-
Notifications
You must be signed in to change notification settings - Fork 99
/
datadogagent_types.go
1040 lines (870 loc) · 41.1 KB
/
datadogagent_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
package v2alpha1
import (
securityv1 "github.com/openshift/api/security/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
commonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
)
// ComponentName is the name of a Deployment Component
type ComponentName string
const (
// NodeAgentComponentName is the name of the Datadog Node Agent
NodeAgentComponentName ComponentName = "nodeAgent"
// ClusterAgentComponentName is the name of the Cluster Agent
ClusterAgentComponentName ComponentName = "clusterAgent"
// ClusterChecksRunnerComponentName is the name of the Cluster Check Runner
ClusterChecksRunnerComponentName ComponentName = "clusterChecksRunner"
)
// DatadogAgentSpec defines the desired state of DatadogAgent
type DatadogAgentSpec struct {
// Features running on the Agent and Cluster Agent
// +optional
Features *DatadogFeatures `json:"features,omitempty"`
// Global settings to configure the agents
// +optional
Global *GlobalConfig `json:"global,omitempty"`
// Override the default configurations of the agents
// +optional
Override map[ComponentName]*DatadogAgentComponentOverride `json:"override,omitempty"`
}
// DatadogFeatures are features running on the Agent and Cluster Agent.
// +k8s:openapi-gen=true
type DatadogFeatures struct {
// Application-level features
// LogCollection configuration.
LogCollection *LogCollectionFeatureConfig `json:"logCollection,omitempty"`
// LiveProcessCollection configuration.
LiveProcessCollection *LiveProcessCollectionFeatureConfig `json:"liveProcessCollection,omitempty"`
// LiveContainerCollection configuration.
LiveContainerCollection *LiveContainerCollectionFeatureConfig `json:"liveContainerCollection,omitempty"`
// OOMKill configuration.
OOMKill *OOMKillFeatureConfig `json:"oomKill,omitempty"`
// TCPQueueLength configuration.
TCPQueueLength *TCPQueueLengthFeatureConfig `json:"tcpQueueLength,omitempty"`
// APM (Application Performance Monitoring) configuration.
APM *APMFeatureConfig `json:"apm,omitempty"`
// CSPM (Cloud Security Posture Management) configuration.
CSPM *CSPMFeatureConfig `json:"cspm,omitempty"`
// CWS (Cloud Workload Security) configuration.
CWS *CWSFeatureConfig `json:"cws,omitempty"`
// NPM (Network Performance Monitoring) configuration.
NPM *NPMFeatureConfig `json:"npm,omitempty"`
// USM (Universal Service Monitoring) configuration.
USM *USMFeatureConfig `json:"usm,omitempty"`
// Dogstatsd configuration.
Dogstatsd *DogstatsdFeatureConfig `json:"dogstatsd,omitempty"`
// OTLP ingest configuration
OTLP *OTLPFeatureConfig `json:"otlp,omitempty"`
// Remote Configuration configuration.
RemoteConfiguration *RemoteConfigurationFeatureConfig `json:"remoteConfiguration,omitempty"`
// Cluster-level features
// EventCollection configuration.
EventCollection *EventCollectionFeatureConfig `json:"eventCollection,omitempty"`
// OrchestratorExplorer check configuration.
OrchestratorExplorer *OrchestratorExplorerFeatureConfig `json:"orchestratorExplorer,omitempty"`
// KubeStateMetricsCore check configuration.
KubeStateMetricsCore *KubeStateMetricsCoreFeatureConfig `json:"kubeStateMetricsCore,omitempty"`
// AdmissionController configuration.
AdmissionController *AdmissionControllerFeatureConfig `json:"admissionController,omitempty"`
// ExternalMetricsServer configuration.
ExternalMetricsServer *ExternalMetricsServerFeatureConfig `json:"externalMetricsServer,omitempty"`
// ClusterChecks configuration.
ClusterChecks *ClusterChecksFeatureConfig `json:"clusterChecks,omitempty"`
// PrometheusScrape configuration.
PrometheusScrape *PrometheusScrapeFeatureConfig `json:"prometheusScrape,omitempty"`
}
// Configuration structs for each feature in DatadogFeatures. All parameters are optional and have default values when necessary.
// Note: configuration in DatadogAgentSpec.Override takes precedence.
// APMFeatureConfig contains APM (Application Performance Monitoring) configuration.
// APM runs in the Trace Agent.
type APMFeatureConfig struct {
// Enabled enables Application Performance Monitoring.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// HostPortConfig contains host port configuration.
// Enabled Default: false
// Port Default: 8126
// +optional
HostPortConfig *HostPortConfig `json:"hostPortConfig,omitempty"`
// UnixDomainSocketConfig contains socket configuration.
// See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables
// Enabled Default: true
// Path Default: `/var/run/datadog/apm.socket`
// +optional
UnixDomainSocketConfig *UnixDomainSocketConfig `json:"unixDomainSocketConfig,omitempty"`
}
// LogCollectionFeatureConfig contains Logs configuration.
// Logs collection is run in the Agent.
type LogCollectionFeatureConfig struct {
// Enabled enables Log collection.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// ContainerCollectAll enables Log collection from all containers.
// Default: false
// +optional
ContainerCollectAll *bool `json:"containerCollectAll,omitempty"`
// ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API.
// Collecting logs from files is usually the most efficient way of collecting logs.
// See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup
// Default: true
// +optional
ContainerCollectUsingFiles *bool `json:"containerCollectUsingFiles,omitempty"`
// ContainerLogsPath allows log collection from the container log path.
// Set to a different path if you are not using the Docker runtime.
// See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest
// Default: `/var/lib/docker/containers`
// +optional
ContainerLogsPath *string `json:"containerLogsPath,omitempty"`
// PodLogsPath allows log collection from a pod log path.
// Default: `/var/log/pods`
// +optional
PodLogsPath *string `json:"podLogsPath,omitempty"`
// ContainerSymlinksPath allows log collection to use symbolic links in this directory to validate container ID -> pod.
// Default: `/var/log/containers`
// +optional
ContainerSymlinksPath *string `json:"containerSymlinksPath,omitempty"`
// TempStoragePath (always mounted from the host) is used by the Agent to store information about processed log files.
// If the Agent is restarted, it starts tailing the log files immediately.
// Default: `/var/lib/datadog-agent/logs`
// +optional
TempStoragePath *string `json:"tempStoragePath,omitempty"`
// OpenFilesLimit sets the maximum number of log files that the Datadog Agent tails.
// Increasing this limit can increase resource consumption of the Agent.
// See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup
// Default: 100
// +optional
OpenFilesLimit *int32 `json:"openFilesLimit,omitempty"`
}
// LiveProcessCollectionFeatureConfig contains Process Collection configuration.
// Process Collection is run in the Process Agent.
type LiveProcessCollectionFeatureConfig struct {
// Enabled enables Process monitoring.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ).
// Default: true
// +optional
ScrubProcessArguments *bool `json:"scrubProcessArguments,omitempty"`
// StripProcessArguments enables stripping of all process arguments.
// Default: false
// +optional
StripProcessArguments *bool `json:"stripProcessArguments,omitempty"`
}
// LiveContainerCollectionFeatureConfig contains Container Collection configuration.
// Container Collection is run in the Process Agent.
type LiveContainerCollectionFeatureConfig struct {
// Enables container collection for the Live Container View.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// OOMKillFeatureConfig configures the OOM Kill monitoring feature.
type OOMKillFeatureConfig struct {
// Enables the OOMKill eBPF-based check.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// TCPQueueLengthFeatureConfig configures the TCP queue length monitoring feature.
type TCPQueueLengthFeatureConfig struct {
// Enables the TCP queue length eBPF-based check.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// CSPMFeatureConfig contains CSPM (Cloud Security Posture Management) configuration.
// CSPM runs in the Security Agent and Cluster Agent.
type CSPMFeatureConfig struct {
// Enabled enables Cloud Security Posture Management.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// CheckInterval defines the check interval.
// +optional
CheckInterval *metav1.Duration `json:"checkInterval,omitempty"`
// CustomBenchmarks contains CSPM benchmarks.
// The content of the ConfigMap will be merged with the benchmarks bundled with the agent.
// Any benchmarks with the same name as those existing in the agent will take precedence.
// +optional
CustomBenchmarks *CustomConfig `json:"customBenchmarks,omitempty"`
}
// CWSFeatureConfig contains CWS (Cloud Workload Security) configuration.
// CWS runs in the Security Agent.
type CWSFeatureConfig struct {
// Enabled enables Cloud Workload Security.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// SyscallMonitorEnabled enables Syscall Monitoring (recommended for troubleshooting only).
// Default: false
// +optional
SyscallMonitorEnabled *bool `json:"syscallMonitorEnabled,omitempty"`
Network *CWSNetworkConfig `json:"network,omitempty"`
SecurityProfiles *CWSSecurityProfilesConfig `json:"securityProfiles,omitempty"`
// CustomPolicies contains security policies.
// The content of the ConfigMap will be merged with the policies bundled with the agent.
// Any policies with the same name as those existing in the agent will take precedence.
// +optional
CustomPolicies *CustomConfig `json:"customPolicies,omitempty"`
}
type CWSNetworkConfig struct {
// Enabled enables Cloud Workload Security Network detections.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
type CWSSecurityProfilesConfig struct {
// Enabled enables Security Profiles collection for Cloud Workload Security.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// RemoteConfigurationFeatureConfig contains RC (Remote Configuration) configuration.
// RC runs in the Agent.
type RemoteConfigurationFeatureConfig struct {
// Enable this option to activate Remote Configuration.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// NPMFeatureConfig contains NPM (Network Performance Monitoring) feature configuration.
// Network Performance Monitoring runs in the System Probe and Process Agent.
type NPMFeatureConfig struct {
// Enabled enables Network Performance Monitoring.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// EnableConntrack enables the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data.
// See also: http://conntrack-tools.netfilter.org/
// Default: false
// +optional
EnableConntrack *bool `json:"enableConntrack,omitempty"`
// CollectDNSStats enables DNS stat collection.
// Default: false
// +optional
CollectDNSStats *bool `json:"collectDNSStats,omitempty"`
}
// USMFeatureConfig contains USM (Universal Service Monitoring) feature configuration.
// Universal Service Monitoring runs in the Process Agent and System Probe.
type USMFeatureConfig struct {
// Enabled enables Universal Service Monitoring.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// DogstatsdFeatureConfig contains the Dogstatsd configuration parameters.
// +k8s:openapi-gen=true
type DogstatsdFeatureConfig struct {
// OriginDetectionEnabled enables origin detection for container tagging.
// See also: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging
// +optional
OriginDetectionEnabled *bool `json:"originDetectionEnabled,omitempty"`
// HostPortConfig contains host port configuration.
// Enabled Default: false
// Port Default: 8125
// +optional
HostPortConfig *HostPortConfig `json:"hostPortConfig,omitempty"`
// UnixDomainSocketConfig contains socket configuration.
// See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables
// Enabled Default: true
// Path Default: `/var/run/datadog/dsd.socket`
// +optional
UnixDomainSocketConfig *UnixDomainSocketConfig `json:"unixDomainSocketConfig,omitempty"`
// Configure the Dogstasd Mapper Profiles.
// Can be passed as raw data or via a json encoded string in a config map.
// See also: https://docs.datadoghq.com/developers/dogstatsd/dogstatsd_mapper/
// +optional
MapperProfiles *CustomConfig `json:"mapperProfiles,omitempty"`
}
// OTLPFeatureConfig contains configuration for OTLP ingest.
// +k8s:openapi-gen=true
type OTLPFeatureConfig struct {
// Receiver contains configuration for the OTLP ingest receiver.
Receiver OTLPReceiverConfig `json:"receiver,omitempty"`
}
// OTLPReceiverConfig contains configuration for the OTLP ingest receiver.
// +k8s:openapi-gen=true
type OTLPReceiverConfig struct {
// Protocols contains configuration for the OTLP ingest receiver protocols.
Protocols OTLPProtocolsConfig `json:"protocols,omitempty"`
}
// OTLPProtocolsConfig contains configuration for the OTLP ingest receiver protocols.
// +k8s:openapi-gen=true
type OTLPProtocolsConfig struct {
// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver.
// +optional
GRPC *OTLPGRPCConfig `json:"grpc,omitempty"`
// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver.
// +optional
HTTP *OTLPHTTPConfig `json:"http,omitempty"`
}
// OTLPGRPCConfig contains configuration for the OTLP ingest OTLP/gRPC receiver.
// +k8s:openapi-gen=true
type OTLPGRPCConfig struct {
// Enable the OTLP/gRPC endpoint.
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Endpoint for OTLP/gRPC.
// gRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md
// The Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`).
// Default: `0.0.0.0:4317`.
// +optional
Endpoint *string `json:"endpoint,omitempty"`
}
// OTLPHTTPConfig contains configuration for the OTLP ingest OTLP/HTTP receiver.
// +k8s:openapi-gen=true
type OTLPHTTPConfig struct {
// Enable the OTLP/HTTP endpoint.
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Endpoint for OTLP/HTTP.
// Default: '0.0.0.0:4318'.
// +optional
Endpoint *string `json:"endpoint,omitempty"`
}
// EventCollectionFeatureConfig contains the Event Collection configuration.
// +k8s:openapi-gen=true
type EventCollectionFeatureConfig struct {
// CollectKubernetesEvents enables Kubernetes event collection.
// Default: true
CollectKubernetesEvents *bool `json:"collectKubernetesEvents,omitempty"`
}
// OrchestratorExplorerFeatureConfig contains the Orchestrator Explorer check feature configuration.
// The Orchestrator Explorer check runs in the Process and Cluster Agents (or Cluster Check Runners).
// See also: https://docs.datadoghq.com/infrastructure/livecontainers/#kubernetes-resources
// +k8s:openapi-gen=true
type OrchestratorExplorerFeatureConfig struct {
// Enabled enables the Orchestrator Explorer.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Conf overrides the configuration for the default Orchestrator Explorer check.
// This must point to a ConfigMap containing a valid cluster check configuration.
// +optional
Conf *CustomConfig `json:"conf,omitempty"`
// ScrubContainers enables scrubbing of sensitive container data (passwords, tokens, etc. ).
// Default: true
// +optional
ScrubContainers *bool `json:"scrubContainers,omitempty"`
// `CustomResources` defines custom resources for the orchestrator explorer to collect.
// Each item should follow the convention `group/version/kind`. For example, `datadoghq.com/v1alpha1/datadogmetrics`.
// +optional
// +listType=set
CustomResources []string `json:"customResources,omitempty"`
// Additional tags to associate with the collected data in the form of `a b c`.
// This is a Cluster Agent option distinct from DD_TAGS that is used in the Orchestrator Explorer.
// +optional
// +listType=set
ExtraTags []string `json:"extraTags,omitempty"`
// Override the API endpoint for the Orchestrator Explorer.
// URL Default: "https://orchestrator.datadoghq.com".
// +optional
DDUrl *string `json:"ddUrl,omitempty"`
}
// KubeStateMetricsCoreFeatureConfig contains the Kube State Metrics Core check feature configuration.
// The Kube State Metrics Core check runs in the Cluster Agent (or Cluster Check Runners).
// See also: https://docs.datadoghq.com/integrations/kubernetes_state_core
// +k8s:openapi-gen=true
type KubeStateMetricsCoreFeatureConfig struct {
// Enabled enables Kube State Metrics Core.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Conf overrides the configuration for the default Kubernetes State Metrics Core check.
// This must point to a ConfigMap containing a valid cluster check configuration.
// +optional
Conf *CustomConfig `json:"conf,omitempty"`
}
// AdmissionControllerFeatureConfig contains the Admission Controller feature configuration.
// The Admission Controller runs in the Cluster Agent.
type AdmissionControllerFeatureConfig struct {
// Enabled enables the Admission Controller.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'.
// Default: false
// +optional
MutateUnlabelled *bool `json:"mutateUnlabelled,omitempty"`
// ServiceName corresponds to the webhook service name.
// +optional
ServiceName *string `json:"serviceName,omitempty"`
// AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent.
// It can be "hostip", "service", or "socket".
// +optional
AgentCommunicationMode *string `json:"agentCommunicationMode,omitempty"`
// FailurePolicy determines how unrecognized and timeout errors are handled.
// +optional
FailurePolicy *string `json:"failurePolicy,omitempty"`
}
// ExternalMetricsServerFeatureConfig contains the External Metrics Server feature configuration.
// The External Metrics Server runs in the Cluster Agent.
type ExternalMetricsServerFeatureConfig struct {
// Enabled enables the External Metrics Server.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// WPAController enables the informer and controller of the Watermark Pod Autoscaler.
// NOTE: The Watermark Pod Autoscaler controller needs to be installed.
// See also: https://github.com/DataDog/watermarkpodautoscaler.
// Default: false
// +optional
WPAController *bool `json:"wpaController,omitempty"`
// UseDatadogMetrics enables usage of the DatadogMetrics CRD (allowing one to scale on arbitrary Datadog metric queries).
// Default: true
// +optional
UseDatadogMetrics *bool `json:"useDatadogMetrics,omitempty"`
// Port specifies the metricsProvider External Metrics Server service port.
// Default: 8443
// +optional
Port *int32 `json:"port,omitempty"`
// Override the API endpoint for the External Metrics Server.
// URL Default: "https://app.datadoghq.com".
// +optional
Endpoint *Endpoint `json:"endpoint,omitempty"`
}
// ClusterChecksFeatureConfig contains the Cluster Checks feature configuration.
// Cluster Checks are picked up and scheduled by the Cluster Agent.
// Cluster Checks Runners are Agents dedicated to running Cluster Checks dispatched by the Cluster Agent.
// (If Cluster Checks Runners are not activated, checks are dispatched to Node Agents).
type ClusterChecksFeatureConfig struct {
// Enables Cluster Checks scheduling in the Cluster Agent.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Enabled enables Cluster Checks Runners to run all Cluster Checks.
// Default: false
// +optional
UseClusterChecksRunners *bool `json:"useClusterChecksRunners,omitempty"`
}
// PrometheusScrapeFeatureConfig allows configuration of the Prometheus Autodiscovery feature.
// +k8s:openapi-gen=true
type PrometheusScrapeFeatureConfig struct {
// Enable autodiscovery of pods and services exposing Prometheus metrics.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// EnableServiceEndpoints enables generating dedicated checks for service endpoints.
// Default: false
// +optional
EnableServiceEndpoints *bool `json:"enableServiceEndpoints,omitempty"`
// AdditionalConfigs allows adding advanced Prometheus check configurations with custom discovery rules.
// +optional
AdditionalConfigs *string `json:"additionalConfigs,omitempty"`
// Version specifies the version of the OpenMetrics check.
// Default: 2
// +optional
Version *int `json:"version,omitempty"`
}
// Generic support structs
// HostPortConfig contains host port configuration.
type HostPortConfig struct {
// Enabled enables host port configuration
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)
// If HostNetwork is enabled, this value must match the ContainerPort.
// +optional
Port *int32 `json:"hostPort,omitempty"`
}
// UnixDomainSocketConfig contains the Unix Domain Socket configuration.
// +k8s:openapi-gen=true
type UnixDomainSocketConfig struct {
// Enabled enables Unix Domain Socket.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Path defines the socket path used when enabled.
// +optional
Path *string `json:"path,omitempty"`
}
// Endpoint configures an endpoint and its associated Datadog credentials.
type Endpoint struct {
// URL defines the endpoint URL.
URL *string `json:"url,omitempty"`
// Credentials defines the Datadog credentials used to submit data to/query data from Datadog.
Credentials *DatadogCredentials `json:"credentials,omitempty"`
}
// CustomConfig provides a place for custom configuration of the Agent or Cluster Agent, corresponding to datadog.yaml,
// system-probe.yaml, security-agent.yaml or datadog-cluster.yaml.
// The configuration can be provided in the ConfigData field as raw data, or referenced in a ConfigMap.
// Note: `ConfigData` and `ConfigMap` cannot be set together.
// +k8s:openapi-gen=true
type CustomConfig struct {
// ConfigData corresponds to the configuration file content.
ConfigData *string `json:"configData,omitempty"`
// ConfigMap references an existing ConfigMap with the configuration file content.
ConfigMap *commonv1.ConfigMapConfig `json:"configMap,omitempty"`
}
// MultiCustomConfig provides a place for custom configuration of the Agent or Cluster Agent, corresponding to /confd/*.yaml.
// The configuration can be provided in the ConfigDataMap field as raw data, or referenced in a single ConfigMap.
// Note: `ConfigDataMap` and `ConfigMap` cannot be set together.
// +k8s:openapi-gen=true
type MultiCustomConfig struct {
// ConfigDataMap corresponds to the content of the configuration files.
// They key should be the filename the contents get mounted to; for instance check.py or check.yaml.
ConfigDataMap map[string]string `json:"configDataMap,omitempty"`
// ConfigMap references an existing ConfigMap with the content of the configuration files.
ConfigMap *commonv1.ConfigMapConfig `json:"configMap,omitempty"`
}
// GlobalConfig is a set of parameters that are used to configure all the components of the Datadog Operator.
type GlobalConfig struct {
// Credentials defines the Datadog credentials used to submit data to/query data from Datadog.
Credentials *DatadogCredentials `json:"credentials,omitempty"`
// ClusterAgentToken is the token for communication between the NodeAgent and ClusterAgent.
ClusterAgentToken *string `json:"clusterAgentToken,omitempty"`
// ClusterAgentTokenSecret is the secret containing the Cluster Agent token.
ClusterAgentTokenSecret *commonv1.SecretConfig `json:"clusterAgentTokenSecret,omitempty"`
// ClusterName sets a unique cluster name for the deployment to easily scope monitoring data in the Datadog app.
// +optional
ClusterName *string `json:"clusterName,omitempty"`
// Site is the Datadog intake site Agent data are sent to.
// Set to 'datadoghq.eu' to send data to the EU site.
// Default: 'datadoghq.com'
// +optional
Site *string `json:"site,omitempty"`
// Endpoint is the Datadog intake URL the Agent data are sent to.
// Only set this option if you need the Agent to send data to a custom URL.
// Overrides the site setting defined in `Site`.
// +optional
Endpoint *Endpoint `json:"endpoint,omitempty"`
// Registry is the image registry to use for all Agent images.
// Use 'public.ecr.aws/datadog' for AWS ECR.
// Use 'docker.io/datadog' for DockerHub.
// Default: 'gcr.io/datadoghq'
// +optional
Registry *string `json:"registry,omitempty"`
// LogLevel sets logging verbosity. This can be overridden by container.
// Valid log levels are: trace, debug, info, warn, error, critical, and off.
// Default: 'info'
LogLevel *string `json:"logLevel,omitempty"`
// Tags contains a list of tags to attach to every metric, event and service check collected.
// Learn more about tagging: https://docs.datadoghq.com/tagging/
// +optional
// +listType=set
Tags []string `json:"tags,omitempty"`
// Provide a mapping of Kubernetes Labels to Datadog Tags.
// <KUBERNETES_LABEL>: <DATADOG_TAG_KEY>
// +optional
PodLabelsAsTags map[string]string `json:"podLabelsAsTags,omitempty"`
// Provide a mapping of Kubernetes Annotations to Datadog Tags.
// <KUBERNETES_ANNOTATIONS>: <DATADOG_TAG_KEY>
// +optional
PodAnnotationsAsTags map[string]string `json:"podAnnotationsAsTags,omitempty"`
// Provide a mapping of Kubernetes Node Labels to Datadog Tags.
// <KUBERNETES_NODE_LABEL>: <DATADOG_TAG_KEY>
// +optional
NodeLabelsAsTags map[string]string `json:"nodeLabelsAsTags,omitempty"`
// Provide a mapping of Kubernetes Namespace Labels to Datadog Tags.
// <KUBERNETES_NAMESPACE_LABEL>: <DATADOG_TAG_KEY>
// +optional
NamespaceLabelsAsTags map[string]string `json:"namespaceLabelsAsTags,omitempty"`
// NetworkPolicy contains the network configuration.
// +optional
NetworkPolicy *NetworkPolicyConfig `json:"networkPolicy,omitempty"`
// LocalService contains configuration to customize the internal traffic policy service.
// +optional
LocalService *LocalService `json:"localService,omitempty"`
// Kubelet contains the kubelet configuration parameters.
// +optional
Kubelet *commonv1.KubeletConfig `json:"kubelet,omitempty"`
// Path to the docker runtime socket.
// +optional
DockerSocketPath *string `json:"dockerSocketPath,omitempty"`
// Path to the container runtime socket (if different from Docker).
// +optional
CriSocketPath *string `json:"criSocketPath,omitempty"`
}
// DatadogCredentials is a generic structure that holds credentials to access Datadog.
// +k8s:openapi-gen=true
type DatadogCredentials struct {
// APIKey configures your Datadog API key.
// See also: https://app.datadoghq.com/account/settings#agent/kubernetes
APIKey *string `json:"apiKey,omitempty"`
// APISecret references an existing Secret which stores the API key instead of creating a new one.
// If set, this parameter takes precedence over "APIKey".
// +optional
APISecret *commonv1.SecretConfig `json:"apiSecret,omitempty"`
// AppKey configures your Datadog application key.
// If you are using features.externalMetricsServer.enabled = true, you must set
// a Datadog application key for read access to your metrics.
// +optional
AppKey *string `json:"appKey,omitempty"`
// AppSecret references an existing Secret which stores the application key instead of creating a new one.
// If set, this parameter takes precedence over "AppKey".
// +optional
AppSecret *commonv1.SecretConfig `json:"appSecret,omitempty"`
}
// SecretBackendConfig provides configuration for the secret backend.
type SecretBackendConfig struct {
// Command defines the secret backend command to use
Command *string `json:"command,omitempty"`
// Args defines the list of arguments to pass to the command
Args []string `json:"args,omitempty"`
}
// NetworkPolicyFlavor specifies which flavor of Network Policy to use.
type NetworkPolicyFlavor string
const (
// NetworkPolicyFlavorKubernetes refers to `networking.k8s.io/v1/NetworkPolicy`
NetworkPolicyFlavorKubernetes NetworkPolicyFlavor = "kubernetes"
// NetworkPolicyFlavorCilium refers to `cilium.io/v2/CiliumNetworkPolicy`
NetworkPolicyFlavorCilium NetworkPolicyFlavor = "cilium"
)
// NetworkPolicyConfig provides Network Policy configuration for the agents.
// +k8s:openapi-gen=true
type NetworkPolicyConfig struct {
// Create defines whether to create a NetworkPolicy for the current deployment.
// +optional
Create *bool `json:"create,omitempty"`
// Flavor defines Which network policy to use.
// +optional
Flavor NetworkPolicyFlavor `json:"flavor,omitempty"`
// DNSSelectorEndpoints defines the cilium selector of the DNS server entity.
// +optional
// +listType=atomic
DNSSelectorEndpoints []metav1.LabelSelector `json:"dnsSelectorEndpoints,omitempty"`
}
// LocalService provides the internal traffic policy service configuration.
// +k8s:openapi-gen=true
type LocalService struct {
// NameOverride defines the name of the internal traffic service to target the agent running on the local node.
// +optional
NameOverride *string `json:"nameOverride,omitempty"`
// ForceEnableLocalService forces the creation of the internal traffic policy service to target the agent running on the local node.
// This parameter only applies to Kubernetes 1.21, where the feature is in alpha and is disabled by default.
// (On Kubernetes 1.22+, the feature entered beta and the internal traffic service is created by default, so this parameter is ignored.)
// Default: false
// +optional
ForceEnableLocalService *bool `json:"forceEnableLocalService,omitempty"`
}
// SeccompConfig is used to override default values for Seccomp Profile configurations.
// +k8s:openapi-gen=true
type SeccompConfig struct {
// CustomRootPath specifies a custom Seccomp Profile root location.
// +optional
CustomRootPath *string `json:"customRootPath,omitempty"`
// CustomProfile specifies a ConfigMap containing a custom Seccomp Profile.
// ConfigMap data must either have the key `system-probe-seccomp.json` or CustomProfile.Items
// must include a corev1.KeytoPath that maps the key to the path `system-probe-seccomp.json`.
// +optional
CustomProfile *CustomConfig `json:"customProfile,omitempty"`
}
// AgentConfigFileName is the list of known Agent config files
type AgentConfigFileName string
const (
// AgentGeneralConfigFile is the name of the main Agent config file
AgentGeneralConfigFile AgentConfigFileName = "datadog.yaml"
// SystemProbeConfigFile is the name of the of System Probe config file
SystemProbeConfigFile AgentConfigFileName = "system-probe.yaml"
// SecurityAgentConfigFile is the name of the Security Agent config file
SecurityAgentConfigFile AgentConfigFileName = "security-agent.yaml"
// ClusterAgentConfigFile is the name of the Cluster Agent config file
ClusterAgentConfigFile AgentConfigFileName = "datadog-cluster.yaml"
)
// DatadogAgentComponentOverride is the generic description equivalent to a subset of the PodTemplate for a component.
type DatadogAgentComponentOverride struct {
// Name overrides the default name for the resource
// +optional
Name *string `json:"name,omitempty"`
// Number of the replicas.
// Not applicable for a DaemonSet/ExtendedDaemonSet deployment
// +optional
Replicas *int32 `json:"replicas,omitempty"`
// Set CreateRbac to false to prevent automatic creation of Role/ClusterRole for this component
// +optional
CreateRbac *bool `json:"createRbac,omitempty"`
// Sets the ServiceAccount used by this component.
// Ignored if the field CreateRbac is true.
// +optional
ServiceAccountName *string `json:"serviceAccountName,omitempty"`
// The container image of the different components (Datadog Agent, Cluster Agent, Cluster Check Runner).
// +optional
Image *commonv1.AgentImageConfig `json:"image,omitempty"`
// Specify additional environmental variables for all containers in this component
// Priority is Container > Component
// See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables
//
// +optional
// +listType=map
// +listMapKey=name
Env []corev1.EnvVar `json:"env,omitempty"`
// CustomConfiguration allows to specify custom configuration files for `datadog.yaml`, `datadog-cluster.yaml`, `security-agent.yaml`, and `system-probe.yaml`.
// The content will be merged with configuration generated by the Datadog Operator, with priority given to custom configuration.
// WARNING: It's thus possible to override values set in the `DatadogAgent`.
// +optional
CustomConfigurations map[AgentConfigFileName]CustomConfig `json:"customConfigurations,omitempty"`
// Confd configuration allowing to specify config files for custom checks placed under /etc/datadog-agent/conf.d/.
// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details.
// +optional
ExtraConfd *MultiCustomConfig `json:"extraConfd,omitempty"`
// Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/
// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details.
// +optional
ExtraChecksd *MultiCustomConfig `json:"extraChecksd,omitempty"`
// Configure the basic configurations for each agent container. Valid agent container names are:
// `agent`, `cluster-agent`, `init-config`, `init-volume`, `process-agent`, `seccomp-setup`,
// `security-agent`, `system-probe`, `trace-agent`, and `all`.
// Configuration under `all` applies to all configured containers.
// +optional
Containers map[commonv1.AgentContainerName]*DatadogAgentGenericContainer `json:"containers,omitempty"`
// Specify additional volumes in the different components (Datadog Agent, Cluster Agent, Cluster Check Runner).
// +optional
// +listType=map
// +listMapKey=name
Volumes []corev1.Volume `json:"volumes,omitempty"`
// Configure the SecurityContextConstraints for each component.
// +optional
SecurityContextConstraints *SecurityContextConstraintsConfig `json:"securityContextConstraints,omitempty"`
// Pod-level SecurityContext.
// +optional
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
// If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical"
// are two special keywords which indicate the highest priorities with the former being the highest priority.
// Any other name must be defined by creating a PriorityClass object with that name. If not specified,
// the pod priority will be default or zero if there is no default.
PriorityClassName *string `json:"priorityClassName,omitempty"`
// If specified, the pod's scheduling constraints.
// +optional
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// NodeSelector is a selector which must be true for the pod to fit on a node.
// Selector which must match a node's labels for the pod to be scheduled on that node.
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// Configure the component tolerations.
// +optional
// +listType=atomic
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// Annotations provide annotations that will be added to the different component (Datadog Agent, Cluster Agent, Cluster Check Runner) pods.
Annotations map[string]string `json:"annotations,omitempty"`
// AdditionalLabels provide labels that will be added to the different component (Datadog Agent, Cluster Agent, Cluster Check Runner) pods.
Labels map[string]string `json:"labels,omitempty"`
// Host networking requested for this pod. Use the host's network namespace.
// +optional
HostNetwork *bool `json:"hostNetwork,omitempty"`
// Use the host's pid namespace.
// +optional
HostPID *bool `json:"hostPID,omitempty"`
// Disabled force disables a component.
// +optional
Disabled *bool `json:"disabled,omitempty"`
}
// SecurityContextConstraintsConfig provides SecurityContextConstraints configurations for the components.
// +k8s:openapi-gen=true
type SecurityContextConstraintsConfig struct {
// Create defines whether to create a SecurityContextConstraints for the current component.
// If CustomConfiguration is not set, setting Create to `true` will create a default SCC.
// +optional
Create *bool `json:"create,omitempty"`
// CustomConfiguration defines a custom SCC configuration to use if Create is `true`.
// +optional
CustomConfiguration *securityv1.SecurityContextConstraints `json:"customConfiguration,omitempty"`
}
// DatadogAgentGenericContainer is the generic structure describing any container's common configuration.
// +k8s:openapi-gen=true
type DatadogAgentGenericContainer struct {
// Name of the container that is overridden
//+optional
Name *string `json:"name,omitempty"`
// LogLevel sets logging verbosity (overrides global setting)
// Valid log levels are: trace, debug, info, warn, error, critical, and off.
// Default: 'info'
// +optional
LogLevel *string `json:"logLevel,omitempty"`
// Specify additional environmental variables in the container
// See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables
//
// +optional
// +listType=map
// +listMapKey=name
Env []corev1.EnvVar `json:"env,omitempty"`
// Specify additional volume mounts in the container.
// +optional
// +listType=map
// +listMapKey=name
// +listMapKey=mountPath
VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
// Specify the Request and Limits of the pods
// To get guaranteed QoS class, specify requests and limits equal.
// See also: http://kubernetes.io/docs/user-guide/compute-resources/
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
// Command allows the specification of a custom entrypoint for container
// +listType=atomic
Command []string `json:"command,omitempty"`
// Args allows the specification of extra args to the `Command` parameter
// +listType=atomic
Args []string `json:"args,omitempty"`
// HealthPort of the container for the internal liveness probe.
// Must be the same as the Liveness/Readiness probes.
// +optional
HealthPort *int32 `json:"healthPort,omitempty"`
// Configure the Readiness Probe of the container
// +optional
ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty"`
// Configure the Liveness Probe of the container
// +optional
LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty"`
// Container-level SecurityContext.
// +optional
SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
// Seccomp configurations to override Operator actions. For all other Seccomp Profile manipulation,
// use SecurityContext.
// +optional
SeccompConfig *SeccompConfig `json:"seccompConfig,omitempty"`
// AppArmorProfileName specifies an apparmor profile.
// +optional
AppArmorProfileName *string `json:"appArmorProfileName,omitempty"`
}
// DatadogAgentStatus defines the observed state of DatadogAgent.
// +k8s:openapi-gen=true
type DatadogAgentStatus struct {
// Conditions Represents the latest available observations of a DatadogAgent's current state.
// +optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions"`
// The actual state of the Agent as an extended daemonset.
// +optional