diff --git a/api/v1alpha1/datadogagent_types.go b/api/v1alpha1/datadogagent_types.go index cbf1c9235..07977e4d9 100644 --- a/api/v1alpha1/datadogagent_types.go +++ b/api/v1alpha1/datadogagent_types.go @@ -325,6 +325,14 @@ type APMSpec struct { // Make sure to keep requests and limits equal to keep the pods in the Guaranteed QoS class. // See also: http://kubernetes.io/docs/user-guide/compute-resources/ Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + + // Command allows the specification of custom entrypoint for Trace Agent container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` } // APMUnixDomainSocketSpec contains the APM Unix Domain Socket configuration. @@ -428,6 +436,14 @@ type ProcessSpec struct { // Make sure to keep requests and limits equal to keep the pods in the Guaranteed QoS class. // See also: http://kubernetes.io/docs/user-guide/compute-resources/ Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + + // Command allows the specification of custom entrypoint for Process Agent container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` } // KubeStateMetricsCore contains the required parameters to enable and override the configuration @@ -555,6 +571,14 @@ type SystemProbeSpec struct { // See also: http://kubernetes.io/docs/user-guide/compute-resources/ Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + // Command allows the specification of custom entrypoint for System Probe container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` + // You can modify the security context used to run the containers by // modifying the label type. // +optional @@ -591,6 +615,14 @@ type SecuritySpec struct { // Make sure to keep requests and limits equal to keep the pods in the Guaranteed QoS class. // See also: http://kubernetes.io/docs/user-guide/compute-resources/ Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + + // Command allows the specification of custom entrypoint for Security Agent container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` } // ComplianceSpec contains configuration for continuous compliance. @@ -738,6 +770,14 @@ type NodeAgentConfig struct { // See also: http://kubernetes.io/docs/user-guide/compute-resources/ Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + // Command allows the specification of custom entrypoint for the Agent container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` + // Configure the CRI Socket. CriSocket *CRISocketConfig `json:"criSocket,omitempty"` @@ -921,6 +961,14 @@ type ClusterAgentConfig struct { // Datadog cluster-agent resource requests and limits. Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + // Command allows the specification of custom entrypoint for Cluster Agent container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` + // Confd Provide additional cluster check configurations. Each key will become a file in /conf.d. // see https://docs.datadoghq.com/agent/autodiscovery/ for more details. // +optional @@ -1003,6 +1051,14 @@ type ClusterChecksRunnerConfig struct { // Datadog Cluster Checks Runner resource requests and limits. Resources *corev1.ResourceRequirements `json:"resources,omitempty"` + // Command allows the specification of custom entrypoint for Cluster Checks Runner container + // +listType=atomic + Command []string `json:"command,omitempty"` + + // Args allows the specification of extra args to `Command` parameter + // +listType=atomic + Args []string `json:"args,omitempty"` + // Set logging verbosity, valid log levels are: // trace, debug, info, warn, error, critical, and off LogLevel *string `json:"logLevel,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 5f07ba52e..d82dc4c78 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -55,6 +55,16 @@ func (in *APMSpec) DeepCopyInto(out *APMSpec) { *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APMSpec. @@ -196,6 +206,16 @@ func (in *ClusterAgentConfig) DeepCopyInto(out *ClusterAgentConfig) { *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.Confd != nil { in, out := &in.Confd, &out.Confd *out = new(ConfigDirSpec) @@ -242,6 +262,16 @@ func (in *ClusterChecksRunnerConfig) DeepCopyInto(out *ClusterChecksRunnerConfig *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.LogLevel != nil { in, out := &in.LogLevel, &out.LogLevel *out = new(string) @@ -1648,6 +1678,16 @@ func (in *NodeAgentConfig) DeepCopyInto(out *NodeAgentConfig) { *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.CriSocket != nil { in, out := &in.CriSocket, &out.CriSocket *out = new(CRISocketConfig) @@ -1759,6 +1799,16 @@ func (in *ProcessSpec) DeepCopyInto(out *ProcessSpec) { *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessSpec. @@ -1915,6 +1965,16 @@ func (in *SecuritySpec) DeepCopyInto(out *SecuritySpec) { *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecuritySpec. @@ -1992,6 +2052,16 @@ func (in *SystemProbeSpec) DeepCopyInto(out *SystemProbeSpec) { *out = new(v1.ResourceRequirements) (*in).DeepCopyInto(*out) } + if in.Command != nil { + in, out := &in.Command, &out.Command + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.SecurityContext != nil { in, out := &in.SecurityContext, &out.SecurityContext *out = new(v1.SecurityContext) diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 8bfeec04f..bc7398dbb 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -145,6 +145,46 @@ func schema__api_v1alpha1_APMSpec(ref common.ReferenceCallback) common.OpenAPIDe Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for Trace Agent container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, }, }, @@ -355,6 +395,46 @@ func schema__api_v1alpha1_ClusterAgentConfig(ref common.ReferenceCallback) commo Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for Cluster Agent container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "confd": { SchemaProps: spec.SchemaProps{ Description: "Confd Provide additional cluster check configurations. Each key will become a file in /conf.d. see https://docs.datadoghq.com/agent/autodiscovery/ for more details.", @@ -449,6 +529,46 @@ func schema__api_v1alpha1_ClusterChecksRunnerConfig(ref common.ReferenceCallback Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for Cluster Checks Runner container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "logLevel": { SchemaProps: spec.SchemaProps{ Description: "Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off", @@ -2435,6 +2555,46 @@ func schema__api_v1alpha1_NodeAgentConfig(ref common.ReferenceCallback) common.O Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for the Agent container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "criSocket": { SchemaProps: spec.SchemaProps{ Description: "Configure the CRI Socket.", @@ -2621,6 +2781,46 @@ func schema__api_v1alpha1_ProcessSpec(ref common.ReferenceCallback) common.OpenA Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for Process Agent container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, }, }, @@ -2825,6 +3025,46 @@ func schema__api_v1alpha1_SecuritySpec(ref common.ReferenceCallback) common.Open Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for Security Agent container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, }, }, @@ -2965,6 +3205,46 @@ func schema__api_v1alpha1_SystemProbeSpec(ref common.ReferenceCallback) common.O Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, + "command": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Command allows the specification of custom entrypoint for System Probe container", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "args": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Args allows the specification of extra args to `Command` parameter", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "securityContext": { SchemaProps: spec.SchemaProps{ Description: "You can modify the security context used to run the containers by modifying the label type.", diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml index 5204977a8..25b5dcdec 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml @@ -73,6 +73,20 @@ spec: apm: description: Trace Agent configuration properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Command allows the specification of custom entrypoint + for Trace Agent container + items: + type: string + type: array + x-kubernetes-list-type: atomic enabled: description: 'Enable this to enable APM and tracing, on port 8126. See also: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host' @@ -294,6 +308,13 @@ spec: config: description: Agent configuration. properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic checksd: description: Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 @@ -308,6 +329,13 @@ spec: description: 'Enables this to start event collection from the Kubernetes API. See also: https://docs.datadoghq.com/agent/kubernetes/event_collection/' type: boolean + command: + description: Command allows the specification of custom entrypoint + for the Agent container + items: + type: string + type: array + x-kubernetes-list-type: atomic confd: description: Confd configuration allowing to specify config files for custom checks placed under /etc/datadog-agent/conf.d/. @@ -2929,6 +2957,20 @@ spec: process: description: Process Agent configuration properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Command allows the specification of custom entrypoint + for Process Agent container + items: + type: string + type: array + x-kubernetes-list-type: atomic enabled: description: 'Note: /etc/passwd is automatically mounted to allow username resolution. See also: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset' @@ -3144,6 +3186,20 @@ spec: security: description: Security Agent configuration properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Command allows the specification of custom entrypoint + for Security Agent container + items: + type: string + type: array + x-kubernetes-list-type: atomic compliance: description: Compliance configuration. properties: @@ -3383,12 +3439,26 @@ spec: appArmorProfileName: description: AppArmorProfileName specify a apparmor profile. type: string + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic bpfDebugEnabled: description: BPFDebugEnabled logging for kernel debug. type: boolean collectDNSStats: description: CollectDNSStats enables DNS stat collection. type: boolean + command: + description: Command allows the specification of custom entrypoint + for System Probe container + items: + type: string + type: array + x-kubernetes-list-type: atomic conntrackEnabled: description: 'ConntrackEnabled enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT @@ -4379,6 +4449,13 @@ spec: name. type: string type: object + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic clusterChecksEnabled: description: 'Enable the Cluster Checks and Endpoint Checks feature on both the cluster-agents and the daemonset. See @@ -4391,6 +4468,13 @@ spec: description: 'Enable this to start event collection from the kubernetes API. See also: https://docs.datadoghq.com/agent/cluster_agent/event_collection/' type: boolean + command: + description: Command allows the specification of custom entrypoint + for Cluster Agent container + items: + type: string + type: array + x-kubernetes-list-type: atomic confd: description: Confd Provide additional cluster check configurations. Each key will become a file in /conf.d. see https://docs.datadoghq.com/agent/autodiscovery/ @@ -7027,6 +7111,20 @@ spec: config: description: Agent configuration. properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Command allows the specification of custom entrypoint + for Cluster Checks Runner container + items: + type: string + type: array + x-kubernetes-list-type: atomic env: description: 'The Datadog Agent supports many environment variables. See also: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables' diff --git a/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml index 60b70de69..4e3c8bb5f 100644 --- a/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml @@ -71,6 +71,18 @@ spec: apm: description: Trace Agent configuration properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + command: + description: Command allows the specification of custom entrypoint + for Trace Agent container + items: + type: string + type: array enabled: description: 'Enable this to enable APM and tracing, on port 8126. See also: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host' @@ -280,6 +292,12 @@ spec: config: description: Agent configuration. properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array checksd: description: Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 @@ -294,6 +312,12 @@ spec: description: 'Enables this to start event collection from the Kubernetes API. See also: https://docs.datadoghq.com/agent/kubernetes/event_collection/' type: boolean + command: + description: Command allows the specification of custom entrypoint + for the Agent container + items: + type: string + type: array confd: description: Confd configuration allowing to specify config files for custom checks placed under /etc/datadog-agent/conf.d/. @@ -2833,6 +2857,18 @@ spec: process: description: Process Agent configuration properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + command: + description: Command allows the specification of custom entrypoint + for Process Agent container + items: + type: string + type: array enabled: description: 'Note: /etc/passwd is automatically mounted to allow username resolution. See also: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset' @@ -3036,6 +3072,18 @@ spec: security: description: Security Agent configuration properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + command: + description: Command allows the specification of custom entrypoint + for Security Agent container + items: + type: string + type: array compliance: description: Compliance configuration. properties: @@ -3263,12 +3311,24 @@ spec: appArmorProfileName: description: AppArmorProfileName specify a apparmor profile. type: string + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array bpfDebugEnabled: description: BPFDebugEnabled logging for kernel debug. type: boolean collectDNSStats: description: CollectDNSStats enables DNS stat collection. type: boolean + command: + description: Command allows the specification of custom entrypoint + for System Probe container + items: + type: string + type: array conntrackEnabled: description: 'ConntrackEnabled enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information @@ -4232,6 +4292,12 @@ spec: name. type: string type: object + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array clusterChecksEnabled: description: 'Enable the Cluster Checks and Endpoint Checks feature on both the cluster-agents and the daemonset. See @@ -4244,6 +4310,12 @@ spec: description: 'Enable this to start event collection from the kubernetes API. See also: https://docs.datadoghq.com/agent/cluster_agent/event_collection/' type: boolean + command: + description: Command allows the specification of custom entrypoint + for Cluster Agent container + items: + type: string + type: array confd: description: Confd Provide additional cluster check configurations. Each key will become a file in /conf.d. see https://docs.datadoghq.com/agent/autodiscovery/ @@ -6799,6 +6871,18 @@ spec: config: description: Agent configuration. properties: + args: + description: Args allows the specification of extra args to + `Command` parameter + items: + type: string + type: array + command: + description: Command allows the specification of custom entrypoint + for Cluster Checks Runner container + items: + type: string + type: array env: description: 'The Datadog Agent supports many environment variables. See also: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables' diff --git a/controllers/datadogagent/agent_test.go b/controllers/datadogagent/agent_test.go index b000d82ff..9076185de 100644 --- a/controllers/datadogagent/agent_test.go +++ b/controllers/datadogagent/agent_test.go @@ -512,6 +512,22 @@ func runtimeSecurityAgentVolumes() []corev1.Volume { }, }, }, + { + Name: datadoghqv1alpha1.GroupVolumeName, + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: datadoghqv1alpha1.GroupVolumePath, + }, + }, + }, + { + Name: datadoghqv1alpha1.HostRootVolumeName, + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/", + }, + }, + }, } } @@ -654,6 +670,11 @@ func complianceSecurityAgentMountVolume() []corev1.VolumeMount { Name: "config", MountPath: "/etc/datadog-agent", }, + { + Name: "hostroot", + MountPath: "/host/root", + ReadOnly: true, + }, { Name: "cgroups", MountPath: "/host/sys/fs/cgroup", @@ -674,11 +695,6 @@ func complianceSecurityAgentMountVolume() []corev1.VolumeMount { MountPath: "/host/proc", ReadOnly: true, }, - { - Name: "hostroot", - MountPath: "/host/root", - ReadOnly: true, - }, { Name: "runtimesocketdir", MountPath: "/host/var/run", @@ -707,6 +723,11 @@ func runtimeSecurityAgentMountVolume() []corev1.VolumeMount { Name: "config", MountPath: "/etc/datadog-agent", }, + { + Name: "hostroot", + MountPath: "/host/root", + ReadOnly: true, + }, { Name: "runtimesocketdir", MountPath: "/host/var/run", @@ -874,17 +895,16 @@ func securityAgentEnvVars(compliance, runtime bool, extraEnv map[string]string) Name: "DD_COMPLIANCE_CONFIG_ENABLED", Value: strconv.FormatBool(compliance), }, + { + Name: "HOST_ROOT", + Value: "/host/root", + }, } if compliance { if envDuration := createEnvFromExtra(extraEnv, "DD_COMPLIANCE_CONFIG_CHECK_INTERVAL"); envDuration != nil { env = append(env, *envDuration) } - - env = append(env, corev1.EnvVar{ - Name: "HOST_ROOT", - Value: "/host/root", - }) } env = append(env, []corev1.EnvVar{ @@ -1103,7 +1123,7 @@ func defaultSystemProbePodSpec(dda *datadoghqv1alpha1.DatadogAgent) corev1.PodSp Image: "gcr.io/datadoghq/agent:latest", ImagePullPolicy: corev1.PullIfNotPresent, Command: []string{ - "/opt/datadog-agent/embedded/bin/system-probe", + "system-probe", "--config=/etc/datadog-agent/system-probe.yaml", }, SecurityContext: &corev1.SecurityContext{ @@ -1386,7 +1406,7 @@ func runtimeSecurityAgentPodSpec(extraEnv map[string]string) corev1.PodSpec { Image: "gcr.io/datadoghq/agent:latest", ImagePullPolicy: corev1.PullIfNotPresent, Command: []string{ - "/opt/datadog-agent/embedded/bin/system-probe", + "system-probe", "--config=/etc/datadog-agent/system-probe.yaml", }, SecurityContext: &corev1.SecurityContext{ @@ -3217,6 +3237,67 @@ func Test_newExtendedDaemonSetFromInstance_KubeletConfiguration(t *testing.T) { test.Run(t) } +func Test_newExtendedDaemonSetFromInstance_ArgsCommandOverride(t *testing.T) { + dda := test.NewDefaultedDatadogAgent("bar", "foo", &test.NewDatadogAgentOptions{ + UseEDS: true, + ProcessEnabled: true, + ClusterAgentEnabled: true, + }) + + dda.Spec.Agent.Config.Command = []string{"my-custom-agent"} + dda.Spec.Agent.Config.Args = []string{"my-custom-args"} + dda.Spec.Agent.Process.Args = []string{"my-extra-args"} + + wantSpec := defaultPodSpec(dda) + wantSpec.Containers[0].Command = []string{"my-custom-agent"} + wantSpec.Containers[0].Args = []string{"my-custom-args"} + wantSpec.Containers[1].Args = []string{"my-extra-args"} + + test := extendedDaemonSetFromInstanceTest{ + name: "with custom Command/Args", + agentdeployment: dda, + wantErr: false, + want: &edsdatadoghqv1alpha1.ExtendedDaemonSet{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "bar", + Name: "foo-agent", + Labels: map[string]string{ + "agent.datadoghq.com/name": "foo", + "agent.datadoghq.com/component": "agent", + "app.kubernetes.io/instance": "agent", + "app.kubernetes.io/managed-by": "datadog-operator", + "app.kubernetes.io/name": "datadog-agent-deployment", + "app.kubernetes.io/part-of": "foo", + "app.kubernetes.io/version": "", + }, + Annotations: map[string]string{}, + }, + Spec: edsdatadoghqv1alpha1.ExtendedDaemonSetSpec{ + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "foo", + Namespace: "bar", + Labels: map[string]string{ + "agent.datadoghq.com/name": "foo", + "agent.datadoghq.com/component": "agent", + "app.kubernetes.io/instance": "agent", + "app.kubernetes.io/managed-by": "datadog-operator", + "app.kubernetes.io/name": "datadog-agent-deployment", + "app.kubernetes.io/part-of": "foo", + "app.kubernetes.io/version": "", + }, + Annotations: map[string]string{}, + }, + Spec: wantSpec, + }, + Strategy: getDefaultEDSStrategy(), + }, + }, + } + + test.Run(t) +} + func getDefaultEDSStrategy() edsdatadoghqv1alpha1.ExtendedDaemonSetSpecStrategy { var defaultMaxParallelPodCreation int32 = 250 return edsdatadoghqv1alpha1.ExtendedDaemonSetSpecStrategy{ diff --git a/controllers/datadogagent/clusteragent.go b/controllers/datadogagent/clusteragent.go index 91a67b9e6..54f870005 100644 --- a/controllers/datadogagent/clusteragent.go +++ b/controllers/datadogagent/clusteragent.go @@ -437,6 +437,8 @@ func newClusterAgentPodTemplate(logger logr.Logger, dda *datadoghqv1alpha1.Datad }, Env: envs, VolumeMounts: volumeMounts, + Command: getDefaultIfEmpty(dda.Spec.ClusterAgent.Config.Command, nil), + Args: getDefaultIfEmpty(dda.Spec.ClusterAgent.Config.Args, nil), }, }, Affinity: clusterAgentSpec.Affinity, diff --git a/controllers/datadogagent/clusterchecksrunner.go b/controllers/datadogagent/clusterchecksrunner.go index ec9e33100..6607f6981 100644 --- a/controllers/datadogagent/clusterchecksrunner.go +++ b/controllers/datadogagent/clusterchecksrunner.go @@ -277,10 +277,8 @@ func newClusterChecksRunnerPodTemplate(dda *datadoghqv1alpha1.DatadogAgent, labe VolumeMounts: volumeMounts, LivenessProbe: getDefaultLivenessProbe(), ReadinessProbe: getDefaultReadinessProbe(), - Command: []string{ - "agent", - "run", - }, + Command: getDefaultIfEmpty(dda.Spec.ClusterChecksRunner.Config.Command, []string{"agent", "run"}), + Args: getDefaultIfEmpty(dda.Spec.ClusterChecksRunner.Config.Args, nil), }, }, Volumes: getVolumesForClusterChecksRunner(dda), diff --git a/controllers/datadogagent/utils.go b/controllers/datadogagent/utils.go index 535c2f6b5..c82323e37 100644 --- a/controllers/datadogagent/utils.go +++ b/controllers/datadogagent/utils.go @@ -253,11 +253,9 @@ func getAgentContainer(logger logr.Logger, dda *datadoghqv1alpha1.DatadogAgent) Name: "agent", Image: agentSpec.Image.Name, ImagePullPolicy: *agentSpec.Image.PullPolicy, - Command: []string{ - "agent", - "run", - }, - Resources: *agentSpec.Config.Resources, + Command: getDefaultIfEmpty(dda.Spec.Agent.Config.Command, []string{"agent", "run"}), + Args: getDefaultIfEmpty(dda.Spec.Agent.Config.Args, nil), + Resources: *agentSpec.Config.Resources, Ports: []corev1.ContainerPort{ udpPort, }, @@ -289,11 +287,8 @@ func getAPMAgentContainers(dda *datadoghqv1alpha1.DatadogAgent) ([]corev1.Contai Name: "trace-agent", Image: agentSpec.Image.Name, ImagePullPolicy: *agentSpec.Image.PullPolicy, - Command: []string{ - "trace-agent", - fmt.Sprintf("--config=%s", datadoghqv1alpha1.AgentCustomConfigVolumePath), - }, - + Command: getDefaultIfEmpty(dda.Spec.Agent.Apm.Command, []string{"trace-agent", fmt.Sprintf("--config=%s", datadoghqv1alpha1.AgentCustomConfigVolumePath)}), + Args: getDefaultIfEmpty(dda.Spec.Agent.Apm.Args, nil), Ports: []corev1.ContainerPort{ tcpPort, }, @@ -319,11 +314,11 @@ func getProcessContainers(dda *datadoghqv1alpha1.DatadogAgent) ([]corev1.Contain Name: "process-agent", Image: agentSpec.Image.Name, ImagePullPolicy: *agentSpec.Image.PullPolicy, - Command: []string{ - "process-agent", - fmt.Sprintf("--config=%s", datadoghqv1alpha1.AgentCustomConfigVolumePath), + Command: getDefaultIfEmpty(dda.Spec.Agent.Process.Command, []string{ + "process-agent", fmt.Sprintf("--config=%s", datadoghqv1alpha1.AgentCustomConfigVolumePath), fmt.Sprintf("--sysprobe-config=%s", datadoghqv1alpha1.SystemProbeConfigVolumePath), - }, + }), + Args: getDefaultIfEmpty(dda.Spec.Agent.Process.Args, nil), Env: envVars, VolumeMounts: getVolumeMountsForProcessAgent(dda), } @@ -341,14 +336,13 @@ func getSystemProbeContainers(dda *datadoghqv1alpha1.DatadogAgent) ([]corev1.Con if err != nil { return nil, err } + systemProbe := corev1.Container{ Name: "system-probe", Image: agentSpec.Image.Name, ImagePullPolicy: *agentSpec.Image.PullPolicy, - Command: []string{ - "/opt/datadog-agent/embedded/bin/system-probe", - fmt.Sprintf("--config=%s", datadoghqv1alpha1.SystemProbeConfigVolumePath), - }, + Command: getDefaultIfEmpty(dda.Spec.Agent.SystemProbe.Command, []string{"system-probe", fmt.Sprintf("--config=%s", datadoghqv1alpha1.SystemProbeConfigVolumePath)}), + Args: getDefaultIfEmpty(dda.Spec.Agent.SystemProbe.Args, nil), SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{ @@ -386,11 +380,8 @@ func getSecurityAgentContainer(dda *datadoghqv1alpha1.DatadogAgent) (*corev1.Con Name: "security-agent", Image: agentSpec.Image.Name, ImagePullPolicy: *agentSpec.Image.PullPolicy, - Command: []string{ - "security-agent", - "start", - fmt.Sprintf("-c=%s", datadoghqv1alpha1.AgentCustomConfigVolumePath), - }, + Command: getDefaultIfEmpty(dda.Spec.Agent.Security.Command, []string{"security-agent", "start", fmt.Sprintf("-c=%s", datadoghqv1alpha1.AgentCustomConfigVolumePath)}), + Args: getDefaultIfEmpty(dda.Spec.Agent.Security.Args, nil), SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{ Add: []corev1.Capability{"AUDIT_CONTROL", "AUDIT_READ"}, @@ -763,6 +754,10 @@ func getEnvVarsForSecurityAgent(dda *datadoghqv1alpha1.DatadogAgent) ([]corev1.E Name: datadoghqv1alpha1.DDComplianceConfigEnabled, Value: strconv.FormatBool(complianceEnabled), }, + { + Name: "HOST_ROOT", + Value: datadoghqv1alpha1.HostRootVolumePath, + }, } if complianceEnabled { if dda.Spec.Agent.Security.Compliance.CheckInterval != nil { @@ -778,11 +773,6 @@ func getEnvVarsForSecurityAgent(dda *datadoghqv1alpha1.DatadogAgent) ([]corev1.E Value: datadoghqv1alpha1.SecurityAgentComplianceConfigDirVolumePath, }) } - - envVars = append(envVars, corev1.EnvVar{ - Name: "HOST_ROOT", - Value: datadoghqv1alpha1.HostRootVolumePath, - }) } envVars = append(envVars, corev1.EnvVar{ @@ -1069,7 +1059,7 @@ func getVolumesForAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.Volume { } } - if isComplianceEnabled(&dda.Spec) { + if isSecurityAgentEnabled(&dda.Spec) { groupVolume := corev1.Volume{ Name: datadoghqv1alpha1.GroupVolumeName, VolumeSource: corev1.VolumeSource{ @@ -1089,7 +1079,9 @@ func getVolumesForAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.Volume { }, } volumes = append(volumes, hostRootVolume) + } + if isComplianceEnabled(&dda.Spec) { if dda.Spec.Agent.Security.Compliance.ConfigDir != nil { volumes = append(volumes, corev1.Volume{ Name: datadoghqv1alpha1.SecurityAgentComplianceConfigDirVolumeName, @@ -1561,6 +1553,11 @@ func getVolumeMountsForSecurityAgent(dda *datadoghqv1alpha1.DatadogAgent) []core Name: datadoghqv1alpha1.ConfigVolumeName, MountPath: datadoghqv1alpha1.ConfigVolumePath, }, + { + Name: datadoghqv1alpha1.HostRootVolumeName, + MountPath: datadoghqv1alpha1.HostRootVolumePath, + ReadOnly: true, + }, } complianceEnabled := isComplianceEnabled(&dda.Spec) @@ -1588,11 +1585,6 @@ func getVolumeMountsForSecurityAgent(dda *datadoghqv1alpha1.DatadogAgent) []core MountPath: datadoghqv1alpha1.ProcVolumePath, ReadOnly: true, }, - { - Name: datadoghqv1alpha1.HostRootVolumeName, - MountPath: datadoghqv1alpha1.HostRootVolumePath, - ReadOnly: true, - }, }...) } @@ -2207,3 +2199,11 @@ func envForClusterAgentConnection(dda *datadoghqv1alpha1.DatadogAgent) []corev1. } return []corev1.EnvVar{} } + +func getDefaultIfEmpty(val, def []string) []string { + if len(val) > 0 { + return val + } + + return def +} diff --git a/controllers/datadogagent/utils_test.go b/controllers/datadogagent/utils_test.go index 7e1a67b18..111027379 100644 --- a/controllers/datadogagent/utils_test.go +++ b/controllers/datadogagent/utils_test.go @@ -141,6 +141,7 @@ func Test_getVolumeMountsForSecurityAgent(t *testing.T) { {Name: "logdatadog", MountPath: "/var/log/datadog"}, {Name: "datadog-agent-auth", ReadOnly: true, MountPath: "/etc/datadog-agent/auth"}, {Name: "config", ReadOnly: false, MountPath: "/etc/datadog-agent"}, + {Name: "hostroot", ReadOnly: true, MountPath: "/host/root"}, {Name: "runtimesocketdir", ReadOnly: true, MountPath: "/host/var/run"}, }, }, @@ -151,6 +152,7 @@ func Test_getVolumeMountsForSecurityAgent(t *testing.T) { {Name: "logdatadog", MountPath: "/var/log/datadog"}, {Name: "datadog-agent-auth", ReadOnly: true, MountPath: "/etc/datadog-agent/auth"}, {Name: "config", ReadOnly: false, MountPath: "/etc/datadog-agent"}, + {Name: "hostroot", ReadOnly: true, MountPath: "/host/root"}, {Name: "custom-datadog-yaml", ReadOnly: true, MountPath: "/etc/datadog-agent/datadog.yaml", SubPath: "datadog.yaml", SubPathExpr: ""}, {Name: "runtimesocketdir", ReadOnly: true, MountPath: "/host/var/run"}, }, @@ -162,6 +164,7 @@ func Test_getVolumeMountsForSecurityAgent(t *testing.T) { {Name: "logdatadog", MountPath: "/var/log/datadog"}, {Name: "datadog-agent-auth", ReadOnly: true, MountPath: "/etc/datadog-agent/auth"}, {Name: "config", ReadOnly: false, MountPath: "/etc/datadog-agent"}, + {Name: "hostroot", ReadOnly: true, MountPath: "/host/root"}, {Name: "extra", MountPath: "/etc/datadog-agent/extra"}, {Name: "runtimesocketdir", ReadOnly: true, MountPath: "/host/var/run"}, }, @@ -173,11 +176,11 @@ func Test_getVolumeMountsForSecurityAgent(t *testing.T) { v1.VolumeMount{Name: "logdatadog", ReadOnly: false, MountPath: "/var/log/datadog"}, v1.VolumeMount{Name: "datadog-agent-auth", ReadOnly: true, MountPath: "/etc/datadog-agent/auth"}, v1.VolumeMount{Name: "config", ReadOnly: false, MountPath: "/etc/datadog-agent"}, + v1.VolumeMount{Name: "hostroot", ReadOnly: true, MountPath: "/host/root"}, v1.VolumeMount{Name: "cgroups", ReadOnly: true, MountPath: "/host/sys/fs/cgroup"}, v1.VolumeMount{Name: "passwd", ReadOnly: true, MountPath: "/etc/passwd"}, v1.VolumeMount{Name: "group", ReadOnly: true, MountPath: "/etc/group"}, v1.VolumeMount{Name: "procdir", ReadOnly: true, MountPath: "/host/proc"}, - v1.VolumeMount{Name: "hostroot", ReadOnly: true, MountPath: "/host/root"}, v1.VolumeMount{Name: "runtimesocketdir", ReadOnly: true, MountPath: "/host/var/run"}, v1.VolumeMount{Name: "runtimesocketdir", ReadOnly: true, MountPath: "/host/root/var/run"}, v1.VolumeMount{Name: "compliancedir", ReadOnly: true, MountPath: "/etc/datadog-agent/compliance.d"}, @@ -190,6 +193,7 @@ func Test_getVolumeMountsForSecurityAgent(t *testing.T) { v1.VolumeMount{Name: "logdatadog", ReadOnly: false, MountPath: "/var/log/datadog"}, v1.VolumeMount{Name: "datadog-agent-auth", ReadOnly: true, MountPath: "/etc/datadog-agent/auth"}, v1.VolumeMount{Name: "config", ReadOnly: false, MountPath: "/etc/datadog-agent"}, + v1.VolumeMount{Name: "hostroot", ReadOnly: true, MountPath: "/host/root"}, v1.VolumeMount{Name: "runtimesocketdir", ReadOnly: true, MountPath: "/host/var/run"}, v1.VolumeMount{Name: "sysprobe-socket-dir", ReadOnly: true, MountPath: "/var/run/sysprobe"}, v1.VolumeMount{Name: "runtimepoliciesdir", ReadOnly: true, MountPath: "/etc/datadog-agent/runtime-security.d"}, diff --git a/controllers/datadogmonitor/controller.go b/controllers/datadogmonitor/controller.go index 23a5af52d..577618721 100644 --- a/controllers/datadogmonitor/controller.go +++ b/controllers/datadogmonitor/controller.go @@ -150,8 +150,18 @@ func (r *Reconciler) internalReconcile(ctx context.Context, req reconcile.Reques } else { newStatus.CurrentHash = instanceSpecHash } - } else { //nolint:gocritic + } else { // Spec has not changed, just check if monitor state has changed (alert, warn, OK, etc.) + // We only do it every defaultRequeuePeriod to avoid overloading APIServer and DD + // controller-runtime does not support Watch with Resync per controller, so doing it manually + // see https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L108-L133 + if instance.Status.MonitorStateLastUpdateTime != nil { + nextUpdateIn := defaultRequeuePeriod - now.Sub(instance.Status.MonitorStateLastUpdateTime.Time) + if nextUpdateIn > 0 { + return ctrl.Result{RequeueAfter: nextUpdateIn}, nil + } + } + if err = r.get(logger, instance, newStatus, now); err != nil { logger.Error(err, "error getting monitor", "Monitor ID", instance.Status.ID) } diff --git a/docs/configuration.md b/docs/configuration.md index 868a40cdf..9dc4b7d73 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -30,6 +30,8 @@ spec: | --------- | ----------- | | agent.additionalAnnotations | AdditionalAnnotations provide annotations that will be added to the Agent Pods. | | agent.additionalLabels | AdditionalLabels provide labels that will be added to the Agent Pods. | +| agent.apm.args | Args allows the specification of extra args to `Command` parameter | +| agent.apm.command | Command allows the specification of custom entrypoint for Trace Agent container | | agent.apm.enabled | Enable this to enable APM and tracing, on port 8126. See also: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host | | agent.apm.env | The Datadog Agent supports many environment variables. See also: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables | | agent.apm.hostPort | Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. | @@ -38,8 +40,10 @@ spec: | agent.apm.unixDomainSocket.enabled | Enable APM over Unix Domain Socket See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables | | agent.apm.unixDomainSocket.hostFilepath | Define the host APM socket filepath used when APM over Unix Domain Socket is enabled. (default value: /var/run/datadog/apm.sock) See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables | | agent.apm.volumeMounts | Specify additional volume mounts in the APM Agent container. | +| agent.config.args | Args allows the specification of extra args to `Command` parameter | | agent.config.checksd.configMapName | ConfigMapName name of a ConfigMap used to mount a directory. | | agent.config.collectEvents | Enables this to start event collection from the Kubernetes API. See also: https://docs.datadoghq.com/agent/kubernetes/event_collection/ | +| agent.config.command | Command allows the specification of custom entrypoint for the Agent container | | agent.config.confd.configMapName | ConfigMapName name of a ConfigMap used to mount a directory. | | agent.config.criSocket.criSocketPath | Path to the container runtime socket (if different from Docker). This is supported starting from agent 6.6.0. | | agent.config.criSocket.dockerSocketPath | Path to the docker runtime socket. | @@ -136,6 +140,8 @@ spec: | agent.log.tempStoragePath | This path (always mounted from the host) is used by Datadog Agent to store information about processed log files. If the Datadog Agent is restarted, it starts tailing the log files immediately. Default to `/var/lib/datadog-agent/logs` | | agent.networkPolicy.create | If true, create a NetworkPolicy for the current agent. | | agent.priorityClassName | If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. | +| agent.process.args | Args allows the specification of extra args to `Command` parameter | +| agent.process.command | Command allows the specification of custom entrypoint for Process Agent container | | agent.process.enabled | Note: /etc/passwd is automatically mounted to allow username resolution. See also: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | | agent.process.env | The Datadog Agent supports many environment variables. See also: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables | | agent.process.processCollectionEnabled | false (default): Only collect containers if available. true: collect process information as well | @@ -144,6 +150,8 @@ spec: | agent.process.volumeMounts | Specify additional volume mounts in the Process Agent container. | | agent.rbac.create | Used to configure RBAC resources creation. | | agent.rbac.serviceAccountName | Used to set up the service account name to use. Ignored if the field Create is true. | +| agent.security.args | Args allows the specification of extra args to `Command` parameter | +| agent.security.command | Command allows the specification of custom entrypoint for Security Agent container | | agent.security.compliance.checkInterval | Check interval. | | agent.security.compliance.configDir.configMapName | ConfigMapName name of a ConfigMap used to mount a directory. | | agent.security.compliance.enabled | Enables continuous compliance monitoring. | @@ -155,8 +163,10 @@ spec: | agent.security.runtime.syscallMonitor.enabled | Enabled enables syscall monitor | | agent.security.volumeMounts | Specify additional volume mounts in the Security Agent container. | | agent.systemProbe.appArmorProfileName | AppArmorProfileName specify a apparmor profile. | +| agent.systemProbe.args | Args allows the specification of extra args to `Command` parameter | | agent.systemProbe.bpfDebugEnabled | BPFDebugEnabled logging for kernel debug. | | agent.systemProbe.collectDNSStats | CollectDNSStats enables DNS stat collection. | +| agent.systemProbe.command | Command allows the specification of custom entrypoint for System Probe container | | agent.systemProbe.conntrackEnabled | ConntrackEnabled enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data. See also: http://conntrack-tools.netfilter.org/ | | agent.systemProbe.debugPort | DebugPort Specify the port to expose pprof and expvar for system-probe agent. | | agent.systemProbe.enableOOMKill | EnableOOMKill enables the OOM kill eBPF-based check. | @@ -198,8 +208,10 @@ spec: | clusterAgent.config.admissionController.enabled | Enable the admission controller to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods. | | clusterAgent.config.admissionController.mutateUnlabelled | MutateUnlabelled enables injecting config without having the pod label 'admission.datadoghq.com/enabled="true"'. | | clusterAgent.config.admissionController.serviceName | ServiceName corresponds to the webhook service name. | +| clusterAgent.config.args | Args allows the specification of extra args to `Command` parameter | | clusterAgent.config.clusterChecksEnabled | Enable the Cluster Checks and Endpoint Checks feature on both the cluster-agents and the daemonset. See also: https://docs.datadoghq.com/agent/cluster_agent/clusterchecks/ https://docs.datadoghq.com/agent/cluster_agent/endpointschecks/ Autodiscovery via Kube Service annotations is automatically enabled. | | clusterAgent.config.collectEvents | Enable this to start event collection from the kubernetes API. See also: https://docs.datadoghq.com/agent/cluster_agent/event_collection/ | +| clusterAgent.config.command | Command allows the specification of custom entrypoint for Cluster Agent container | | clusterAgent.config.confd.configMapName | ConfigMapName name of a ConfigMap used to mount a directory. | | clusterAgent.config.env | The Datadog Agent supports many environment variables. See also: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables | | clusterAgent.config.externalMetrics.credentials.apiKey | APIKey Set this to your Datadog API key before the Agent runs. See also: https://app.datadoghq.com/account/settings#agent/kubernetes | @@ -244,6 +256,8 @@ spec: | clusterChecksRunner.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution | If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. | | clusterChecksRunner.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution | The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | | clusterChecksRunner.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution | If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. | +| clusterChecksRunner.config.args | Args allows the specification of extra args to `Command` parameter | +| clusterChecksRunner.config.command | Command allows the specification of custom entrypoint for Cluster Checks Runner container | | clusterChecksRunner.config.env | The Datadog Agent supports many environment variables. See also: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables | | clusterChecksRunner.config.logLevel | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off | | clusterChecksRunner.config.resources.limits | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |