From 5c2eda67c1b496d01a2de4e6f79e395dde493c16 Mon Sep 17 00:00:00 2001 From: Yosef Mihretie Date: Tue, 10 Dec 2024 15:16:28 -0500 Subject: [PATCH] cleanup --- addons/datadog/values.yaml | 832 +------------------------------------ 1 file changed, 5 insertions(+), 827 deletions(-) diff --git a/addons/datadog/values.yaml b/addons/datadog/values.yaml index 888762c0..b2ae3207 100644 --- a/addons/datadog/values.yaml +++ b/addons/datadog/values.yaml @@ -26,828 +26,6 @@ commonLabels: {} ## AWS - use public.ecr.aws/datadog registry: gcr.io/datadoghq -datadog: - # datadog.apiKey -- Your Datadog API key - - ## ref: https://app.datadoghq.com/account/settings#agent/kubernetes - apiKey: # - - # datadog.apiKeyExistingSecret -- Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. - - ## If set, this parameter takes precedence over "apiKey". - apiKeyExistingSecret: # - - # datadog.appKey -- Datadog APP key required to use metricsProvider - - ## If you are using clusterAgent.metricsProvider.enabled = true, you must set - ## a Datadog application key for read access to your metrics. - appKey: # - - # datadog.appKeyExistingSecret -- Use existing Secret which stores APP key instead of creating a new one. The value should be set with the `app-key` key inside the secret. - - ## If set, this parameter takes precedence over "appKey". - appKeyExistingSecret: # - - # agents.secretAnnotations -- Annotations to add to the Secrets - secretAnnotations: {} - # key: "value" - - containerLifecycle: - # datadog.containerLifecycle.enabled -- Enable container lifecycle events collection - enabled: true - - containerImageCollection: - # datadog.containerImageCollection.enabled -- Enable collection of container image metadata - - # This parameter requires Agent version 7.46+ - enabled: true - - ## Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management - ## Examples: https://docs.datadoghq.com/agent/guide/secrets-management/#setup-examples-1 - secretBackend: - # datadog.secretBackend.command -- Configure the secret backend command, path to the secret backend binary. - - ## Note: If the command value is "/readsecret_multiple_providers.sh", and datadog.secretBackend.enableGlobalPermissions is enabled below, the agents will have permissions to get secret objects across the cluster. - ## Read more about "/readsecret_multiple_providers.sh": https://docs.datadoghq.com/agent/guide/secrets-management/#script-for-reading-from-multiple-secret-providers-readsecret_multiple_providerssh - command: # "/readsecret.sh" or "/readsecret_multiple_providers.sh" or any custom binary path - - # datadog.secretBackend.arguments -- Configure the secret backend command arguments (space-separated strings). - arguments: # "/etc/secret-volume" or any other custom arguments - - # datadog.secretBackend.timeout -- Configure the secret backend command timeout in seconds. - timeout: # 30 - - # datadog.secretBackend.enableGlobalPermissions -- Whether to create a global permission allowing Datadog agents to read all secrets when `datadog.secretBackend.command` is set to `"/readsecret_multiple_providers.sh"`. - enableGlobalPermissions: true - - # datadog.secretBackend.roles -- Creates roles for Datadog to read the specified secrets - replacing `datadog.secretBackend.enableGlobalPermissions`. - roles: [] - # - namespace: secret-location-namespace - # secrets: - # - secret-1 - # - secret-2 - - # datadog.securityContext -- Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment - securityContext: - runAsUser: 0 - # seLinuxOptions: - # user: "system_u" - # role: "system_r" - # type: "spc_t" - # level: "s0" - - # datadog.hostVolumeMountPropagation -- Allow to specify the `mountPropagation` value on all volumeMounts using HostPath - - ## ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation - hostVolumeMountPropagation: None - - # datadog.clusterName -- Set a unique cluster name to allow scoping hosts and Cluster Checks easily - - ## The name must be unique and must be dot-separated tokens with the following restrictions: - ## * Lowercase letters, numbers, and hyphens only. - ## * Must start with a letter. - ## * Must end with a number or a letter. - ## * Overall length should not be higher than 80 characters. - ## Compared to the rules of GKE, dots are allowed whereas they are not allowed on GKE: - ## https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.FIELDS.name - clusterName: # - - # datadog.site -- The site of the Datadog intake to send Agent data to. - # (documentation: https://docs.datadoghq.com/getting_started/site/) - - ## Set to 'datadoghq.com' to send data to the US1 site (default). - ## Set to 'datadoghq.eu' to send data to the EU site. - ## Set to 'us3.datadoghq.com' to send data to the US3 site. - ## Set to 'us5.datadoghq.com' to send data to the US5 site. - ## Set to 'ddog-gov.com' to send data to the US1-FED site. - site: # datadoghq.com - - # datadog.dd_url -- The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL - - ## Overrides the site setting defined in "site". - dd_url: # https://app.datadoghq.com - - # datadog.logLevel -- Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, off - logLevel: INFO - - # datadog.kubeStateMetricsEnabled -- If true, deploys the kube-state-metrics deployment - - ## ref: https://github.com/kubernetes/kube-state-metrics/tree/kube-state-metrics-helm-chart-2.13.2/charts/kube-state-metrics - # The kubeStateMetricsEnabled option will be removed in the 4.0 version of the Datadog Agent chart. - kubeStateMetricsEnabled: false - - kubeStateMetricsNetworkPolicy: - # datadog.kubeStateMetricsNetworkPolicy.create -- If true, create a NetworkPolicy for kube state metrics - create: false - - kubeStateMetricsCore: - # datadog.kubeStateMetricsCore.enabled -- Enable the kubernetes_state_core check in the Cluster Agent (Requires Cluster Agent 1.12.0+) - - ## ref: https://docs.datadoghq.com/integrations/kubernetes_state_core - enabled: true - - rbac: - # datadog.kubeStateMetricsCore.rbac.create -- If true, create & use RBAC resources - create: true - - # datadog.kubeStateMetricsCore.ignoreLegacyKSMCheck -- Disable the auto-configuration of legacy kubernetes_state check (taken into account only when datadog.kubeStateMetricsCore.enabled is true) - - ## Disabling this field is not recommended as it results in enabling both checks, it can be useful though during the migration phase. - ## Migration guide: https://docs.datadoghq.com/integrations/kubernetes_state_core/?tab=helm#migration-from-kubernetes_state-to-kubernetes_state_core - ignoreLegacyKSMCheck: true - - # datadog.kubeStateMetricsCore.collectSecretMetrics -- Enable watching secret objects and collecting their corresponding metrics kubernetes_state.secret.* - - ## Configuring this field will change the default kubernetes_state_core check configuration and the RBACs granted to Datadog Cluster Agent to run the kubernetes_state_core check. - collectSecretMetrics: true - - # datadog.kubeStateMetricsCore.collectVpaMetrics -- Enable watching VPA objects and collecting their corresponding metrics kubernetes_state.vpa.* - - ## Configuring this field will change the default kubernetes_state_core check configuration and the RBACs granted to Datadog Cluster Agent to run the kubernetes_state_core check. - collectVpaMetrics: false - - # datadog.kubeStateMetricsCore.useClusterCheckRunners -- For large clusters where the Kubernetes State Metrics Check Core needs to be distributed on dedicated workers. - - ## Configuring this field will create a separate deployment which will run Cluster Checks, including Kubernetes State Metrics Core. - ## If clusterChecksRunner.enabled is true, it's recommended to set this flag to true as well to better utilize dedicated workers and reduce load on the Cluster Agent. - ## ref: https://docs.datadoghq.com/agent/cluster_agent/clusterchecksrunner?tab=helm - useClusterCheckRunners: false - - # datadog.kubeStateMetricsCore.labelsAsTags -- Extra labels to collect from resources and to turn into datadog tag. - - ## It has the following structure: - ## labelsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes label and is the datadog tag - ## : - ## : - ## : - ## - ## Warning: the label must match the transformation done by kube-state-metrics, - ## for example tags.datadoghq.com/version becomes tags_datadoghq_com_version. - labelsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - # datadog.kubeStateMetricsCore.annotationsAsTags -- Extra annotations to collect from resources and to turn into datadog tag. - - ## It has the following structure: - ## annotationsAsTags: - ## : # can be pod, deployment, node, etc. - ## : # where is the kubernetes annotation and is the datadog tag - ## : - ## : - ## : - ## - ## Warning: the annotation must match the transformation done by kube-state-metrics, - ## for example tags.datadoghq.com/version becomes tags_datadoghq_com_version. - annotationsAsTags: {} - # pod: - # app: app - # node: - # zone: zone - # team: team - - ## Manage Cluster checks feature - - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - ## Autodiscovery via Kube Service annotations is automatically enabled - clusterChecks: - # datadog.clusterChecks.enabled -- Enable the Cluster Checks feature on both the cluster-agents and the daemonset - enabled: true - # datadog.clusterChecks.shareProcessNamespace -- Set the process namespace sharing on the cluster checks agent - shareProcessNamespace: false - - # datadog.nodeLabelsAsTags -- Provide a mapping of Kubernetes Node Labels to Datadog Tags - nodeLabelsAsTags: {} - # beta.kubernetes.io/instance-type: aws-instance-type - # kubernetes.io/role: kube_role - # : - - # datadog.podLabelsAsTags -- Provide a mapping of Kubernetes Labels to Datadog Tags - podLabelsAsTags: {} - # app: kube_app - # release: helm_release - # : - - # datadog.podAnnotationsAsTags -- Provide a mapping of Kubernetes Annotations to Datadog Tags - podAnnotationsAsTags: {} - # iam.amazonaws.com/role: kube_iamrole - # : - - # datadog.namespaceLabelsAsTags -- Provide a mapping of Kubernetes Namespace Labels to Datadog Tags - namespaceLabelsAsTags: {} - # env: environment - # : - - originDetectionUnified: - # datadog.originDetectionUnified.enabled -- Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). - enabled: false - - # datadog.tags -- List of static tags to attach to every metric, event and service check collected by this Agent. - - ## Learn more about tagging: https://docs.datadoghq.com/tagging/ - tags: [] - # - ":" - # - ":" - - # datadog.checksCardinality -- Sets the tag cardinality for the checks run by the Agent. - - ## ref: https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables - checksCardinality: # low, orchestrator or high (not set by default to avoid overriding existing DD_CHECKS_TAG_CARDINALITY configurations, the default value in the Agent is low) - - # kubelet configuration - kubelet: - # datadog.kubelet.host -- Override kubelet IP - host: - valueFrom: - fieldRef: - fieldPath: status.hostIP - # datadog.kubelet.tlsVerify -- Toggle kubelet TLS verification - # @default -- true - tlsVerify: # false - # datadog.kubelet.hostCAPath -- Path (on host) where the Kubelet CA certificate is stored - # @default -- None (no mount from host) - hostCAPath: - # datadog.kubelet.agentCAPath -- Path (inside Agent containers) where the Kubelet CA certificate is stored - # @default -- /var/run/host-kubelet-ca.crt if hostCAPath else /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - agentCAPath: - # datadog.kubelet.podLogsPath -- Path (on host) where the PODs logs are located - # @default -- /var/log/pods on Linux, C:\var\log\pods on Windows - podLogsPath: - - # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfer with the agentmetrics port from the cluster-agent, which defaults to 5000 - expvarPort: 6000 - - # Software Bill of Materials configuration - sbom: - containerImage: - # datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images - enabled: false - - # datadog.sbom.containerImage.uncompressedLayersSupport -- Use container runtime snapshotter - # This should be set to true when using EKS, GKE or if containerd is configured to - # discard uncompressed layers. - # This feature will cause the SYS_ADMIN capability to be added to the Agent container. - uncompressedLayersSupport: false - - host: - # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems - enabled: false - - ## dogstatsd configuration - - ## ref: https://docs.datadoghq.com/agent/kubernetes/dogstatsd/ - ## To emit custom metrics from your Kubernetes application, use DogStatsD. - dogstatsd: - # datadog.dogstatsd.port -- Override the Agent DogStatsD port - - ## Note: Make sure your client is sending to the same UDP port. - port: 8125 - - # datadog.dogstatsd.originDetection -- Enable origin detection for container tagging - - ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging - originDetection: false - - # datadog.dogstatsd.tags -- List of static tags to attach to every custom metric, event and service check collected by Dogstatsd. - - ## Learn more about tagging: https://docs.datadoghq.com/tagging/ - tags: [] - # - ":" - # - ":" - - # datadog.dogstatsd.tagCardinality -- Sets the tag cardinality relative to the origin detection - - ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging - tagCardinality: low - - # datadog.dogstatsd.useSocketVolume -- Enable dogstatsd over Unix Domain Socket with an HostVolume - - ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - useSocketVolume: true - - # datadog.dogstatsd.socketPath -- Path to the DogStatsD socket - socketPath: /var/run/datadog/dsd.socket - - # datadog.dogstatsd.hostSocketPath -- Host path to the DogStatsD socket - hostSocketPath: /var/run/datadog/ - - # datadog.dogstatsd.useHostPort -- Sets the hostPort to the same value of the container port - - ## Needs to be used for sending custom metrics. - ## The ports need to be available on all hosts. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - useHostPort: true - - # datadog.dogstatsd.useHostPID -- Run the agent in the host's PID namespace - ## DEPRECATED: use datadog.useHostPID instead. - - ## This is required for Dogstatsd origin detection to work. - ## See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - useHostPID: false - - # datadog.dogstatsd.nonLocalTraffic -- Enable this to make each node accept non-local statsd traffic (from outside of the pod) - - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - nonLocalTraffic: true - - # datadog.useHostPID -- Run the agent in the host's PID namespace, required for origin detection - # / unified service tagging - - ## This is required for Dogstatsd origin detection to work in dogstatsd and trace agent - ## See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - useHostPID: true - - # datadog.collectEvents -- Enables this to start event collection from the kubernetes API - - ## ref: https://docs.datadoghq.com/agent/kubernetes/#event-collection - collectEvents: true - - # Configure Kubernetes events collection - kubernetesEvents: - # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). - unbundleEvents: false - # datadog.kubernetesEvents.collectedEventTypes -- Collects Helm values from a release and uses them as tags (Requires Cluster Agent 7.42.0+). - # This requires datadog.kubernetesEvents.unbundleEvents to be set to true - collectedEventTypes: - # - kind: # (optional if `source`` is provided) - # source: # (optional if `kind`` is provided) - # reasons: # (optional) if empty accept all event reasons - # - - - kind: Pod - reasons: - - Failed - - BackOff - - Unhealthy - - FailedScheduling - - FailedMount - - FailedAttachVolume - - kind: Node - reasons: - - TerminatingEvictedPod - - NodeNotReady - - Rebooted - - HostPortConflict - - kind: CronJob - reasons: - - SawCompletedJob - - clusterTagger: - # datadog.clusterTagger.collectKubernetesTags -- Enables Kubernetes resources tags collection. - collectKubernetesTags: false - - # datadog.leaderElection -- Enables leader election mechanism for event collection - leaderElection: true - - # datadog.leaderLeaseDuration -- Set the lease time for leader election in second - leaderLeaseDuration: # 60 - - remoteConfiguration: - # datadog.remoteConfiguration.enabled -- Set to true to enable remote configuration. - enabled: false - - ## Enable logs agent and provide custom configs - logs: - # datadog.logs.enabled -- Enables this to activate Datadog Agent log collection - - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - enabled: false - - # datadog.logs.containerCollectAll -- Enable this to allow log collection for all containers - - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - containerCollectAll: true - - # datadog.logs.containerCollectUsingFiles -- Collect logs from files in /var/log/pods instead of using container runtime API - - ## It's usually the most efficient way of collecting logs. - ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - containerCollectUsingFiles: false - - # datadog.logs.autoMultiLineDetection -- Allows the Agent to detect common multi-line patterns automatically. - - ## ref: https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile#automatic-multi-line-aggregation - autoMultiLineDetection: false - - ## Enable apm agent and provide custom configs - apm: - instrumentation: - # datadog.apm.instrumentation.enabled -- Enable injecting the Datadog APM libraries into all pods in the cluster (beta). - enabled: false - - # datadog.apm.instrumentation.enabledNamespaces -- Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). - enabledNamespaces: [] - - # datadog.apm.instrumentation.disabledNamespaces -- Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). - disabledNamespaces: [] - - # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). - libVersions: {} - # datadog.apm.socketEnabled -- Enable APM over Socket (Unix Socket or windows named pipe) - - ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - socketEnabled: false - - # datadog.apm.portEnabled -- Enable APM over TCP communication (port 8126 by default) - - ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - portEnabled: true - - # datadog.apm.enabled -- Enable this to enable APM and tracing, on port 8126 - # DEPRECATED. Use datadog.apm.portEnabled instead - - ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host - enabled: false - - # datadog.apm.port -- Override the trace Agent port - - ## Note: Make sure your client is sending to the same UDP port. - port: 8126 - - # datadog.apm.useSocketVolume -- Enable APM over Unix Domain Socket - # DEPRECATED. Use datadog.apm.socketEnabled instead - - ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - useSocketVolume: false - - # datadog.apm.socketPath -- Path to the trace-agent socket - socketPath: /var/run/datadog/apm.socket - - # datadog.apm.hostSocketPath -- Host path to the trace-agent socket - hostSocketPath: /var/run/datadog/ - - ## OTLP ingest related configuration - otlp: - receiver: - protocols: - # datadog.otlp.receiver.protocols.grpc - OTLP/gRPC configuration - grpc: - # datadog.otlp.receiver.protocols.grpc.enabled -- Enable the OTLP/gRPC endpoint - enabled: false - # datadog.otlp.receiver.protocols.grpc.endpoint -- OTLP/gRPC endpoint - endpoint: "0.0.0.0:4317" - # datadog.otlp.receiver.protocols.grpc.useHostPort -- Enable the Host Port for the OTLP/gRPC endpoint - useHostPort: true - - # datadog.otlp.receiver.protocols.http - OTLP/HTTP configuration - http: - # datadog.otlp.receiver.protocols.http.enabled -- Enable the OTLP/HTTP endpoint - enabled: false - # datadog.otlp.receiver.protocols.http.endpoint -- OTLP/HTTP endpoint - endpoint: "0.0.0.0:4318" - # datadog.otlp.receiver.protocols.http.useHostPort -- Enable the Host Port for the OTLP/HTTP endpoint - useHostPort: true - - ## OTel collector is currently in preview. Please reach out to your Datadog representative for more information. - ## OTLP Ingest is the GA feature for sending OTLP data to Datadog Agent. - ## OTel collector related configuration - otelCollector: - # datadog.otelCollector.enabled -- Enable the OTel Collector - enabled: false - # datadog.otelCollector.ports -- Ports that OTel Collector is listening - ports: - - # Default GRPC port of OTLP receiver - - containerPort: "4317" - name: otel-grpc - # Default HTTP port of OTLP receiver - - containerPort: "4318" - name: otel-http - # datadog.otelCollector.config -- OTel collector configuration - config: null - - # datadog.envFrom -- Set environment variables for all Agents directly from configMaps and/or secrets - - ## envFrom to pass configmaps or secrets as environment - envFrom: [] - # - configMapRef: - # name: - # - secretRef: - # name: - - # datadog.env -- Set environment variables for all Agents - - ## The Datadog Agent supports many environment variables. - ## ref: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables - env: {} - # - name: - # value: - - # datadog.envDict -- Set environment variables for all Agents defined in a dict - envDict: {} - # : - - # datadog.confd -- Provide additional check configurations (static and Autodiscovery) - - ## Each key becomes a file in /conf.d - ## ref: https://github.com/DataDog/datadog-agent/tree/main/Dockerfiles/agent#optional-volumes - ## ref: https://docs.datadoghq.com/agent/autodiscovery/ - confd: {} - # redisdb.yaml: |- - # init_config: - # instances: - # - host: "name" - # port: "6379" - # kubernetes_state.yaml: |- - # ad_identifiers: - # - kube-state-metrics - # init_config: - # instances: - # - kube_state_url: http://%%host%%:8080/metrics - - # datadog.checksd -- Provide additional custom checks as python code - - ## Each key becomes a file in /checks.d - ## ref: https://github.com/DataDog/datadog-agent/tree/main/Dockerfiles/agent#optional-volumes - checksd: {} - # service.py: |- - - # datadog.dockerSocketPath -- Path to the docker socket - dockerSocketPath: # /var/run/docker.sock - - # datadog.criSocketPath -- Path to the container runtime socket (if different from Docker) - criSocketPath: # /var/run/containerd/containerd.sock - - # Configure how the agent interact with the host's container runtime - containerRuntimeSupport: - # datadog.containerRuntimeSupport.enabled -- Set this to false to disable agent access to container runtime. - enabled: true - - ## Enable process agent and provide custom configs - processAgent: - # datadog.processAgent.enabled -- Set this to true to enable live process monitoring agent - - ## Note: /etc/passwd is automatically mounted to allow username resolution. - ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset - enabled: true - - # datadog.processAgent.processCollection -- Set this to true to enable process collection in process monitoring agent - - ## Requires processAgent.enabled to be set to true to have any effect - processCollection: false - - # datadog.processAgent.stripProcessArguments -- Set this to scrub all arguments from collected processes - - ## Requires processAgent.enabled and processAgent.processCollection to be set to true to have any effect - ## ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing - stripProcessArguments: false - - # datadog.processAgent.processDiscovery -- Enables or disables autodiscovery of integrations - processDiscovery: true - - # datadog.osReleasePath -- Specify the path to your os-release file - osReleasePath: /etc/os-release - - ## Enable systemProbe agent and provide custom configs - systemProbe: - - # datadog.systemProbe.debugPort -- Specify the port to expose pprof and expvar for system-probe agent - debugPort: 0 - - # datadog.systemProbe.enableConntrack -- Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data - - ## ref: http://conntrack-tools.netfilter.org/ - enableConntrack: true - - # datadog.systemProbe.seccomp -- Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges - - ## Note that this will break `kubectl exec … -c system-probe -- /bin/bash` - seccomp: localhost/system-probe - - # datadog.systemProbe.seccompRoot -- Specify the seccomp profile root directory - seccompRoot: /var/lib/kubelet/seccomp - - # datadog.systemProbe.bpfDebug -- Enable logging for kernel debug - bpfDebug: false - - # datadog.systemProbe.apparmor -- Specify a apparmor profile for system-probe - apparmor: unconfined - - # datadog.systemProbe.enableTCPQueueLength -- Enable the TCP queue length eBPF-based check - enableTCPQueueLength: false - - # datadog.systemProbe.enableOOMKill -- Enable the OOM kill eBPF-based check - enableOOMKill: false - - # datadog.systemProbe.mountPackageManagementDirs -- Enables mounting of specific package management directories when runtime compilation is enabled - mountPackageManagementDirs: [] - ## For runtime compilation to be able to download kernel headers, the host's package management folders - ## must be mounted to the /host directory. For example, for Ubuntu & Debian the following mount would be necessary: - # - name: "apt-config-dir" - # hostPath: /etc/apt - # mountPath: /host/etc/apt - ## If this list is empty, then all necessary package management directories (for all supported OSs) will be mounted. - - # datadog.systemProbe.runtimeCompilationAssetDir -- Specify a directory for runtime compilation assets to live in - runtimeCompilationAssetDir: /var/tmp/datadog-agent/system-probe - - # datadog.systemProbe.btfPath -- Specify the path to a BTF file for your kernel - btfPath: "" - - # datadog.systemProbe.collectDNSStats -- Enable DNS stat collection - collectDNSStats: true - - # datadog.systemProbe.maxTrackedConnections -- the maximum number of tracked connections - maxTrackedConnections: 131072 - - # datadog.systemProbe.conntrackMaxStateSize -- the maximum size of the userspace conntrack cache - conntrackMaxStateSize: 131072 # 2 * maxTrackedConnections by default, per https://github.com/DataDog/datadog-agent/blob/d1c5de31e1bba72dfac459aed5ff9562c3fdcc20/pkg/process/config/config.go#L229 - - # datadog.systemProbe.conntrackInitTimeout -- the time to wait for conntrack to initialize before failing - conntrackInitTimeout: 10s - - # datadog.systemProbe.enableDefaultOsReleasePaths -- enable default os-release files mount - enableDefaultOsReleasePaths: true - - # datadog.systemProbe.enableDefaultKernelHeadersPaths -- Enable mount of default paths where kernel headers are stored - enableDefaultKernelHeadersPaths: true - - orchestratorExplorer: - # datadog.orchestratorExplorer.enabled -- Set this to false to disable the orchestrator explorer - - ## This requires processAgent.enabled and clusterAgent.enabled to be set to true - ## ref: TODO - add doc link - enabled: true - - # datadog.orchestratorExplorer.container_scrubbing -- Enable the scrubbing of containers in the kubernetes resource YAML for sensitive information - - ## The container scrubbing is taking significant resources during data collection. - ## If you notice that the cluster-agent uses too much CPU in larger clusters - ## turning this option off will improve the situation. - container_scrubbing: - enabled: true - customResources: [] - - helmCheck: - # datadog.helmCheck.enabled -- Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) - # This requires clusterAgent.enabled to be set to true - enabled: false - - # datadog.helmCheck.collectEvents -- Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) - # This requires datadog.HelmCheck.enabled to be set to true - collectEvents: false - - # datadog.helmCheck.valuesAsTags -- Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). - # This requires datadog.HelmCheck.enabled to be set to true - valuesAsTags: {} - # : - - networkMonitoring: - # datadog.networkMonitoring.enabled -- Enable network performance monitoring - enabled: false - - ## Universal Service Monitoring is currently in private beta. - - ## See https://www.datadoghq.com/blog/universal-service-monitoring-datadog/ for more details and private beta signup. - serviceMonitoring: - # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring - enabled: false - - ## Enable security agent and provide custom configs - securityAgent: - compliance: - # datadog.securityAgent.compliance.enabled -- Set to true to enable Cloud Security Posture Management (CSPM) - enabled: false - - # datadog.securityAgent.compliance.configMap -- Contains CSPM compliance benchmarks that will be used - configMap: - - # datadog.securityAgent.compliance.checkInterval -- Compliance check run interval - checkInterval: 20m - xccdf: - enabled: false - - runtime: - # datadog.securityAgent.runtime.enabled -- Set to true to enable Cloud Workload Security (CWS) - enabled: false - - # datadog.securityAgent.runtime.fimEnabled -- Set to true to enable Cloud Workload Security (CWS) File Integrity Monitoring - fimEnabled: false - - policies: - # datadog.securityAgent.runtime.policies.configMap -- Contains CWS policies that will be used - configMap: - - syscallMonitor: - # datadog.securityAgent.runtime.syscallMonitor.enabled -- Set to true to enable the Syscall monitoring (recommended for troubleshooting only) - enabled: false - - network: - # datadog.securityAgent.runtime.network.enabled -- Set to true to enable the collection of CWS network events - enabled: true - - activityDump: - # datadog.securityAgent.runtime.activityDump.enabled -- Set to true to enable the collection of CWS activity dumps - enabled: true - - # datadog.securityAgent.runtime.activityDump.tracedCgroupsCount -- Set to the number of containers that should be traced concurrently - tracedCgroupsCount: 3 - - # datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout -- Set to the desired duration of a single container tracing (in minutes) - cgroupDumpTimeout: 20 - - # datadog.securityAgent.runtime.activityDump.cgroupWaitListSize -- Set to the size of the wait list for already traced containers - cgroupWaitListSize: 0 - - pathMerge: - # datadog.securityAgent.runtime.activityDump.pathMerge.enabled -- Set to true to enable the merging of similar paths - enabled: false - - ## Manage NetworkPolicy - networkPolicy: - # datadog.networkPolicy.create -- If true, create NetworkPolicy for all the components - create: false - - # datadog.networkPolicy.flavor -- Flavor of the network policy to use. - # Can be: - # * kubernetes for networking.k8s.io/v1/NetworkPolicy - # * cilium for cilium.io/v2/CiliumNetworkPolicy - flavor: kubernetes - - cilium: - # datadog.networkPolicy.cilium.dnsSelector -- Cilium selector of the DNS server entity - # @default -- kube-dns in namespace kube-system - dnsSelector: - toEndpoints: - - matchLabels: - "k8s:io.kubernetes.pod.namespace": kube-system - "k8s:k8s-app": kube-dns - - ## Configure prometheus scraping autodiscovery - - ## ref: https://docs.datadoghq.com/agent/kubernetes/prometheus/ - prometheusScrape: - # datadog.prometheusScrape.enabled -- Enable autodiscovering pods and services exposing prometheus metrics. - enabled: false - # datadog.prometheusScrape.serviceEndpoints -- Enable generating dedicated checks for service endpoints. - serviceEndpoints: false - # datadog.prometheusScrape.additionalConfigs -- Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) - additionalConfigs: [] - # - - # autodiscovery: - # kubernetes_annotations: - # include: - # custom_include_label: 'true' - # exclude: - # custom_exclude_label: 'true' - # kubernetes_container_names: - # - my-app - # configurations: - # - send_distribution_buckets: true - # timeout: 5 - # datadog.prometheusScrape.version -- Version of the openmetrics check to schedule by default. - - # See https://datadoghq.dev/integrations-core/legacy/prometheus/#config-changes-between-versions for the differences between the two versions. - # (Version 2 requires Agent version 7.34+) - version: 2 - - # datadog.ignoreAutoConfig -- List of integration to ignore auto_conf.yaml. - - ## ref: https://docs.datadoghq.com/agent/faq/auto_conf/ - ignoreAutoConfig: [] - # - redisdb - # - kubernetes_state - - # datadog.containerExclude -- Exclude containers from the Agent - # Autodiscovery, as a space-sepatered list - - ## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#exclude-containers - containerExclude: 'kube_namespace:cert-manager kube_namespace:ingress-nginx kube_namespace:kube-system kube_namespace:monitoring kube_namespace:porter-agent-system kube_namespace:telemetry image:^gcr.io/datadoghq/agent:.*' - - # datadog.containerInclude -- Include containers in the Agent Autodiscovery, - # as a space-separated list. If a container matches an include rule, it’s - # always included in the Autodiscovery - - ## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#include-containers - containerInclude: null - - # datadog.containerExcludeLogs -- Exclude logs from the Agent Autodiscovery, - # as a space-separated list - containerExcludeLogs: 'kube_namespace:cert-manager kube_namespace:ingress-nginx kube_namespace:kube-system kube_namespace:monitoring kube_namespace:porter-agent-system kube_namespace:telemetry image:^gcr.io/datadoghq/agent:.*' - - # datadog.containerIncludeLogs -- Include logs in the Agent Autodiscovery, as - # a space-separated list - containerIncludeLogs: null - - # datadog.containerExcludeMetrics -- Exclude metrics from the Agent - # Autodiscovery, as a space-separated list - containerExcludeMetrics: 'kube_namespace:cert-manager kube_namespace:ingress-nginx kube_namespace:kube-system kube_namespace:monitoring kube_namespace:porter-agent-system kube_namespace:telemetry image:^gcr.io/datadoghq/agent:.*' - - # datadog.containerIncludeMetrics -- Include metrics in the Agent - # Autodiscovery, as a space-separated list - containerIncludeMetrics: null - - # datadog.excludePauseContainer -- Exclude pause containers from the Agent Autodiscovery. - - ## ref: https://docs.datadoghq.com/agent/guide/autodiscovery-management/?tab=containerizedagent#pause-containers - excludePauseContainer: true - ## This is the Datadog Cluster Agent implementation that handles cluster-wide ## metrics more cleanly, separates concerns for better rbac, and implements ## the external metrics API so you can autoscale HPAs based on datadog metrics @@ -1457,19 +635,19 @@ datadog: # datadog.logs.containerCollectAll -- Enable this to allow log collection for all containers ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - containerCollectAll: false + containerCollectAll: true # datadog.logs.containerCollectUsingFiles -- Collect logs from files in /var/log/pods instead of using container runtime API ## It's usually the most efficient way of collecting logs. ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - containerCollectUsingFiles: true + containerCollectUsingFiles: false # datadog.logs.autoMultiLineDetection -- Allows the Agent to detect common multi-line patterns automatically. ## ref: https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile#automatic-multi-line-aggregation autoMultiLineDetection: false - + ## Enable apm agent and provide custom configs ## ## APM is enabled by default. If local service Internal Traffic Policy is allowed (Kubernetes v1.22+), the agent service is created with the APM local traceport. @@ -1477,12 +655,12 @@ datadog: # datadog.apm.socketEnabled -- Enable APM over Socket (Unix Socket or windows named pipe) ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - socketEnabled: true + socketEnabled: false # datadog.apm.portEnabled -- Enable APM over TCP communication (hostPort 8126 by default) ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ - portEnabled: false + portEnabled: true # datadog.apm.useLocalService -- Enable APM over TCP communication to use the local service only (requires Kubernetes v1.22+) # Note: The hostPort 8126 is disabled when this is enabled.