diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index e4c11ea61..15b852bc5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.62.0 + +* Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default + ## 3.61.0 * Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 24bce23ff..cdc87ba2f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.61.0 +version: 3.62.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 73e11db0a..85acfae29 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.61.0](https://img.shields.io/badge/Version-3.61.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.62.0](https://img.shields.io/badge/Version-3.62.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -676,6 +676,9 @@ helm install \ | datadog.apm.useSocketVolume | bool | `false` | Enable APM over Unix Domain Socket DEPRECATED. Use datadog.apm.socketEnabled instead | | datadog.appKey | string | `nil` | Datadog APP key required to use metricsProvider | | datadog.appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one. The value should be set with the `app-key` key inside the secret. | +| datadog.asm.iast.enabled | bool | `false` | Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.sca.enabled | bool | `false` | Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.threats.enabled | bool | `false` | Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster | | datadog.checksCardinality | string | `nil` | Sets the tag cardinality for the checks run by the Agent. | | datadog.checksd | object | `{}` | Provide additional custom checks as python code | | datadog.clusterChecks.enabled | bool | `true` | Enable the Cluster Checks feature on both the cluster-agents and the daemonset | diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index e40075932..5bca5c2de 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -254,6 +254,18 @@ spec: - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.asm.threats.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.sca.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_SCA_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.iast.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_IAST_ENABLED + value: "true" + {{- end }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 57a39310b..4c1107e58 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -492,6 +492,25 @@ datadog: # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). enabled: true + ## Application Security Managment (ASM) configuration + ## + ## ASM is disabled by default and can be enabled by setting the various `enabled` fields to `true` under the `datadog.asm` section. + ## Manually adding the various environment variables to a pod will take precedence over the ones in the Helm chart. + ## These will only have an effect on containers that have Datadog client libraries installed, either manually or via Single Step Instrumentation (under the `datadog.apm.instrumentation` section). + ## It requires Datadog Cluster Agent 7.53.0+. + asm: + threats: + # datadog.asm.threats.enabled -- Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster + enabled: false + + sca: + # datadog.asm.sca.enabled -- Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster + enabled: false + + iast: + # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster + enabled: false + ## OTLP ingest related configuration otlp: receiver: