add providers.gke.gdc option to datadog chart

charts/datadog/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: datadog
-version: 3.70.7
+version: 3.71.0
 appVersion: "7"
 description: Datadog Agent
 keywords:

charts/datadog/README.md

@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.70.7](https://img.shields.io/badge/Version-3.70.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.71.0](https://img.shields.io/badge/Version-3.71.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -871,6 +871,7 @@ helm install <RELEASE_NAME> \
 | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. |
 | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot |
 | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) |
+| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) |
 | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) |
 | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. |
 | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) |

charts/datadog/templates/NOTES.txt

@@ -337,7 +337,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes
 
 {{- end }}
 
-{{- if and (not .Values.providers.gke.autopilot) (not .Values.datadog.clusterName)}}
+{{- if and (not .Values.providers.gke.gdc) (not .Values.datadog.clusterName)}}
 
 ###########################################################################
 ####   WARNING: Cluster name must be set on Google Distributed Cloud   ####

charts/datadog/templates/_container-agent.yaml

@@ -57,9 +57,8 @@
 {{- end }}
   env:
     {{- include "containers-common-env" . | nindent 4 }}
-    {{- include "fips-envvar" . | nindent 4 }}
-    {{- include "processes-common-envs" . | nindent 4 }}
-
+    {{- include "fips-envvar" . | indent 4 }}
+    {{- include "processes-common-envs" . | indent 4 }}
     {{- if .Values.datadog.logLevel }}
     - name: DD_LOG_LEVEL
       value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }}
@@ -121,7 +120,7 @@
     - name: DD_HEALTH_PORT
     {{- $healthPort := .Values.agents.containers.agent.healthPort }}
       value: {{ $healthPort | quote }}
-    {{- if eq .Values.targetSystem "linux" }}
+    {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }}
     - name: DD_DOGSTATSD_SOCKET
       value: {{ .Values.datadog.dogstatsd.socketPath | quote }}
     {{- end }}
@@ -208,7 +207,7 @@
       subPath: install_info
       mountPath: /etc/datadog-agent/install_info
       readOnly: true
-    {{- include "linux-container-host-release-volumemounts" . | nindent 4 }}
+    {{- include "linux-container-host-release-volumemounts" . | indent 4 }}
     {{- if eq (include "should-mount-fips-configmap" .) "true" }}
     {{- include "linux-container-fips-proxy-cfg-volumemount" . | nindent 4 }}
     {{- end }}
@@ -220,7 +219,7 @@
     - name: auth-token
       mountPath: {{ template "datadog.confPath" . }}/auth
       readOnly: false # Need RW to write auth token
-    {{- end }}
+    {{- end -}}
     {{- if not .Values.providers.gke.gdc }}
     - name: tmpdir
       mountPath: /tmp

charts/datadog/templates/_containers-common-env.yaml

@@ -29,6 +29,12 @@
 - name: DD_KUBERNETES_HTTPS_KUBELET_PORT
   value: "0"
 {{- end }}
+{{- if .Values.providers.gke.gdc }}
+- name: DD_HOSTNAME
+  valueFrom:
+    fieldRef:
+      fieldPath: spec.nodeName
+{{- end }}
 {{- if eq .Values.targetSystem "linux" }}
 {{- if .Values.providers.eks.ec2.useHostnameFromFile }}
 - name: DD_HOSTNAME_FILE

charts/datadog/templates/_containers-init-linux.yaml

@@ -1,7 +1,7 @@
 {{- define "containers-init-linux" -}}
 - name: init-volume
 {{- if not .Values.providers.gke.autopilot }}
-{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
+{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
 {{- end }}
   image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
   imagePullPolicy: {{ .Values.agents.image.pullPolicy }}
@@ -16,7 +16,7 @@
 {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }}
 - name: init-config
 {{- if not .Values.providers.gke.autopilot }}
-{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
+{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
 {{- end }}
   image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
   imagePullPolicy: {{ .Values.agents.image.pullPolicy }}

charts/datadog/templates/_daemonset-volumes-linux.yaml

@@ -3,13 +3,15 @@
   emptyDir: {}
 - name: tmpdir
   emptyDir: {}
+{{- if not .Values.providers.gke.gdc }}
 - hostPath:
     path: /proc
   name: procdir
 - hostPath:
     path: /sys/fs/cgroup
   name: cgroups
-{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }}
+{{- end }}
+{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }}
 - hostPath:
     path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }}
   name: os-release-file
@@ -181,6 +183,18 @@
 {{- end }}
 {{- end }}
 {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }}
+{{- if .Values.providers.gke.gdc }}
+- name: pointerdir
+  emptyDir: {}
+- name: logpodpath
+  emptyDir: {}
+- name: logscontainerspath
+  emptyDir: {}
+{{- if not .Values.datadog.criSocketPath }}
+- name: logdockercontainerpath
+  emptyDir: {}
+{{- end }}
+{{ else }}
 - hostPath:
     path: {{ template "datadog.hostMountRoot" . }}/logs
   name: pointerdir
@@ -196,7 +210,8 @@
   name: logdockercontainerpath
 {{- end }}
 {{- end }}
-{{- if .Values.datadog.containerRuntimeSupport.enabled }}
+{{- end }}
+{{- if and (.Values.datadog.containerRuntimeSupport.enabled) (not .Values.providers.gke.gdc) }}
 - hostPath:
     path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }}
   name: runtimesocketdir

charts/datadog/templates/_helpers.tpl

@@ -869,7 +869,7 @@ false
 Returns whether Remote Configuration should be enabled in the agent
 */}}
 {{- define "datadog-remoteConfiguration-enabled" -}}
-{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}}
+{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}}
 true
 {{- else -}}
 false
@@ -946,7 +946,7 @@ Create RBACs for custom resources
   Return true if any process-related check is enabled
 */}}
 {{- define "process-checks-enabled" -}}
-  {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}}
+  {{- if and (or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true")) (not .Values.providers.gke.gdc) -}}
     true
   {{- else -}}
     false
@@ -974,6 +974,8 @@ Create RBACs for custom resources
     {{- include "get-process-checks-in-core-agent-envvar" . -}}
   {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}}
       true
+  {{- else if .Values.providers.gke.gdc }}
+      false
   {{- else -}}
     false
   {{- end -}}
@@ -989,8 +991,10 @@ Create RBACs for custom resources
     true
   {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}}
     false
-  {{- else -}}
+  {{- else if (not .Values.providers.gke.gdc) -}}
     {{- include "process-checks-enabled" . -}}
+  {{- else -}}
+    false
   {{- end -}}
 {{- end -}}
 

charts/datadog/templates/_processes-common-env.yaml

@@ -1,5 +1,6 @@
 # Defines set of environment variables for Processes-related checks.
 {{- define "processes-common-envs" -}}
+{{- if not .Values.providers.gke.gdc }}
 - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED
   value: {{ .Values.datadog.processAgent.processCollection | quote }}
 - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED
@@ -11,5 +12,6 @@
 {{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }}
 - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED
   value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }}
-{{- end }} 
+{{- end }}
+{{- end }}
 {{- end -}}

charts/datadog/templates/daemonset.yaml

@@ -139,7 +139,7 @@ spec:
           {{ include "containers-init-windows" . | nindent 6 }}
         {{- end }}
         {{- if eq .Values.targetSystem "linux" }}
-          {{ include "containers-init-linux" . | nindent 6 }}
+          {{- include "containers-init-linux" . | nindent 6 -}}
         {{- end }}
         {{- if and (eq (include "should-enable-system-probe" .) "true")  (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }}
           {{ include "system-probe-init" . | nindent 6 }}
@@ -167,7 +167,7 @@ spec:
       {{- if eq .Values.targetSystem "windows" }}
         {{ include "daemonset-volumes-windows" . | nindent 6 }}
       {{- end }}
-      {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }}
+      {{- if and (eq .Values.targetSystem "linux") }}
         {{ include "daemonset-volumes-linux" . | nindent 6 }}
       {{- end }}
       {{- if eq (include "should-enable-otel-agent" .) "true" }}

test/datadog/baseline/agent-clusterchecks-deployment_default.yaml

@@ -6,7 +6,7 @@ metadata:
   name: datadog-clusterchecks
   namespace: datadog-agent
   labels:
-    helm.sh/chart: 'datadog-3.69.3'
+    helm.sh/chart: 'datadog-3.71.0'
     app.kubernetes.io/name: "datadog"
     app.kubernetes.io/instance: "datadog"
     app.kubernetes.io/managed-by: Helm
@@ -36,16 +36,16 @@ spec:
 
       name: datadog-clusterchecks
       annotations:
-        checksum/clusteragent_token: 898b7de0d59fe1803c9e99f2010332dae52edfc36ef050f7f77c7ab12b8709c5
-        checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7
+        checksum/clusteragent_token: aef8984efc84cc91de09614a3205ae0cbceb4030d7de330710eaf9b3a0812840
+        checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41
     spec:
       serviceAccountName: datadog-cluster-checks
       automountServiceAccountToken: true
       imagePullSecrets:
         []
       initContainers:
       - name: init-volume
-        image: "gcr.io/datadoghq/agent:7.55.2"
+        image: "gcr.io/datadoghq/agent:7.56.2"
         imagePullPolicy: IfNotPresent
         command: ["bash", "-c"]
         args:
@@ -57,7 +57,7 @@ spec:
         resources:
           {}
       - name: init-config
-        image: "gcr.io/datadoghq/agent:7.55.2"
+        image: "gcr.io/datadoghq/agent:7.56.2"
         imagePullPolicy: IfNotPresent
         command: ["bash", "-c"]
         args:
@@ -70,7 +70,7 @@ spec:
           {}
       containers:
       - name: agent
-        image: "gcr.io/datadoghq/agent:7.55.2"
+        image: "gcr.io/datadoghq/agent:7.56.2"
         command: ["bash", "-c"]
         args:
           - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run

test/datadog/baseline/cluster-agent-deployment_default.yaml

@@ -6,7 +6,7 @@ metadata:
   name: datadog-cluster-agent
   namespace: datadog-agent
   labels:
-    helm.sh/chart: 'datadog-3.69.3'
+    helm.sh/chart: 'datadog-3.71.0'
     app.kubernetes.io/name: "datadog"
     app.kubernetes.io/instance: "datadog"
     app.kubernetes.io/managed-by: Helm
@@ -36,17 +36,17 @@ spec:
 
       name: datadog-cluster-agent
       annotations:
-        checksum/clusteragent_token: 1e89899244fb44ae50129b361b512027fd59eeec723dc4e43ec8c54084de2f92
-        checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf
-        checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4
+        checksum/clusteragent_token: abc7cadd5ae687b721039e699d67fb4033862965624436a3e02b90c6840be068
+        checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4
+        checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5
         checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
-        checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7
+        checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41
     spec:
       serviceAccountName: datadog-cluster-agent
       automountServiceAccountToken: true
       initContainers:
       - name: init-volume
-        image: "gcr.io/datadoghq/cluster-agent:7.55.2"
+        image: "gcr.io/datadoghq/cluster-agent:7.56.2"
         imagePullPolicy: IfNotPresent
         command:
           - cp
@@ -59,7 +59,7 @@ spec:
             mountPath: /opt/datadog-agent
       containers:
       - name: cluster-agent
-        image: "gcr.io/datadoghq/cluster-agent:7.55.2"
+        image: "gcr.io/datadoghq/cluster-agent:7.56.2"
         imagePullPolicy: IfNotPresent
         resources:
           {}
@@ -100,7 +100,7 @@ spec:
             value: "false"
           - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME
             value: datadog-cluster-agent-admission-controller
-          - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE
+          - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service
             value: socket
           - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME
             value: datadog

test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml

@@ -6,7 +6,7 @@ metadata:
   name: datadog-cluster-agent
   namespace: datadog-agent
   labels:
-    helm.sh/chart: 'datadog-3.69.3'
+    helm.sh/chart: 'datadog-3.71.0'
     app.kubernetes.io/name: "datadog"
     app.kubernetes.io/instance: "datadog"
     app.kubernetes.io/managed-by: Helm
@@ -36,17 +36,17 @@ spec:
 
       name: datadog-cluster-agent
       annotations:
-        checksum/clusteragent_token: 7991408bb52fa0f7419e6e11edf9a98b11a769fe9fd4574652c99d896a836f3a
-        checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf
-        checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4
+        checksum/clusteragent_token: 5119315b86cd6b16ea696fa313fa8f63aeffc70c1bea6abaffacbfcf1692b436
+        checksum/clusteragent-configmap: d0ab6e789c44fc4f5881e7244c4d00814ae7191b94560405bec45d3c2f0923c4
+        checksum/api_key: 0a9725cd842dfab442be71cd22846bead912297242cfcb3f60c3a2b7513a4fc5
         checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
-        checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7
+        checksum/install_info: d981b555be4a75e224267a779d6b633b9cde1b8258e49b0b42aada13ebc04f41
     spec:
       serviceAccountName: datadog-cluster-agent
       automountServiceAccountToken: true
       initContainers:
       - name: init-volume
-        image: "gcr.io/datadoghq/cluster-agent:7.55.2"
+        image: "gcr.io/datadoghq/cluster-agent:7.56.2"
         imagePullPolicy: IfNotPresent
         command:
           - cp
@@ -59,7 +59,7 @@ spec:
             mountPath: /opt/datadog-agent
       containers:
       - name: cluster-agent
-        image: "gcr.io/datadoghq/cluster-agent:7.55.2"
+        image: "gcr.io/datadoghq/cluster-agent:7.56.2"
         imagePullPolicy: IfNotPresent
         resources:
           {}
@@ -100,7 +100,7 @@ spec:
             value: "false"
           - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME
             value: datadog-cluster-agent-admission-controller
-          - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE
+          - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE # TODO: gdc should use local service
             value: socket
           - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME
             value: datadog