diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 78b424a6a..24bd7388f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.71.0 + +* Enable `system-probe` container on GKE Autopilot + ## 3.70.7 * Set default `Agent` and `Cluster-Agent` version to `7.56.2`. @@ -46,7 +50,7 @@ ## 3.69.0 -* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. +* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. ## 3.68.2 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 9f0b0f3a0..ffcab874d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.70.7 +version: 3.71.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0edef6a9e..ead53c400 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.70.7](https://img.shields.io/badge/Version-3.70.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.0](https://img.shields.io/badge/Version-3.71.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 9201c6a04..1276d7989 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -333,14 +333,6 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes * The serviceAccountName must be "datadog-agent". * All ConfigMap names mounted must be hardcode. -{{- if eq (include "system-probe-feature" .) "true" }} - -##################################################################### -#### WARNING: System Probe is not supported on GKE Autopilot #### -##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} - -{{- end }} {{- if and .Values.providers.gke.cos .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} ################################################################################# @@ -398,16 +390,6 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} -{{- if .Values.datadog.networkMonitoring.enabled }} - -####################################################################################### -#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### -####################################################################################### - -{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} - -{{- end }} - {{- end }} {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index c891a30d1..8725e99fa 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.systemProbe.securityContext "targetSystem" .Values.targetSystem "seccomp" .Values.datadog.systemProbe.seccomp "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} - command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] + command: ["system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] {{- if .Values.agents.containers.systemProbe.ports }} ports: {{ toYaml .Values.agents.containers.systemProbe.ports | indent 2 }} @@ -30,9 +30,11 @@ resources: {{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} volumeMounts: + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 39ce80f63..b7c5fae56 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -9,7 +9,7 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- if (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a67ce9c9b..3450e7b7a 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -338,7 +338,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -938,7 +938,6 @@ Create RBACs for custom resources false {{- end -}} {{- end -}} - {{/* Return true if any process-related check is enabled */}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ba95268cf..fbcfacb7b 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -65,6 +65,9 @@ spec: {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} + {{- if .Values.providers.gke.autopilot }} + autopilot.gke.io/no-connect: "false" + {{- end }} {{- if .Values.agents.podAnnotations }} {{ tpl (toYaml .Values.agents.podAnnotations) . | indent 8 }} {{- end }}