Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make sure that disabling CSPM host benchmarks is propagated to the agent #1446

Merged
merged 3 commits into from
Jul 9, 2024
Merged

make sure that disabling CSPM host benchmarks is propagated to the agent #1446

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
52d6807
make sure that disabling CSPM host benchmarks is propagated to the agent
paulcacheux Jul 8, 2024
94ee646
enable host benchmarks by default
paulcacheux Jul 8, 2024
b660b08
apply review suggestion
paulcacheux Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions charts/datadog/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Datadog changelog

## 3.67.3

* Make sure that disabling CSPM host benchmarks is propagated to the agent.

## 3.67.2

* Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions
Expand Down
2 changes: 1 addition & 1 deletion charts/datadog/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: datadog
version: 3.67.2
version: 3.67.3
appVersion: "7"
description: Datadog Agent
keywords:
Expand Down
4 changes: 2 additions & 2 deletions charts/datadog/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Datadog

![Version: 3.67.2](https://img.shields.io/badge/Version-3.67.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.67.3](https://img.shields.io/badge/Version-3.67.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)

[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

Expand Down Expand Up @@ -793,7 +793,7 @@ helm install <RELEASE_NAME> \
| datadog.securityAgent.compliance.checkInterval | string | `"20m"` | Compliance check run interval |
| datadog.securityAgent.compliance.configMap | string | `nil` | Contains CSPM compliance benchmarks that will be used |
| datadog.securityAgent.compliance.enabled | bool | `false` | Set to true to enable Cloud Security Posture Management (CSPM) |
| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `false` | Set to true to enable host benchmarks (this feature is supported from Agent 7.47, and requires 160 MB extra memory for the `security-agent` container) |
| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `true` | Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+) |
| datadog.securityAgent.compliance.xccdf.enabled | bool | `false` | |
| datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout | int | `20` | Set to the desired duration of a single container tracing (in minutes) |
| datadog.securityAgent.runtime.activityDump.cgroupWaitListSize | int | `0` | Set to the size of the wait list for already traced containers |
Expand Down
6 changes: 2 additions & 4 deletions charts/datadog/templates/_container-security-agent.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,10 @@
{{- if .Values.datadog.securityAgent.compliance.enabled }}
- name: DD_COMPLIANCE_CONFIG_CHECK_INTERVAL
value: {{ .Values.datadog.securityAgent.compliance.checkInterval | quote }}
{{- if or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled }}
- name: DD_COMPLIANCE_CONFIG_XCCDF_ENABLED
value: "true"
value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }}
- name: DD_COMPLIANCE_CONFIG_HOST_BENCHMARKS_ENABLED
value: "true"
{{- end }}
value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }}
- name: HOST_ROOT
value: /host/root
{{- end }}
Expand Down
4 changes: 2 additions & 2 deletions charts/datadog/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -776,9 +776,9 @@ datadog:
xccdf:
enabled: false

# datadog.securityAgent.compliance.host_benchmarks.enabled -- Set to true to enable host benchmarks (this feature is supported from Agent 7.47, and requires 160 MB extra memory for the `security-agent` container)
# datadog.securityAgent.compliance.host_benchmarks.enabled -- Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+)
host_benchmarks:
enabled: false
enabled: true

runtime:
# datadog.securityAgent.runtime.enabled -- Set to true to enable Cloud Workload Security (CWS)
Expand Down
Loading