 101 | "fstat", 102 | "fstat64", 103 | "fstatfs", 104 | "fsync", 105 | "futex", 106 | "getcwd", 107 | "getdents", 108 | "getdents64", 109 | "getegid", 110 | "geteuid", 111 | "getgid", 112 | "getpeername", 113 | "getpid", 114 | "getppid", 115 | "getpriority", 116 | "getrandom", 117 | "getresgid", 118 | "getresgid32", 119 | "getresuid", 120 | "getresuid32", 121 | "getrlimit", 122 | "getrusage", 123 | "getsid", 124 | "getsockname", 125 | "getsockopt", 126 | "gettid", 127 | "gettimeofday", 128 | "getuid", 129 | "getxattr", 130 | "ioctl", 131 | "ipc", 132 | "listen", 133 | "lseek", 134 | "lstat", 135 | "lstat64", 136 | "madvise", 137 | "mkdir", 138 | "mkdirat", 139 | "mmap", 140 | "mmap2", 141 | "mprotect", 142 | "mremap", 143 | "munmap", 144 | "nanosleep", 145 | "newfstatat", 146 | "open", 147 | "openat", 148 | "pause", 149 | "perf_event_open", 150 | "pipe", 151 | "pipe2", 152 | "poll", 153 | "ppoll", 154 | "prctl", 155 | "pread64", 156 | "prlimit64", 157 | "pselect6", 158 | "read", 159 | "readlink", 160 | "readlinkat", 161 | "recvfrom", 162 | "recvmmsg", 163 | "recvmsg", 164 | "rename", 165 | "restart_syscall", 166 | "rmdir", 167 | "rt_sigaction", 168 | "rt_sigpending", 169 | "rt_sigprocmask", 170 | "rt_sigqueueinfo", 171 | "rt_sigreturn", 172 | "rt_sigsuspend", 173 | "rt_sigtimedwait", 174 | "rt_tgsigqueueinfo", 175 | "sched_getaffinity", 176 | "sched_yield", 177 | "seccomp", 178 | "select", 179 | "semtimedop", 180 | "send", 181 | "sendmmsg", 182 | "sendmsg", 183 | "sendto", 184 | "set_robust_list", 185 | "set_tid_address", 186 | "setgid", 187 | "setgid32", 188 | "setgroups", 189 | "setgroups32", 190 | "setns", 191 | "setrlimit", 192 | "setsid", 193 | "setsidaccept4", 194 | "setsockopt", 195 | "setuid", 196 | "setuid32", 197 | "sigaltstack", 198 | "socket", 199 | "socketcall", 200 | "socketpair", 201 | "stat", 202 | "stat64", 203 | "statfs", 204 | "sysinfo", 205 | "tgkill", 206 | "umask", 207 | "uname", 208 | "unlink", 209 | "unlinkat", 210 | "wait4", 211 | "waitid", 212 | "waitpid", 213 | "write", 214 | "getgroups", 215 | "getpgrp", 216 | "setpgid" 217 | ], 218 | "action": "SCMP_ACT_ALLOW", 219 | "args": null 220 | }, 221 | { 222 | "names": [ 223 | "setns" 224 | ], 225 | "action": "SCMP_ACT_ALLOW", 226 | "args": [ 227 | { 228 | "index": 1, 229 | "value": 1073741824, 230 | "valueTwo": 0, 231 | "op": "SCMP_CMP_EQ" 232 | } 233 | ], 234 | "comment": "", 235 | "includes": {}, 236 | "excludes": {} 237 | } 238 | ] 239 | } 240 | {{- end }} 241 | {{- end }} 242 | -------------------------------------------------------------------------------- /charts/datadog-crds/templates/datadoghq.com_extendeddaemonsetsettings_v1beta1.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.crds.extendedDaemonSets }} 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | controller-gen.kubebuilder.io/version: v0.3.0 7 | creationTimestamp: null 8 | name: extendeddaemonsetsettings.datadoghq.com 9 | labels: 10 | helm.sh/chart: '{{ include "datadog-crds.chart" . }}' 11 | app.kubernetes.io/managed-by: '{{ .Release.Service }}' 12 | app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' 13 | app.kubernetes.io/instance: '{{ .Release.Name }}' 14 | spec: 15 | additionalPrinterColumns: 16 | - JSONPath: .status.status 17 | name: status 18 | type: string 19 | - JSONPath: .spec.nodeSelector 20 | name: node selector 21 | type: string 22 | - JSONPath: .status.error 23 | name: error 24 | type: string 25 | - JSONPath: .metadata.creationTimestamp 26 | name: age 27 | type: date 28 | group: datadoghq.com 29 | names: 30 | kind: ExtendedDaemonsetSetting 31 | listKind: ExtendedDaemonsetSettingList 32 | plural: extendeddaemonsetsettings 33 | singular: extendeddaemonsetsetting 34 | scope: Namespaced 35 | subresources: 36 | status: {} 37 | validation: 38 | openAPIV3Schema: 39 | description: ExtendedDaemonsetSetting is the Schema for the extendeddaemonsetsettings API. 40 | properties: 41 | apiVersion: 42 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 43 | type: string 44 | kind: 45 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 46 | type: string 47 | metadata: 48 | type: object 49 | spec: 50 | description: ExtendedDaemonsetSettingSpec is the Schema for the extendeddaemonsetsetting API 51 | properties: 52 | containers: 53 | description: Containers contains a list of container spec override. 54 | items: 55 | description: ExtendedDaemonsetSettingContainerSpec defines the resources override for a container identified by its name 56 | properties: 57 | name: 58 | type: string 59 | resources: 60 | description: ResourceRequirements describes the compute resource requirements. 61 | properties: 62 | limits: 63 | additionalProperties: 64 | anyOf: 65 | - type: integer 66 | - type: string 67 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 68 | description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 69 | type: object 70 | requests: 71 | additionalProperties: 72 | anyOf: 73 | - type: integer 74 | - type: string 75 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 76 | description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 77 | type: object 78 | type: object 79 | required: 80 | - name 81 | - resources 82 | type: object 83 | type: array 84 | nodeSelector: 85 | description: NodeSelector lists labels that must be present on nodes to trigger the usage of this resource. 86 | properties: 87 | matchExpressions: 88 | description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 89 | items: 90 | description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. 91 | properties: 92 | key: 93 | description: key is the label key that the selector applies to. 94 | type: string 95 | operator: 96 | description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 97 | type: string 98 | values: 99 | description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 100 | items: 101 | type: string 102 | type: array 103 | required: 104 | - key 105 | - operator 106 | type: object 107 | type: array 108 | matchLabels: 109 | additionalProperties: 110 | type: string 111 | description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 112 | type: object 113 | type: object 114 | reference: 115 | description: Reference contains enough information to let you identify the referred resource. 116 | properties: 117 | apiVersion: 118 | description: API version of the referent 119 | type: string 120 | kind: 121 | description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"' 122 | type: string 123 | name: 124 | description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' 125 | type: string 126 | required: 127 | - kind 128 | - name 129 | type: object 130 | required: 131 | - nodeSelector 132 | - reference 133 | type: object 134 | status: 135 | description: ExtendedDaemonsetSettingStatus defines the observed state of ExtendedDaemonsetSetting. 136 | properties: 137 | error: 138 | type: string 139 | status: 140 | description: ExtendedDaemonsetSettingStatusStatus defines the readable status in ExtendedDaemonsetSettingStatus. 141 | type: string 142 | required: 143 | - status 144 | type: object 145 | type: object 146 | version: v1alpha1 147 | versions: 148 | - name: v1alpha1 149 | served: true 150 | storage: true 151 | status: 152 | acceptedNames: 153 | kind: "" 154 | plural: "" 155 | conditions: [] 156 | storedVersions: [] 157 | {{- end }} 158 | --------------------------------------------------------------------------------