diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadog-operator-certified-rhmp.clusterserviceversion.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadog-operator-certified-rhmp.clusterserviceversion.yaml new file mode 100644 index 000000000..a8e63ccd1 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadog-operator-certified-rhmp.clusterserviceversion.yaml @@ -0,0 +1,1194 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "datadoghq.com/v1alpha1", + "kind": "DatadogAgentProfile", + "metadata": { + "name": "datadogagentprofile-sample" + }, + "spec": { + "config": { + "override": { + "nodeAgent": { + "containers": { + "agent": { + "resources": { + "requests": { + "cpu": "256m" + } + } + } + } + } + } + }, + "profileAffinity": { + "profileNodeAffinity": [ + { + "key": "kubernetes.io/os", + "operator": "In", + "values": [ + "linux" + ] + } + ] + } + } + }, + { + "apiVersion": "datadoghq.com/v1alpha1", + "kind": "DatadogDashboard", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "datadog-operator", + "app.kubernetes.io/instance": "datadogdashboard-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "datadogdashboard", + "app.kubernetes.io/part-of": "datadog-operator" + }, + "name": "datadogdashboard-sample" + }, + "spec": null + }, + { + "apiVersion": "datadoghq.com/v1alpha1", + "kind": "DatadogMetric", + "metadata": { + "name": "datadogmetric-sample" + }, + "spec": { + "query": "avg:kubernetes.cpu.usage.total{app:foo}.rollup(avg,30)/(avg:kubernetes.cpu.limits{app:foo}.rollup(avg,30)*10000000)" + } + }, + { + "apiVersion": "datadoghq.com/v1alpha1", + "kind": "DatadogMonitor", + "metadata": { + "name": "datadogmonitor-sample" + }, + "spec": { + "message": "Something is wrong and we need to fix it.", + "query": "avg(last_15m):avg:foo{env:staging,service:bar} \u003e 1", + "tags": [ + "env:staging", + "service:bar" + ], + "title": "Latency is increasing on staging", + "type": "metric alert" + } + }, + { + "apiVersion": "datadoghq.com/v1alpha1", + "kind": "DatadogPodAutoscaler", + "metadata": { + "name": "datadogpodautoscaler-sample" + }, + "spec": null + }, + { + "apiVersion": "datadoghq.com/v1alpha1", + "kind": "DatadogSLO", + "metadata": { + "name": "datadogslo-sample" + }, + "spec": { + "description": "This is an example metric SLO from datadog-operator", + "name": "datadogslo-sample", + "query": { + "denominator": "sum:requests.total{service:example,env:prod}.as_count()", + "numerator": "sum:requests.success{service:example,env:prod}.as_count()" + }, + "tags": [ + "service:example", + "env:prod" + ], + "targetThreshold": "99.9", + "timeframe": "7d", + "type": "metric" + } + }, + { + "apiVersion": "datadoghq.com/v2alpha1", + "kind": "DatadogAgent", + "metadata": { + "name": "datadogagent-sample" + }, + "spec": { + "features": { + "admissionController": { + "enabled": false + }, + "apm": { + "enabled": false + }, + "clusterChecks": { + "enabled": true, + "useClusterChecksRunners": true + }, + "liveProcessCollection": { + "enabled": false + }, + "logCollection": { + "containerCollectAll": true, + "enabled": true + } + }, + "global": { + "clusterAgentToken": "\u003cDATADOG_CLUSTER_AGENT_TOKEN\u003e", + "clusterName": "\u003cCLUSTER_NAME\u003e", + "credentials": { + "apiKey": "\u003cDATADOG_API_KEY\u003e", + "appKey": "\u003cDATADOG_APP_KEY\u003e" + }, + "criSocketPath": "/var/run/crio/crio.sock", + "kubelet": { + "tlsVerify": false + } + }, + "override": { + "clusterAgent": { + "containers": { + "cluster-agent": { + "securityContext": { + "readOnlyRootFilesystem": false + } + } + }, + "replicas": 2, + "serviceAccountName": "datadog-agent-scc" + }, + "clusterChecksRunner": { + "replicas": 2 + }, + "nodeAgent": { + "hostNetwork": true, + "securityContext": { + "runAsUser": 0, + "seLinuxOptions": { + "level": "s0", + "role": "system_r", + "type": "spc_t", + "user": "system_u" + } + }, + "serviceAccountName": "datadog-agent-scc" + } + } + } + } + ] + capabilities: Full Lifecycle + categories: Monitoring, Logging & Tracing + containerImage: registry.connect.redhat.com/datadog/operator@sha256:ec935311e959d58b4309932cb481c228d0b779d3d08a0a2a1ab052ab4a96e58e + createdAt: "2024-11-08 16:22:29" + description: Datadog provides a modern monitoring and analytics platform. Gather metrics, logs and traces for full observability of your Kubernetes cluster with Datadog Operator. + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + olm.skipRange: '>=1.7.0 <1.10.0' + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/DataDog/datadog-operator + support: Datadog, Inc. + marketplace.openshift.io/remote-workflow: https://marketplace.redhat.com/en-us/operators/datadog-operator-certified-rhmp/pricing?utm_source=openshift_console + marketplace.openshift.io/support-workflow: https://marketplace.redhat.com/en-us/operators/datadog-operator-certified-rhmp/support?utm_source=openshift_console + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: datadog-operator.v1.10.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + displayName: Datadog Agent Profile + kind: DatadogAgentProfile + name: datadogagentprofiles.datadoghq.com + version: v1alpha1 + - description: DatadogAgent Deployment with the Datadog Operator. + displayName: Datadog Agent + kind: DatadogAgent + name: datadogagents.datadoghq.com + version: v2alpha1 + - description: DatadogDashboard is the Schema for the datadogdashboards API + displayName: Datadog Dashboard + kind: DatadogDashboard + name: datadogdashboards.datadoghq.com + version: v1alpha1 + - description: DatadogMetric allows autoscaling on arbitrary Datadog query + displayName: Datadog Metric + kind: DatadogMetric + name: datadogmetrics.datadoghq.com + version: v1alpha1 + - description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster + displayName: Datadog Monitor + kind: DatadogMonitor + name: datadogmonitors.datadoghq.com + version: v1alpha1 + - description: DatadogPodAutoscaler is the Schema for the datadogpodautoscalers API + displayName: Datadog Pod Autoscaler + kind: DatadogPodAutoscaler + name: datadogpodautoscalers.datadoghq.com + version: v1alpha1 + - description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + displayName: Datadog SLO + kind: DatadogSLO + name: datadogslos.datadoghq.com + version: v1alpha1 + description: Datadog provides a modern monitoring and analytics platform. Gather metrics, logs and traces for full observability of your Kubernetes cluster with Datadog Operator. + displayName: Datadog Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIzLjAuNCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCA4MDAuNTUgODU2Ljg1IiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCA4MDAuNTUgODU2Ljg1OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGwtcnVsZTpldmVub2RkO2NsaXAtcnVsZTpldmVub2RkO2ZpbGw6IzYzMkNBNjt9Cjwvc3R5bGU+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik02NzAuMzgsNjA4LjI3bC03MS4yNC00Ni45OWwtNTkuNDMsOTkuMjdsLTY5LjEyLTIwLjIxbC02MC44Niw5Mi44OWwzLjEyLDI5LjI0bDMzMC45LTYwLjk3bC0xOS4yMi0yMDYuNzUKCUw2NzAuMzgsNjA4LjI3eiBNMzYxLjc5LDUxOS4xM2w1My4wOS03LjNjOC41OSwzLjg2LDE0LjU3LDUuMzMsMjQuODcsNy45NWMxNi4wNCw0LjE4LDM0LjYxLDguMTksNjIuMTEtNS42NwoJYzYuNC0zLjE3LDE5LjczLTE1LjM2LDI1LjEyLTIyLjMxbDIxNy41Mi0zOS40NmwyMi4xOSwyNjguNTZsLTM3Mi42NSw2Ny4xNkwzNjEuNzksNTE5LjEzeiBNNzY1Ljg1LDQyMi4zNmwtMjEuNDcsNC4wOUw3MDMuMTMsMC4yNwoJTDAuMjcsODEuNzdsODYuNTksNzAyLjY4bDgyLjI3LTExLjk0Yy02LjU3LTkuMzgtMTYuOC0yMC43My0zNC4yNy0zNS4yNmMtMjQuMjMtMjAuMTMtMTUuNjYtNTQuMzItMS4zNy03NS45MQoJYzE4LjkxLTM2LjQ4LDExNi4zNC04Mi44NCwxMTAuODItMTQxLjE1Yy0xLjk4LTIxLjItNS4zNS00OC44LTI1LjAzLTY3LjcxYy0wLjc0LDcuODUsMC41OSwxNS40MSwwLjU5LDE1LjQxCglzLTguMDgtMTAuMzEtMTIuMTEtMjQuMzdjLTQtNS4zOS03LjE0LTcuMTEtMTEuMzktMTQuMzFjLTMuMDMsOC4zMy0yLjYzLDE3Ljk5LTIuNjMsMTcuOTlzLTYuNjEtMTUuNjItNy42OC0yOC44CgljLTMuOTIsNS45LTQuOTEsMTcuMTEtNC45MSwxNy4xMXMtOC41OS0yNC42Mi02LjYzLTM3Ljg4Yy0zLjkyLTExLjU0LTE1LjU0LTM0LjQ0LTEyLjI1LTg2LjQ5YzIxLjQ1LDE1LjAzLDY4LjY3LDExLjQ2LDg3LjA3LTE1LjY2CgljNi4xMS04Ljk4LDEwLjI5LTMzLjUtMy4wNS04MS44MWMtOC41Ny0zMC45OC0yOS43OS03Ny4xMS0zOC4wNi05NC42MWwtMC45OSwwLjcxYzQuMzYsMTQuMSwxMy4zNSw0My42NiwxNi44LDU3Ljk5CgljMTAuNDQsNDMuNDcsMTMuMjQsNTguNiw4LjM0LDc4LjY0Yy00LjE3LDE3LjQyLTE0LjE3LDI4LjgyLTM5LjUyLDQxLjU2Yy0yNS4zNSwxMi43OC01OC45OS0xOC4zMi02MS4xMi0yMC4wNAoJYy0yNC42My0xOS42Mi00My42OC01MS42My00NS44MS02Ny4xOGMtMi4yMS0xNy4wMiw5LjgxLTI3LjI0LDE1Ljg3LTQxLjE2Yy04LjY3LDIuNDgtMTguMzQsNi44OC0xOC4zNCw2Ljg4CglzMTEuNTQtMTEuOTQsMjUuNzctMjIuMjdjNS44OS0zLjksOS4zNS02LjM4LDE1LjU2LTExLjU0Yy04Ljk5LTAuMTUtMTYuMjksMC4xMS0xNi4yOSwwLjExczE0Ljk5LTguMSwzMC41My0xNAoJYy0xMS4zNy0wLjUtMjIuMjUtMC4wOC0yMi4yNS0wLjA4czMzLjQ1LTE0Ljk2LDU5Ljg3LTI1Ljk0YzE4LjE3LTcuNDUsMzUuOTItNS4yNSw0NS44OSw5LjE3YzEzLjA5LDE4Ljg5LDI2Ljg0LDI5LjE1LDU1Ljk4LDM1LjUxCgljMTcuODktNy45MywyMy4zMy0xMi4wMSw0NS44MS0xOC4xM2MxOS43OS0yMS43NiwzNS4zMy0yNC41OCwzNS4zMy0yNC41OHMtNy43MSw3LjA3LTkuNzcsMTguMTgKCWMxMS4yMi04Ljg0LDIzLjUyLTE2LjIyLDIzLjUyLTE2LjIycy00Ljc2LDUuODgtOS4yLDE1LjIybDEuMDMsMS41M2MxMy4wOS03Ljg1LDI4LjQ4LTE0LjA0LDI4LjQ4LTE0LjA0cy00LjQsNS41Ni05LjU2LDEyLjc2CgljOS44Ny0wLjA4LDI5Ljg5LDAuNDIsMzcuNjYsMS4zYzQ1Ljg3LDEuMDEsNTUuMzktNDguOTksNzIuOTktNTUuMjZjMjIuMDQtNy44NywzMS44OS0xMi42Myw2OS40NSwyNC4yNgoJYzMyLjIzLDMxLjY3LDU3LjQxLDg4LjM2LDQ0LjkxLDEwMS4wNmMtMTAuNDgsMTAuNTQtMzEuMTYtNC4xMS01NC4wOC0zMi42OGMtMTIuMTEtMTUuMTMtMjEuMjctMzMuMDEtMjUuNTYtNTUuNzQKCWMtMy42Mi0xOS4xOC0xNy43MS0zMC4zMS0xNy43MS0zMC4zMVM1MjAsOTIuOTUsNTIwLDEwOS4wMWMwLDguNzcsMS4xLDQxLjU2LDE1LjE2LDU5Ljk2Yy0xLjM5LDIuNjktMi4wNCwxMy4zMS0zLjU4LDE1LjM0CgljLTE2LjM2LTE5Ljc3LTUxLjQ5LTMzLjkyLTU3LjIyLTM4LjA5YzE5LjM5LDE1Ljg5LDYzLjk2LDUyLjM5LDgxLjA4LDg3LjM3YzE2LjE5LDMzLjA4LDYuNjUsNjMuNCwxNC44NCw3MS4yNQoJYzIuMzMsMi4yNSwzNC44Miw0Mi43Myw0MS4wNyw2My4wN2MxMC45LDM1LjQ1LDAuNjUsNzIuNy0xMy42Miw5NS44MWwtMzkuODUsNi4yMWMtNS44My0xLjYyLTkuNzYtMi40My0xNC45OS01LjQ2CgljMi44OC01LjEsOC42MS0xNy44Miw4LjY3LTIwLjQ0bC0yLjI1LTMuOTVjLTEyLjQsMTcuNTctMzMuMTgsMzQuNjMtNTAuNDQsNDQuNDNjLTIyLjU5LDEyLjgtNDguNjMsMTAuODMtNjUuNTgsNS41OAoJYy00OC4xMS0xNC44NC05My42LTQ3LjM1LTEwNC41Ny01NS44OWMwLDAtMC4zNCw2LjgyLDEuNzMsOC4zNWMxMi4xMywxMy42OCwzOS45MiwzOC40Myw2Ni43OCw1NS42OGwtNTcuMjYsNi4zbDI3LjA3LDIxMC43OAoJYy0xMiwxLjcyLTEzLjg3LDIuNTYtMjcuMDEsNC40M2MtMTEuNTgtNDAuOTEtMzMuNzMtNjcuNjItNTcuOTQtODMuMThjLTIxLjM1LTEzLjcyLTUwLjgtMTYuODEtNzguOTktMTEuMjNsLTEuODEsMi4xCgljMTkuNi0yLjA0LDQyLjc0LDAuOCw2Ni41MSwxNS44NWMyMy4zMywxNC43NSw0Mi4xMyw1Mi44NSw0OS4wNSw3NS43OWM4Ljg2LDI5LjMyLDE0Ljk5LDYwLjY4LTguODYsOTMuOTIKCWMtMTYuOTcsMjMuNjMtNjYuNTEsMzYuNjktMTA2LjUzLDguNDRjMTAuNjksMTcuMTksMjUuMTQsMzEuMjUsNDQuNTksMzMuOWMyOC44OCwzLjkyLDU2LjI5LTEuMDksNzUuMTYtMjAuNDYKCWMxNi4xMS0xNi41NiwyNC42NS01MS4xOSwyMi40LTg3LjY2bDI1LjQ5LTMuN2w5LjIsNjUuNDZsNDIxLjk4LTUwLjgxTDc2NS44NSw0MjIuMzZ6IE01MDkuMTIsMjQ0LjU5CgljLTEuMTgsMi42OS0zLjAzLDQuNDUtMC4yNSwxMy4ybDAuMTcsMC41bDAuNDQsMS4xM2wxLjE2LDIuNjJjNS4wMSwxMC4yNCwxMC41MSwxOS45LDE5LjcsMjQuODNjMi4zOC0wLjQsNC44NC0wLjY3LDcuMzktMC44CgljOC42My0wLjM4LDE0LjA4LDAuOTksMTcuNTQsMi44NWMwLjMxLTEuNzIsMC4zOC00LjI0LDAuMTktNy45NWMtMC42Ny0xMi45NywyLjU3LTM1LjAzLTIyLjM2LTQ2LjY0CgljLTkuNDEtNC4zNy0yMi42MS0zLjAyLTI3LjAxLDIuNDNjMC44LDAuMSwxLjUyLDAuMjcsMi4wOCwwLjQ2QzUxNC44MiwyMzkuNTUsNTEwLjMxLDI0MS44NCw1MDkuMTIsMjQ0LjU5IE01NzguOTksMzY1LjYxCgljLTMuMjctMS44LTE4LjU1LTEuMDktMjkuMjksMC4xOWMtMjAuNDYsMi40MS00Mi41NSw5LjUxLTQ3LjM5LDEzLjI5Yy04LjgsNi44LTQuOCwxOC42NiwxLjcsMjMuNTMKCWMxOC4yMywxMy42MiwzNC4yMSwyMi43NSw1MS4wOCwyMC41M2MxMC4zNi0xLjM2LDE5LjQ5LTE3Ljc2LDI1Ljk2LTMyLjY0QzU4NS40OCwzODAuMjYsNTg1LjQ4LDM2OS4yLDU3OC45OSwzNjUuNjEgTTM5Ny44NSwyNjAuNjUKCWM1Ljc3LTUuNDgtMjguNzQtMTIuNjgtNTUuNTIsNS41OGMtMTkuNzUsMTMuNDctMjAuMzgsNDIuMzUtMS40Nyw1OC43MmMxLjg5LDEuNjIsMy40NSwyLjc3LDQuOTEsMy43MQoJYzUuNTItMi42LDExLjgxLTUuMjMsMTkuMDUtNy41OGMxMi4yMy0zLjk3LDIyLjQtNi4wMiwzMC43Ni03LjExYzQtNC40Nyw4LjY1LTEyLjM0LDcuNDktMjYuNTkKCUM0MDEuNDksMjY4LjA1LDM4Ni44NCwyNzEuMTIsMzk3Ljg1LDI2MC42NSIvPgo8L3N2Zz4K + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - nonResourceURLs: + - /metrics + verbs: + - get + - nonResourceURLs: + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - componentstatuses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - limitranges + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/spec + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - '*' + resources: + - '*/scale' + verbs: + - get + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - '*' + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - replicationcontrollers + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - get + - apiGroups: + - authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorization.k8s.io + resources: + - pods/exec + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - get + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list + - watch + - apiGroups: + - cilium.io + resources: + - ciliumnetworkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagentprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagentprofiles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagentprofiles/status + verbs: + - get + - patch + - update + - apiGroups: + - datadoghq.com + resources: + - datadogagents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagents/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogagents/status + verbs: + - get + - patch + - update + - apiGroups: + - datadoghq.com + resources: + - datadogdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogdashboards/finalizers + verbs: + - update + - apiGroups: + - datadoghq.com + resources: + - datadogdashboards/status + verbs: + - get + - patch + - update + - apiGroups: + - datadoghq.com + resources: + - datadogmetrics + verbs: + - create + - delete + - list + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogmetrics/status + verbs: + - update + - apiGroups: + - datadoghq.com + resources: + - datadogmonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogmonitors/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogmonitors/status + verbs: + - get + - patch + - update + - apiGroups: + - datadoghq.com + resources: + - datadogpodautoscalers + verbs: + - '*' + - apiGroups: + - datadoghq.com + resources: + - datadogpodautoscalers/status + verbs: + - '*' + - apiGroups: + - datadoghq.com + resources: + - datadogslos + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogslos/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - datadogslos/status + verbs: + - get + - patch + - update + - apiGroups: + - datadoghq.com + resources: + - extendeddaemonsetreplicasets + verbs: + - get + - apiGroups: + - datadoghq.com + resources: + - extendeddaemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - datadoghq.com + resources: + - watermarkpodautoscalers + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - external.metrics.k8s.io + resources: + - '*' + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - roles.rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - roles.rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - roles.rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - roles.rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - restricted + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + serviceAccountName: datadog-operator-controller-manager + - rules: + - apiGroups: + - security.openshift.io + resourceNames: + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: datadog-agent-scc + deployments: + - label: + app.kubernetes.io/name: datadog-operator + control-plane: controller-manager + name: datadog-operator-manager + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: datadog-operator + strategy: {} + template: + metadata: + annotations: + ad.datadoghq.com/manager.check_names: '["openmetrics"]' + ad.datadoghq.com/manager.init_configs: '[{}]' + ad.datadoghq.com/manager.instances: | + [{ + "prometheus_url": "http://%%host%%:8080/metrics", + "namespace": "datadog.operator", + "metrics": ["*"] + }] + labels: + app.kubernetes.io/name: datadog-operator + spec: + containers: + - args: + - --enable-leader-election + - --pprof + command: + - /manager + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: DD_TOOL_VERSION + value: redhat + image: registry.connect.redhat.com/datadog/operator@sha256:ec935311e959d58b4309932cb481c228d0b779d3d08a0a2a1ab052ab4a96e58e + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz/ + port: 8081 + periodSeconds: 10 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 250Mi + requests: + cpu: 100m + memory: 250Mi + serviceAccountName: datadog-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases/status + verbs: + - get + - update + - patch + serviceAccountName: datadog-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - Datadog + - Monitoring + - Logs + - Tracing + links: + - name: Documentation + url: https://docs.datadoghq.com/agent/kubernetes/ + - name: Kubernetes Monitoring Info + url: https://www.datadoghq.com/blog/tag/kubernetes/ + maintainers: + - email: support@datadoghq.com + name: Datadog Inc. + maturity: alpha + minKubeVersion: 1.16.0 + provider: + name: Datadog + relatedImages: + - image: registry.connect.redhat.com/datadog/operator@sha256:ec935311e959d58b4309932cb481c228d0b779d3d08a0a2a1ab052ab4a96e58e + name: manager + - image: registry.connect.redhat.com/datadog/operator@sha256:ec935311e959d58b4309932cb481c228d0b779d3d08a0a2a1ab052ab4a96e58e + name: operator-ec935311e959d58b4309932cb481c228d0b779d3d08a0a2a1ab052ab4a96e58e-annotation + replaces: datadog-operator.v1.9.0 + version: 1.10.0 diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadog-operator-webhook-service_v1_service.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadog-operator-webhook-service_v1_service.yaml new file mode 100644 index 000000000..e16be186e --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadog-operator-webhook-service_v1_service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: datadog-operator-webhook-service +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogagentprofiles.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogagentprofiles.yaml new file mode 100644 index 000000000..53edfa0d2 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogagentprofiles.yaml @@ -0,0 +1,463 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogagentprofiles.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.valid + name: valid + type: string + - jsonPath: .status.applied + name: applied + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + env: + description: |- + Specify additional environment variables in the container. + See also: https://docs.datadoghq.com/agent/guide/environment-variables/ + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: |- + Specify the Request and Limits of the pods. + To get guaranteed QoS class, specify requests and limits equal. + See also: http://kubernetes.io/docs/user-guide/compute-resources/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + description: |- + Configure the basic configurations for an Agent container + Valid Agent container names are: `agent` + type: object + labels: + additionalProperties: + type: string + description: Labels provide labels that are added to the + Datadog Agent pods. + type: object + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of + the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object + type: object + description: Override the default configurations of the node agent. + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts + with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations + of a DatadogAgentProfile's current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can + be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently + labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config + spec. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogagents.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogagents.yaml new file mode 100644 index 000000000..39dd2a0e1 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogagents.yaml @@ -0,0 +1,8007 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogagents.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogAgent + listKind: DatadogAgentList + plural: datadogagents + shortNames: + - dd + singular: datadogagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.agent.status + name: agent + type: string + - jsonPath: .status.clusterAgent.status + name: cluster-agent + type: string + - jsonPath: .status.clusterChecksRunner.status + name: cluster-checks-runner + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2alpha1 + schema: + openAPIV3Schema: + description: DatadogAgent Deployment with the Datadog Operator. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogAgentSpec defines the desired state of DatadogAgent + properties: + features: + description: Features running on the Agent and Cluster Agent + properties: + admissionController: + description: AdmissionController configuration. + properties: + agentCommunicationMode: + description: |- + AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. + It can be "hostip", "service", or "socket". + type: string + agentSidecarInjection: + description: AgentSidecarInjection contains Agent sidecar + injection configurations. + properties: + clusterAgentCommunicationEnabled: + description: |- + ClusterAgentCommunicationEnabled enables communication between Agent sidecars and the Cluster Agent. + Default : true + type: boolean + enabled: + description: |- + Enabled enables Sidecar injections. + Default: false + type: boolean + image: + description: Image overrides the default Agent image name + and tag for the Agent sidecar. + properties: + jmxEnabled: + description: |- + Define whether the Agent image should support JMX. + To be used if the Name field does not correspond to a full image string. + type: boolean + name: + description: |- + Define the image to use: + Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. + Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. + Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. + Use "agent" with the registry and tag configurations for /agent:. + Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. + If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, + and `global.registry` values are ignored. + Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; + image string is created using default registry unless `global.registry` is configured. + type: string + pullPolicy: + description: |- + The Kubernetes pull policy: + Use Always, Never, or IfNotPresent. + type: string + pullSecrets: + description: |- + It is possible to specify Docker registry credentials. + See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + description: |- + Define the image tag to use. + To be used if the Name field does not correspond to a full image string. + type: string + type: object + profiles: + description: Profiles define the sidecar configuration + override. Only one profile is supported. + items: + description: Profile defines a sidecar configuration + override. + properties: + env: + description: EnvVars specifies the environment variables + for the profile. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: ResourceRequirements specifies the + resource requirements for the profile. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + description: |- + Provider is used to add infrastructure provider-specific configurations to the Agent sidecar. + Currently only "fargate" is supported. + To use the feature in other environments (including local testing) omit the config. + See also: https://docs.datadoghq.com/integrations/eks_fargate + type: string + registry: + description: Registry overrides the default registry for + the sidecar Agent. + type: string + selectors: + description: Selectors define the pod selector for sidecar + injection. Only one rule is supported. + items: + description: Selectors define a pod selector for sidecar + injection. + properties: + namespaceSelector: + description: NamespaceSelector specifies the label + selector for namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + objectSelector: + description: ObjectSelector specifies the label + selector for objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + description: CWSInstrumentation holds the CWS Instrumentation + endpoint configuration + properties: + enabled: + description: |- + Enable the CWS Instrumentation admission controller endpoint. + Default: false + type: boolean + mode: + description: |- + Mode defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". + Default: "remote_copy" + type: string + type: object + enabled: + description: |- + Enabled enables the Admission Controller. + Default: true + type: boolean + failurePolicy: + description: FailurePolicy determines how unrecognized and + timeout errors are handled. + type: string + mutateUnlabelled: + description: |- + MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. + Default: false + type: boolean + registry: + description: Registry defines an image registry for the admission + controller. + type: string + serviceName: + description: ServiceName corresponds to the webhook service + name. + type: string + webhookName: + description: |- + WebhookName is a custom name for the MutatingWebhookConfiguration. + Default: "datadog-webhook" + type: string + type: object + apm: + description: APM (Application Performance Monitoring) configuration. + properties: + enabled: + description: |- + Enabled enables Application Performance Monitoring. + Default: true + type: boolean + hostPortConfig: + description: |- + HostPortConfig contains host port configuration. + Enabled Default: false + Port Default: 8126 + properties: + enabled: + description: Enabled enables host port configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + instrumentation: + description: |- + SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. + Feature is in beta. + See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm + Enabled Default: false + properties: + disabledNamespaces: + description: DisabledNamespaces disables injecting the + Datadog APM libraries into pods in specific namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + Enabled enables injecting the Datadog APM libraries into all pods in the cluster. + Default: false + type: boolean + enabledNamespaces: + description: EnabledNamespaces enables injecting the Datadog + APM libraries into pods in specific namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + languageDetection: + description: |- + LanguageDetection detects languages and adds them as annotations on Deployments, but does not use these languages for injecting libraries to workload pods. + (Requires Agent 7.52.0+ and Cluster Agent 7.52.0+) + properties: + enabled: + description: |- + Enabled enables Language Detection to automatically detect languages of user workloads (beta). + Requires SingleStepInstrumentation.Enabled to be true. + Default: true + type: boolean + type: object + libVersions: + additionalProperties: + type: string + description: |- + LibVersions configures injection of specific tracing library versions with Single Step Instrumentation. + : + ex: "java": "v1.18.0" + type: object + type: object + unixDomainSocketConfig: + description: |- + UnixDomainSocketConfig contains socket configuration. + See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables + Enabled Default: true + Path Default: `/var/run/datadog/apm.socket` + properties: + enabled: + description: |- + Enabled enables Unix Domain Socket. + Default: true + type: boolean + path: + description: Path defines the socket path used when enabled. + type: string + type: object + type: object + asm: + description: ASM (Application Security Management) configuration. + properties: + iast: + description: |- + IAST configures Interactive Application Security Testing. + Enabled Default: false + properties: + enabled: + description: |- + Enabled enables Interactive Application Security Testing (IAST). + Default: false + type: boolean + type: object + sca: + description: |- + SCA configures Software Composition Analysis. + Enabled Default: false + properties: + enabled: + description: |- + Enabled enables Software Composition Analysis (SCA). + Default: false + type: boolean + type: object + threats: + description: |- + Threats configures ASM App & API Protection. + Enabled Default: false + properties: + enabled: + description: |- + Enabled enables ASM App & API Protection. + Default: false + type: boolean + type: object + type: object + autoscaling: + description: Autoscaling configuration. + properties: + workload: + description: Workload contains the configuration for the workload + autoscaling product. + properties: + enabled: + description: |- + Enabled enables the workload autoscaling product. + Default: false + type: boolean + type: object + type: object + clusterChecks: + description: ClusterChecks configuration. + properties: + enabled: + description: |- + Enables Cluster Checks scheduling in the Cluster Agent. + Default: true + type: boolean + useClusterChecksRunners: + description: |- + Enabled enables Cluster Checks Runners to run all Cluster Checks. + Default: false + type: boolean + type: object + cspm: + description: CSPM (Cloud Security Posture Management) configuration. + properties: + checkInterval: + description: CheckInterval defines the check interval. + type: string + customBenchmarks: + description: |- + CustomBenchmarks contains CSPM benchmarks. + The content of the ConfigMap will be merged with the benchmarks bundled with the agent. + Any benchmarks with the same name as those existing in the agent will take precedence. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: |- + Enabled enables Cloud Security Posture Management. + Default: false + type: boolean + hostBenchmarks: + description: HostBenchmarks contains configuration for host + benchmarks. + properties: + enabled: + description: |- + Enabled enables host benchmarks. + Default: true + type: boolean + type: object + type: object + cws: + description: CWS (Cloud Workload Security) configuration. + properties: + customPolicies: + description: |- + CustomPolicies contains security policies. + The content of the ConfigMap will be merged with the policies bundled with the agent. + Any policies with the same name as those existing in the agent will take precedence. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: |- + Enabled enables Cloud Workload Security. + Default: false + type: boolean + network: + properties: + enabled: + description: |- + Enabled enables Cloud Workload Security Network detections. + Default: true + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + description: |- + Enabled enables Remote Configuration for Cloud Workload Security. + Default: true + type: boolean + type: object + securityProfiles: + properties: + enabled: + description: |- + Enabled enables Security Profiles collection for Cloud Workload Security. + Default: true + type: boolean + type: object + syscallMonitorEnabled: + description: |- + SyscallMonitorEnabled enables Syscall Monitoring (recommended for troubleshooting only). + Default: false + type: boolean + type: object + dogstatsd: + description: Dogstatsd configuration. + properties: + hostPortConfig: + description: |- + HostPortConfig contains host port configuration. + Enabled Default: false + Port Default: 8125 + properties: + enabled: + description: Enabled enables host port configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + mapperProfiles: + description: |- + Configure the Dogstasd Mapper Profiles. + Can be passed as raw data or via a json encoded string in a config map. + See also: https://docs.datadoghq.com/developers/dogstatsd/dogstatsd_mapper/ + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + originDetectionEnabled: + description: |- + OriginDetectionEnabled enables origin detection for container tagging. + See also: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + type: boolean + tagCardinality: + description: |- + TagCardinality configures tag cardinality for the metrics collected using origin detection (`low`, `orchestrator` or `high`). + See also: https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables + Cardinality default: low + type: string + unixDomainSocketConfig: + description: |- + UnixDomainSocketConfig contains socket configuration. + See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables + Enabled Default: true + Path Default: `/var/run/datadog/dsd.socket` + properties: + enabled: + description: |- + Enabled enables Unix Domain Socket. + Default: true + type: boolean + path: + description: Path defines the socket path used when enabled. + type: string + type: object + type: object + ebpfCheck: + description: EBPFCheck configuration. + properties: + enabled: + description: |- + Enables the eBPF check. + Default: false + type: boolean + type: object + eventCollection: + description: EventCollection configuration. + properties: + collectKubernetesEvents: + description: |- + CollectKubernetesEvents enables Kubernetes event collection. + Default: true + type: boolean + collectedEventTypes: + description: |- + CollectedEventTypes defines the list of events to collect when UnbundleEvents is enabled. + Default: + [ + {"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]}, + {"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]}, + {"kind":"CronJob","reasons":["SawCompletedJob"]} + ] + items: + description: EventTypes defines the kind and reasons of + events to collect. + properties: + kind: + description: 'Kind is the kind of event to collect. + (ex: Pod, Node, CronJob)' + type: string + reasons: + description: 'Reasons is a list of event reasons to + collect. (ex: Failed, BackOff, Unhealthy)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + description: |- + UnbundleEvents enables collection of Kubernetes events as individual events. + Default: false + type: boolean + type: object + externalMetricsServer: + description: ExternalMetricsServer configuration. + properties: + enabled: + description: |- + Enabled enables the External Metrics Server. + Default: false + type: boolean + endpoint: + description: |- + Override the API endpoint for the External Metrics Server. + URL Default: "https://app.datadoghq.com". + properties: + credentials: + description: Credentials defines the Datadog credentials + used to submit data to/query data from Datadog. + properties: + apiKey: + description: |- + APIKey configures your Datadog API key. + See also: https://app.datadoghq.com/account/settings#agent/kubernetes + type: string + apiSecret: + description: |- + APISecret references an existing Secret which stores the API key instead of creating a new one. + If set, this parameter takes precedence over "APIKey". + properties: + keyName: + description: KeyName is the key of the secret + to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + appKey: + description: |- + AppKey configures your Datadog application key. + If you are using features.externalMetricsServer.enabled = true, you must set + a Datadog application key for read access to your metrics. + type: string + appSecret: + description: |- + AppSecret references an existing Secret which stores the application key instead of creating a new one. + If set, this parameter takes precedence over "AppKey". + properties: + keyName: + description: KeyName is the key of the secret + to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: object + url: + description: URL defines the endpoint URL. + type: string + type: object + port: + description: |- + Port specifies the metricsProvider External Metrics Server service port. + Default: 8443 + format: int32 + type: integer + registerAPIService: + description: |- + RegisterAPIService registers the External Metrics endpoint as an APIService + Default: true + type: boolean + useDatadogMetrics: + description: |- + UseDatadogMetrics enables usage of the DatadogMetrics CRD (allowing one to scale on arbitrary Datadog metric queries). + Default: true + type: boolean + wpaController: + description: |- + WPAController enables the informer and controller of the Watermark Pod Autoscaler. + NOTE: The Watermark Pod Autoscaler controller needs to be installed. + See also: https://github.com/DataDog/watermarkpodautoscaler. + Default: false + type: boolean + type: object + helmCheck: + description: HelmCheck configuration. + properties: + collectEvents: + description: |- + CollectEvents set to `true` enables event collection in the Helm check + (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) + Default: false + type: boolean + enabled: + description: |- + Enabled enables the Helm check. + Default: false + type: boolean + valuesAsTags: + additionalProperties: + type: string + description: |- + ValuesAsTags collects Helm values from a release and uses them as tags + (Requires Agent and Cluster Agent 7.40.0+). + Default: {} + type: object + type: object + kubeStateMetricsCore: + description: KubeStateMetricsCore check configuration. + properties: + conf: + description: |- + Conf overrides the configuration for the default Kubernetes State Metrics Core check. + This must point to a ConfigMap containing a valid cluster check configuration. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: |- + Enabled enables Kube State Metrics Core. + Default: true + type: boolean + type: object + liveContainerCollection: + description: LiveContainerCollection configuration. + properties: + enabled: + description: |- + Enables container collection for the Live Container View. + Default: true + type: boolean + type: object + liveProcessCollection: + description: LiveProcessCollection configuration. + properties: + enabled: + description: |- + Enabled enables Process monitoring. + Default: false + type: boolean + scrubProcessArguments: + description: |- + ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). + Default: true + type: boolean + stripProcessArguments: + description: |- + StripProcessArguments enables stripping of all process arguments. + Default: false + type: boolean + type: object + logCollection: + description: LogCollection configuration. + properties: + containerCollectAll: + description: |- + ContainerCollectAll enables Log collection from all containers. + Default: false + type: boolean + containerCollectUsingFiles: + description: |- + ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API. + Collecting logs from files is usually the most efficient way of collecting logs. + See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + Default: true + type: boolean + containerLogsPath: + description: |- + ContainerLogsPath allows log collection from the container log path. + Set to a different path if you are not using the Docker runtime. + See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest + Default: `/var/lib/docker/containers` + type: string + containerSymlinksPath: + description: |- + ContainerSymlinksPath allows log collection to use symbolic links in this directory to validate container ID -> pod. + Default: `/var/log/containers` + type: string + enabled: + description: |- + Enabled enables Log collection. + Default: false + type: boolean + openFilesLimit: + description: |- + OpenFilesLimit sets the maximum number of log files that the Datadog Agent tails. + Increasing this limit can increase resource consumption of the Agent. + See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + Default: 100 + format: int32 + type: integer + podLogsPath: + description: |- + PodLogsPath allows log collection from a pod log path. + Default: `/var/log/pods` + type: string + tempStoragePath: + description: |- + TempStoragePath (always mounted from the host) is used by the Agent to store information about processed log files. + If the Agent is restarted, it starts tailing the log files immediately. + Default: `/var/lib/datadog-agent/logs` + type: string + type: object + npm: + description: NPM (Network Performance Monitoring) configuration. + properties: + collectDNSStats: + description: |- + CollectDNSStats enables DNS stat collection. + Default: false + type: boolean + enableConntrack: + description: |- + EnableConntrack enables the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data. + See also: http://conntrack-tools.netfilter.org/ + Default: false + type: boolean + enabled: + description: |- + Enabled enables Network Performance Monitoring. + Default: false + type: boolean + type: object + oomKill: + description: OOMKill configuration. + properties: + enabled: + description: |- + Enables the OOMKill eBPF-based check. + Default: false + type: boolean + type: object + orchestratorExplorer: + description: OrchestratorExplorer check configuration. + properties: + conf: + description: |- + Conf overrides the configuration for the default Orchestrator Explorer check. + This must point to a ConfigMap containing a valid cluster check configuration. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + customResources: + description: |- + `CustomResources` defines custom resources for the orchestrator explorer to collect. + Each item should follow the convention `group/version/kind`. For example, `datadoghq.com/v1alpha1/datadogmetrics`. + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + description: |- + Override the API endpoint for the Orchestrator Explorer. + URL Default: "https://orchestrator.datadoghq.com". + type: string + enabled: + description: |- + Enabled enables the Orchestrator Explorer. + Default: true + type: boolean + extraTags: + description: |- + Additional tags to associate with the collected data in the form of `a b c`. + This is a Cluster Agent option distinct from DD_TAGS that is used in the Orchestrator Explorer. + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + description: |- + ScrubContainers enables scrubbing of sensitive container data (passwords, tokens, etc. ). + Default: true + type: boolean + type: object + otlp: + description: OTLP ingest configuration + properties: + receiver: + description: Receiver contains configuration for the OTLP + ingest receiver. + properties: + protocols: + description: Protocols contains configuration for the + OTLP ingest receiver protocols. + properties: + grpc: + description: GRPC contains configuration for the OTLP + ingest OTLP/gRPC receiver. + properties: + enabled: + description: Enable the OTLP/gRPC endpoint. Host + port is enabled by default and can be disabled. + type: boolean + endpoint: + description: |- + Endpoint for OTLP/gRPC. + gRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md + The Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`). + Default: `0.0.0.0:4317`. + type: string + hostPortConfig: + description: |- + Enable hostPort for OTLP/gRPC + Default: true + properties: + enabled: + description: Enabled enables host port configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + type: object + http: + description: HTTP contains configuration for the OTLP + ingest OTLP/HTTP receiver. + properties: + enabled: + description: Enable the OTLP/HTTP endpoint. Host + port is enabled by default and can be disabled. + type: boolean + endpoint: + description: |- + Endpoint for OTLP/HTTP. + Default: '0.0.0.0:4318'. + type: string + hostPortConfig: + description: |- + Enable hostPorts for OTLP/HTTP + Default: true + properties: + enabled: + description: Enabled enables host port configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + type: object + type: object + type: object + type: object + processDiscovery: + description: ProcessDiscovery configuration. + properties: + enabled: + description: |- + Enabled enables the Process Discovery check in the Agent. + Default: true + type: boolean + type: object + prometheusScrape: + description: PrometheusScrape configuration. + properties: + additionalConfigs: + description: AdditionalConfigs allows adding advanced Prometheus + check configurations with custom discovery rules. + type: string + enableServiceEndpoints: + description: |- + EnableServiceEndpoints enables generating dedicated checks for service endpoints. + Default: false + type: boolean + enabled: + description: |- + Enable autodiscovery of pods and services exposing Prometheus metrics. + Default: false + type: boolean + version: + description: |- + Version specifies the version of the OpenMetrics check. + Default: 2 + type: integer + type: object + remoteConfiguration: + description: Remote Configuration configuration. + properties: + enabled: + description: |- + Enable this option to activate Remote Configuration. + Default: true + type: boolean + type: object + sbom: + description: SBOM collection configuration. + properties: + containerImage: + description: SBOMTypeConfig contains configuration for a SBOM + collection type. + properties: + analyzers: + description: Analyzers to use for SBOM collection. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + Enable this option to activate SBOM collection. + Default: false + type: boolean + overlayFSDirectScan: + description: |- + Enable this option to enable experimental overlayFS direct scan. + Default: false + type: boolean + uncompressedLayersSupport: + description: |- + Enable this option to enable support for uncompressed layers. + Default: false + type: boolean + type: object + enabled: + description: |- + Enable this option to activate SBOM collection. + Default: false + type: boolean + host: + description: SBOMTypeConfig contains configuration for a SBOM + collection type. + properties: + analyzers: + description: Analyzers to use for SBOM collection. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + Enable this option to activate SBOM collection. + Default: false + type: boolean + type: object + type: object + tcpQueueLength: + description: TCPQueueLength configuration. + properties: + enabled: + description: |- + Enables the TCP queue length eBPF-based check. + Default: false + type: boolean + type: object + usm: + description: USM (Universal Service Monitoring) configuration. + properties: + enabled: + description: |- + Enabled enables Universal Service Monitoring. + Default: false + type: boolean + type: object + type: object + global: + description: Global settings to configure the agents + properties: + clusterAgentToken: + description: ClusterAgentToken is the token for communication + between the NodeAgent and ClusterAgent. + type: string + clusterAgentTokenSecret: + description: ClusterAgentTokenSecret is the secret containing + the Cluster Agent token. + properties: + keyName: + description: KeyName is the key of the secret to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + clusterName: + description: ClusterName sets a unique cluster name for the deployment + to easily scope monitoring data in the Datadog app. + type: string + containerStrategy: + description: |- + ContainerStrategy determines whether agents run in a single or multiple containers. + Default: 'optimized' + type: string + credentials: + description: Credentials defines the Datadog credentials used + to submit data to/query data from Datadog. + properties: + apiKey: + description: |- + APIKey configures your Datadog API key. + See also: https://app.datadoghq.com/account/settings#agent/kubernetes + type: string + apiSecret: + description: |- + APISecret references an existing Secret which stores the API key instead of creating a new one. + If set, this parameter takes precedence over "APIKey". + properties: + keyName: + description: KeyName is the key of the secret to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + appKey: + description: |- + AppKey configures your Datadog application key. + If you are using features.externalMetricsServer.enabled = true, you must set + a Datadog application key for read access to your metrics. + type: string + appSecret: + description: |- + AppSecret references an existing Secret which stores the application key instead of creating a new one. + If set, this parameter takes precedence over "AppKey". + properties: + keyName: + description: KeyName is the key of the secret to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: object + criSocketPath: + description: Path to the container runtime socket (if different + from Docker). + type: string + disableNonResourceRules: + description: |- + Set DisableNonResourceRules to exclude NonResourceURLs from default ClusterRoles. + Required 'true' for Google Cloud Marketplace. + type: boolean + dockerSocketPath: + description: Path to the docker runtime socket. + type: string + endpoint: + description: |- + Endpoint is the Datadog intake URL the Agent data are sent to. + Only set this option if you need the Agent to send data to a custom URL. + Overrides the site setting defined in `Site`. + properties: + credentials: + description: Credentials defines the Datadog credentials used + to submit data to/query data from Datadog. + properties: + apiKey: + description: |- + APIKey configures your Datadog API key. + See also: https://app.datadoghq.com/account/settings#agent/kubernetes + type: string + apiSecret: + description: |- + APISecret references an existing Secret which stores the API key instead of creating a new one. + If set, this parameter takes precedence over "APIKey". + properties: + keyName: + description: KeyName is the key of the secret to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + appKey: + description: |- + AppKey configures your Datadog application key. + If you are using features.externalMetricsServer.enabled = true, you must set + a Datadog application key for read access to your metrics. + type: string + appSecret: + description: |- + AppSecret references an existing Secret which stores the application key instead of creating a new one. + If set, this parameter takes precedence over "AppKey". + properties: + keyName: + description: KeyName is the key of the secret to use. + type: string + secretName: + description: SecretName is the name of the secret. + type: string + required: + - secretName + type: object + type: object + url: + description: URL defines the endpoint URL. + type: string + type: object + env: + description: Env contains a list of environment variables that + are set for all Agents. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + fips: + description: FIPS contains configuration used to customize the + FIPS proxy sidecar. + properties: + customFIPSConfig: + description: |- + CustomFIPSConfig configures a custom configMap to provide the FIPS configuration. + Specify custom contents for the FIPS proxy sidecar container config + (/etc/datadog-fips-proxy/datadog-fips-proxy.cfg). If empty, the default FIPS + proxy sidecar container config is used. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: Enable FIPS sidecar. + type: boolean + image: + description: The container image of the FIPS sidecar. + properties: + jmxEnabled: + description: |- + Define whether the Agent image should support JMX. + To be used if the Name field does not correspond to a full image string. + type: boolean + name: + description: |- + Define the image to use: + Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. + Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. + Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. + Use "agent" with the registry and tag configurations for /agent:. + Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. + If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, + and `global.registry` values are ignored. + Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; + image string is created using default registry unless `global.registry` is configured. + type: string + pullPolicy: + description: |- + The Kubernetes pull policy: + Use Always, Never, or IfNotPresent. + type: string + pullSecrets: + description: |- + It is possible to specify Docker registry credentials. + See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + description: |- + Define the image tag to use. + To be used if the Name field does not correspond to a full image string. + type: string + type: object + localAddress: + description: |- + Set the local IP address. + Default: `127.0.0.1` + type: string + port: + description: |- + Port specifies which port is used by the containers to communicate to the FIPS sidecar. + Default: 9803 + format: int32 + type: integer + portRange: + description: |- + PortRange specifies the number of ports used. + Default: 15 + format: int32 + type: integer + resources: + description: Resources is the requests and limits for the + FIPS sidecar container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + useHTTPS: + description: |- + UseHTTPS enables HTTPS. + Default: false + type: boolean + type: object + kubelet: + description: Kubelet contains the kubelet configuration parameters. + properties: + agentCAPath: + description: |- + AgentCAPath is the container path where the kubelet CA certificate is stored. + Default: '/var/run/host-kubelet-ca.crt' if hostCAPath is set, else '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' + type: string + host: + description: Host overrides the host used to contact kubelet + API (default to status.hostIP). + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + hostCAPath: + description: HostCAPath is the host path where the kubelet + CA certificate is stored. + type: string + tlsVerify: + description: |- + TLSVerify toggles kubelet TLS verification. + Default: true + type: boolean + type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + description: "Provide a mapping of Kubernetes Resource Groups + to annotations mapping to Datadog Tags.\n:\n\t\t: + \nKUBERNETES_RESOURCE_GROUP should be in the + form `{resource}.{group}` or `{resource}` (example: deployments.apps, + pods)" + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + description: "Provide a mapping of Kubernetes Resource Groups + to labels mapping to Datadog Tags.\n:\n\t\t: + \nKUBERNETES_RESOURCE_GROUP should be in the + form `{resource}.{group}` or `{resource}` (example: deployments.apps, + pods)" + type: object + localService: + description: LocalService contains configuration to customize + the internal traffic policy service. + properties: + forceEnableLocalService: + description: |- + ForceEnableLocalService forces the creation of the internal traffic policy service to target the agent running on the local node. + This parameter only applies to Kubernetes 1.21, where the feature is in alpha and is disabled by default. + (On Kubernetes 1.22+, the feature entered beta and the internal traffic service is created by default, so this parameter is ignored.) + Default: false + type: boolean + nameOverride: + description: NameOverride defines the name of the internal + traffic service to target the agent running on the local + node. + type: string + type: object + logLevel: + description: |- + LogLevel sets logging verbosity. This can be overridden by container. + Valid log levels are: trace, debug, info, warn, error, critical, and off. + Default: 'info' + type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + description: |- + Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags. + : + type: object + namespaceLabelsAsTags: + additionalProperties: + type: string + description: |- + Provide a mapping of Kubernetes Namespace Labels to Datadog Tags. + : + type: object + networkPolicy: + description: NetworkPolicy contains the network configuration. + properties: + create: + description: Create defines whether to create a NetworkPolicy + for the current deployment. + type: boolean + dnsSelectorEndpoints: + description: DNSSelectorEndpoints defines the cilium selector + of the DNS server entity. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + flavor: + description: Flavor defines Which network policy to use. + type: string + type: object + nodeLabelsAsTags: + additionalProperties: + type: string + description: |- + Provide a mapping of Kubernetes Node Labels to Datadog Tags. + : + type: object + originDetectionUnified: + description: OriginDetectionUnified defines the origin detection + unified mechanism behavior. + properties: + enabled: + description: |- + Enabled enables unified mechanism for origin detection. + Default: false + type: boolean + type: object + podAnnotationsAsTags: + additionalProperties: + type: string + description: |- + Provide a mapping of Kubernetes Annotations to Datadog Tags. + : + type: object + podLabelsAsTags: + additionalProperties: + type: string + description: |- + Provide a mapping of Kubernetes Labels to Datadog Tags. + : + type: object + registry: + description: |- + Registry is the image registry to use for all Agent images. + Use 'public.ecr.aws/datadog' for AWS ECR. + Use 'datadoghq.azurecr.io' for Azure Container Registry. + Use 'gcr.io/datadoghq' for Google Container Registry. + Use 'eu.gcr.io/datadoghq' for Google Container Registry in the EU region. + Use 'asia.gcr.io/datadoghq' for Google Container Registry in the Asia region. + Use 'docker.io/datadog' for DockerHub. + Default: 'gcr.io/datadoghq' + type: string + secretBackend: + description: |- + Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management + See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md + properties: + args: + description: List of arguments to pass to the command (space-separated + strings). + type: string + command: + description: |- + The secret backend command to use. Datadog provides a pre-defined binary `/readsecret_multiple_providers.sh`. + Read more about `/readsecret_multiple_providers.sh` at https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers. + type: string + enableGlobalPermissions: + description: |- + Whether to create a global permission allowing Datadog agents to read all Kubernetes secrets. + Default: `false`. + type: boolean + roles: + description: |- + Roles for Datadog to read the specified secrets, replacing `enableGlobalPermissions`. + They are defined as a list of namespace/secrets. + Each defined namespace needs to be present in the DatadogAgent controller using `WATCH_NAMESPACE` or `DD_AGENT_WATCH_NAMESPACE`. + See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent. + items: + description: SecretBackendRolesConfig provides configuration + of the secrets Datadog agents can read for the SecretBackend + feature + properties: + namespace: + description: Namespace defines the namespace in which + the secrets reside. + type: string + secrets: + description: Secrets defines the list of secrets for + which a role should be created. + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + description: |- + The command timeout in seconds. + Default: `30`. + format: int32 + type: integer + type: object + site: + description: |- + Site is the Datadog intake site Agent data are sent to. + Set to 'datadoghq.com' to send data to the US1 site (default). + Set to 'datadoghq.eu' to send data to the EU site. + Set to 'us3.datadoghq.com' to send data to the US3 site. + Set to 'us5.datadoghq.com' to send data to the US5 site. + Set to 'ddog-gov.com' to send data to the US1-FED site. + Set to 'ap1.datadoghq.com' to send data to the AP1 site. + Default: 'datadoghq.com' + type: string + tags: + description: |- + Tags contains a list of tags to attach to every metric, event and service check collected. + Learn more about tagging: https://docs.datadoghq.com/tagging/ + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + override: + additionalProperties: + description: DatadogAgentComponentOverride is the generic description + equivalent to a subset of the PodTemplate for a component. + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations provide annotations that are added + to the different component (Datadog Agent, Cluster Agent, + Cluster Check Runner) pods. + type: object + containers: + additionalProperties: + description: DatadogAgentGenericContainer is the generic structure + describing any container's common configuration. + properties: + appArmorProfileName: + description: AppArmorProfileName specifies an apparmor + profile. + type: string + args: + description: Args allows the specification of extra args + to the `Command` parameter + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: Command allows the specification of a custom + entrypoint for container + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + Specify additional environment variables in the container. + See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + healthPort: + description: |- + HealthPort of the container for the internal liveness probe. + Must be the same as the Liveness/Readiness probes. + format: int32 + type: integer + livenessProbe: + description: Configure the Liveness Probe of the container + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + logLevel: + description: |- + LogLevel sets logging verbosity (overrides global setting). + Valid log levels are: trace, debug, info, warn, error, critical, and off. + Default: 'info' + type: string + name: + description: Name of the container that is overridden + type: string + readinessProbe: + description: Configure the Readiness Probe of the container + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: |- + Specify the Request and Limits of the pods + To get guaranteed QoS class, specify requests and limits equal. + See also: http://kubernetes.io/docs/user-guide/compute-resources/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + seccompConfig: + description: |- + Seccomp configurations to override Operator actions. For all other Seccomp Profile manipulation, + use SecurityContext. + properties: + customProfile: + description: |- + CustomProfile specifies a ConfigMap containing a custom Seccomp Profile. + ConfigMap data must either have the key `system-probe-seccomp.json` or CustomProfile.Items + must include a corev1.KeytoPath that maps the key to the path `system-probe-seccomp.json`. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing + ConfigMap with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` + to a file `path` mount. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + customRootPath: + description: CustomRootPath specifies a custom Seccomp + Profile root location. + type: string + type: object + securityContext: + description: Container-level SecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: Specify additional volume mounts in the container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + - mountPath + x-kubernetes-list-type: map + type: object + description: |- + Configure the basic configurations for each Agent container. Valid Agent container names are: + `agent`, `cluster-agent`, `init-config`, `init-volume`, `process-agent`, `seccomp-setup`, + `security-agent`, `system-probe`, `trace-agent`, and `all`. + Configuration under `all` applies to all configured containers. + type: object + createRbac: + description: Set CreateRbac to false to prevent automatic creation + of Role/ClusterRole for this component + type: boolean + customConfigurations: + additionalProperties: + description: |- + CustomConfig provides a place for custom configuration of the Agent or Cluster Agent, corresponding to datadog.yaml, + system-probe.yaml, security-agent.yaml or datadog-cluster.yaml. + The configuration can be provided in the ConfigData field as raw data, or referenced in a ConfigMap. + Note: `ConfigData` and `ConfigMap` cannot be set together. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` to + a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + description: |- + CustomConfiguration allows to specify custom configuration files for `datadog.yaml`, `datadog-cluster.yaml`, `security-agent.yaml`, and `system-probe.yaml`. + The content is merged with configuration generated by the Datadog Operator, with priority given to custom configuration. + WARNING: It is possible to override values set in the `DatadogAgent`. + type: object + disabled: + description: Disabled force disables a component. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + env: + description: |- + Specify additional environment variables for all containers in this component + Priority is Container > Component. + See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + EnvFrom specifies the ConfigMaps and Secrets to expose as environment variables. + Priority is env > envFrom. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + extraChecksd: + description: |- + Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ + See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details. + properties: + configDataMap: + additionalProperties: + type: string + description: |- + ConfigDataMap corresponds to the content of the configuration files. + The key should be the filename the contents get mounted to; for instance check.py or check.yaml. + type: object + configMap: + description: ConfigMap references an existing ConfigMap + with the content of the configuration files. + properties: + items: + description: Items maps a ConfigMap data `key` to a + file `path` mount. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + extraConfd: + description: |- + Confd configuration allowing to specify config files for custom checks placed under /etc/datadog-agent/conf.d/. + See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details. + properties: + configDataMap: + additionalProperties: + type: string + description: |- + ConfigDataMap corresponds to the content of the configuration files. + The key should be the filename the contents get mounted to; for instance check.py or check.yaml. + type: object + configMap: + description: ConfigMap references an existing ConfigMap + with the content of the configuration files. + properties: + items: + description: Items maps a ConfigMap data `key` to a + file `path` mount. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. + type: boolean + hostPID: + description: Use the host's PID namespace. + type: boolean + image: + description: The container image of the different components + (Datadog Agent, Cluster Agent, Cluster Check Runner). + properties: + jmxEnabled: + description: |- + Define whether the Agent image should support JMX. + To be used if the Name field does not correspond to a full image string. + type: boolean + name: + description: |- + Define the image to use: + Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. + Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. + Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. + Use "agent" with the registry and tag configurations for /agent:. + Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. + If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, + and `global.registry` values are ignored. + Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; + image string is created using default registry unless `global.registry` is configured. + type: string + pullPolicy: + description: |- + The Kubernetes pull policy: + Use Always, Never, or IfNotPresent. + type: string + pullSecrets: + description: |- + It is possible to specify Docker registry credentials. + See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + description: |- + Define the image tag to use. + To be used if the Name field does not correspond to a full image string. + type: string + type: object + labels: + additionalProperties: + type: string + description: AdditionalLabels provide labels that are added + to the different component (Datadog Agent, Cluster Agent, + Cluster Check Runner) pods. + type: object + name: + description: Name overrides the default name for the resource + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass object with that name. If not specified, + the pod priority is default, or zero if there is no default. + type: string + replicas: + description: |- + Number of the replicas. + Not applicable for a DaemonSet/ExtendedDaemonSet deployment + format: int32 + type: integer + securityContext: + description: Pod-level SecurityContext. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: Sets the ServiceAccountAnnotations used by this + component. + type: object + serviceAccountName: + description: |- + Sets the ServiceAccount used by this component. + Ignored if the field CreateRbac is true. + type: string + tolerations: + description: Configure the component tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + updateStrategy: + description: The deployment strategy to use to replace existing + pods with new ones. + properties: + rollingUpdate: + description: Configure the rolling update strategy of the + Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object + volumes: + description: Specify additional volumes in the different components + (Datadog Agent, Cluster Agent, Cluster Check Runner). + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the + blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure managed + data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default is + /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of the + relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use + for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the + downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a + field of the pod: only annotations, + labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an + already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool + associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + description: Override the default configurations of the agents + type: object + type: object + status: + description: DatadogAgentStatus defines the observed state of DatadogAgent. + properties: + agent: + description: The combined actual state of all Agents as daemonsets + or extended daemonsets. + properties: + available: + description: Number of available pods in the DaemonSet. + format: int32 + type: integer + current: + description: Number of current pods in the DaemonSet. + format: int32 + type: integer + currentHash: + description: CurrentHash is the stored hash of the DaemonSet. + type: string + daemonsetName: + description: DaemonsetName corresponds to the name of the created + DaemonSet. + type: string + desired: + description: Number of desired pods in the DaemonSet. + format: int32 + type: integer + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + ready: + description: Number of ready pods in the DaemonSet. + format: int32 + type: integer + state: + description: State corresponds to the DaemonSet state. + type: string + status: + description: Status corresponds to the DaemonSet computed status. + type: string + upToDate: + description: Number of up to date pods in the DaemonSet. + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + agentList: + description: The actual state of the Agent as a daemonset or an extended + daemonset. + items: + description: DaemonSetStatus defines the observed state of Agent + running as DaemonSet. + properties: + available: + description: Number of available pods in the DaemonSet. + format: int32 + type: integer + current: + description: Number of current pods in the DaemonSet. + format: int32 + type: integer + currentHash: + description: CurrentHash is the stored hash of the DaemonSet. + type: string + daemonsetName: + description: DaemonsetName corresponds to the name of the created + DaemonSet. + type: string + desired: + description: Number of desired pods in the DaemonSet. + format: int32 + type: integer + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + ready: + description: Number of ready pods in the DaemonSet. + format: int32 + type: integer + state: + description: State corresponds to the DaemonSet state. + type: string + status: + description: Status corresponds to the DaemonSet computed status. + type: string + upToDate: + description: Number of up to date pods in the DaemonSet. + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: + description: The actual state of the Cluster Agent as a deployment. + properties: + availableReplicas: + description: Total number of available pods (ready for at least + minReadySeconds) targeted by this Deployment. + format: int32 + type: integer + currentHash: + description: CurrentHash is the stored hash of the Deployment. + type: string + deploymentName: + description: DeploymentName corresponds to the name of the Deployment. + type: string + generatedToken: + description: |- + GeneratedToken corresponds to the generated token if any token was provided in the Credential configuration when ClusterAgent is + enabled. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + readyReplicas: + description: Total number of ready pods targeted by this Deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated pods targeted by this + Deployment (their labels match the selector). + format: int32 + type: integer + state: + description: State corresponds to the Deployment state. + type: string + status: + description: Status corresponds to the Deployment computed status. + type: string + unavailableReplicas: + description: |- + Total number of unavailable pods targeted by this Deployment. This is the total number of + pods that are still required for the Deployment to have 100% available capacity. They may + either be pods that are running but not yet available or pods that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this + Deployment that have the desired template spec. + format: int32 + type: integer + type: object + clusterChecksRunner: + description: The actual state of the Cluster Checks Runner as a deployment. + properties: + availableReplicas: + description: Total number of available pods (ready for at least + minReadySeconds) targeted by this Deployment. + format: int32 + type: integer + currentHash: + description: CurrentHash is the stored hash of the Deployment. + type: string + deploymentName: + description: DeploymentName corresponds to the name of the Deployment. + type: string + generatedToken: + description: |- + GeneratedToken corresponds to the generated token if any token was provided in the Credential configuration when ClusterAgent is + enabled. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + readyReplicas: + description: Total number of ready pods targeted by this Deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated pods targeted by this + Deployment (their labels match the selector). + format: int32 + type: integer + state: + description: State corresponds to the Deployment state. + type: string + status: + description: Status corresponds to the Deployment computed status. + type: string + unavailableReplicas: + description: |- + Total number of unavailable pods targeted by this Deployment. This is the total number of + pods that are still required for the Deployment to have 100% available capacity. They may + either be pods that are running but not yet available or pods that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this + Deployment that have the desired template spec. + format: int32 + type: integer + type: object + conditions: + description: Conditions Represents the latest available observations + of a DatadogAgent's current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: + description: RemoteConfigConfiguration stores the configuration received + from RemoteConfig. + properties: + features: + description: DatadogFeatures are features running on the Agent + and Cluster Agent. + properties: + admissionController: + description: AdmissionController configuration. + properties: + agentCommunicationMode: + description: |- + AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. + It can be "hostip", "service", or "socket". + type: string + agentSidecarInjection: + description: AgentSidecarInjection contains Agent sidecar + injection configurations. + properties: + clusterAgentCommunicationEnabled: + description: |- + ClusterAgentCommunicationEnabled enables communication between Agent sidecars and the Cluster Agent. + Default : true + type: boolean + enabled: + description: |- + Enabled enables Sidecar injections. + Default: false + type: boolean + image: + description: Image overrides the default Agent image + name and tag for the Agent sidecar. + properties: + jmxEnabled: + description: |- + Define whether the Agent image should support JMX. + To be used if the Name field does not correspond to a full image string. + type: boolean + name: + description: |- + Define the image to use: + Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 7. + Use "datadog/dogstatsd:latest" for standalone Datadog Agent DogStatsD 7. + Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent. + Use "agent" with the registry and tag configurations for /agent:. + Use "cluster-agent" with the registry and tag configurations for /cluster-agent:. + If the name is the full image string—`:` or `/:`, then `tag`, `jmxEnabled`, + and `global.registry` values are ignored. + Otherwise, image string is created by overriding default settings with supplied `name`, `tag`, and `jmxEnabled` values; + image string is created using default registry unless `global.registry` is configured. + type: string + pullPolicy: + description: |- + The Kubernetes pull policy: + Use Always, Never, or IfNotPresent. + type: string + pullSecrets: + description: |- + It is possible to specify Docker registry credentials. + See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + description: |- + Define the image tag to use. + To be used if the Name field does not correspond to a full image string. + type: string + type: object + profiles: + description: Profiles define the sidecar configuration + override. Only one profile is supported. + items: + description: Profile defines a sidecar configuration + override. + properties: + env: + description: EnvVars specifies the environment + variables for the profile. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: ResourceRequirements specifies + the resource requirements for the profile. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + description: |- + Provider is used to add infrastructure provider-specific configurations to the Agent sidecar. + Currently only "fargate" is supported. + To use the feature in other environments (including local testing) omit the config. + See also: https://docs.datadoghq.com/integrations/eks_fargate + type: string + registry: + description: Registry overrides the default registry + for the sidecar Agent. + type: string + selectors: + description: Selectors define the pod selector for + sidecar injection. Only one rule is supported. + items: + description: Selectors define a pod selector for + sidecar injection. + properties: + namespaceSelector: + description: NamespaceSelector specifies the + label selector for namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + objectSelector: + description: ObjectSelector specifies the label + selector for objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + description: CWSInstrumentation holds the CWS Instrumentation + endpoint configuration + properties: + enabled: + description: |- + Enable the CWS Instrumentation admission controller endpoint. + Default: false + type: boolean + mode: + description: |- + Mode defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". + Default: "remote_copy" + type: string + type: object + enabled: + description: |- + Enabled enables the Admission Controller. + Default: true + type: boolean + failurePolicy: + description: FailurePolicy determines how unrecognized + and timeout errors are handled. + type: string + mutateUnlabelled: + description: |- + MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. + Default: false + type: boolean + registry: + description: Registry defines an image registry for the + admission controller. + type: string + serviceName: + description: ServiceName corresponds to the webhook service + name. + type: string + webhookName: + description: |- + WebhookName is a custom name for the MutatingWebhookConfiguration. + Default: "datadog-webhook" + type: string + type: object + apm: + description: APM (Application Performance Monitoring) configuration. + properties: + enabled: + description: |- + Enabled enables Application Performance Monitoring. + Default: true + type: boolean + hostPortConfig: + description: |- + HostPortConfig contains host port configuration. + Enabled Default: false + Port Default: 8126 + properties: + enabled: + description: Enabled enables host port configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + instrumentation: + description: |- + SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. + Feature is in beta. + See also: https://docs.datadoghq.com/tracing/trace_collection/single-step-apm + Enabled Default: false + properties: + disabledNamespaces: + description: DisabledNamespaces disables injecting + the Datadog APM libraries into pods in specific + namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + Enabled enables injecting the Datadog APM libraries into all pods in the cluster. + Default: false + type: boolean + enabledNamespaces: + description: EnabledNamespaces enables injecting the + Datadog APM libraries into pods in specific namespaces. + items: + type: string + type: array + x-kubernetes-list-type: set + languageDetection: + description: |- + LanguageDetection detects languages and adds them as annotations on Deployments, but does not use these languages for injecting libraries to workload pods. + (Requires Agent 7.52.0+ and Cluster Agent 7.52.0+) + properties: + enabled: + description: |- + Enabled enables Language Detection to automatically detect languages of user workloads (beta). + Requires SingleStepInstrumentation.Enabled to be true. + Default: true + type: boolean + type: object + libVersions: + additionalProperties: + type: string + description: |- + LibVersions configures injection of specific tracing library versions with Single Step Instrumentation. + : + ex: "java": "v1.18.0" + type: object + type: object + unixDomainSocketConfig: + description: |- + UnixDomainSocketConfig contains socket configuration. + See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables + Enabled Default: true + Path Default: `/var/run/datadog/apm.socket` + properties: + enabled: + description: |- + Enabled enables Unix Domain Socket. + Default: true + type: boolean + path: + description: Path defines the socket path used when + enabled. + type: string + type: object + type: object + asm: + description: ASM (Application Security Management) configuration. + properties: + iast: + description: |- + IAST configures Interactive Application Security Testing. + Enabled Default: false + properties: + enabled: + description: |- + Enabled enables Interactive Application Security Testing (IAST). + Default: false + type: boolean + type: object + sca: + description: |- + SCA configures Software Composition Analysis. + Enabled Default: false + properties: + enabled: + description: |- + Enabled enables Software Composition Analysis (SCA). + Default: false + type: boolean + type: object + threats: + description: |- + Threats configures ASM App & API Protection. + Enabled Default: false + properties: + enabled: + description: |- + Enabled enables ASM App & API Protection. + Default: false + type: boolean + type: object + type: object + autoscaling: + description: Autoscaling configuration. + properties: + workload: + description: Workload contains the configuration for the + workload autoscaling product. + properties: + enabled: + description: |- + Enabled enables the workload autoscaling product. + Default: false + type: boolean + type: object + type: object + clusterChecks: + description: ClusterChecks configuration. + properties: + enabled: + description: |- + Enables Cluster Checks scheduling in the Cluster Agent. + Default: true + type: boolean + useClusterChecksRunners: + description: |- + Enabled enables Cluster Checks Runners to run all Cluster Checks. + Default: false + type: boolean + type: object + cspm: + description: CSPM (Cloud Security Posture Management) configuration. + properties: + checkInterval: + description: CheckInterval defines the check interval. + type: string + customBenchmarks: + description: |- + CustomBenchmarks contains CSPM benchmarks. + The content of the ConfigMap will be merged with the benchmarks bundled with the agent. + Any benchmarks with the same name as those existing in the agent will take precedence. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` + to a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: |- + Enabled enables Cloud Security Posture Management. + Default: false + type: boolean + hostBenchmarks: + description: HostBenchmarks contains configuration for + host benchmarks. + properties: + enabled: + description: |- + Enabled enables host benchmarks. + Default: true + type: boolean + type: object + type: object + cws: + description: CWS (Cloud Workload Security) configuration. + properties: + customPolicies: + description: |- + CustomPolicies contains security policies. + The content of the ConfigMap will be merged with the policies bundled with the agent. + Any policies with the same name as those existing in the agent will take precedence. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` + to a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: |- + Enabled enables Cloud Workload Security. + Default: false + type: boolean + network: + properties: + enabled: + description: |- + Enabled enables Cloud Workload Security Network detections. + Default: true + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + description: |- + Enabled enables Remote Configuration for Cloud Workload Security. + Default: true + type: boolean + type: object + securityProfiles: + properties: + enabled: + description: |- + Enabled enables Security Profiles collection for Cloud Workload Security. + Default: true + type: boolean + type: object + syscallMonitorEnabled: + description: |- + SyscallMonitorEnabled enables Syscall Monitoring (recommended for troubleshooting only). + Default: false + type: boolean + type: object + dogstatsd: + description: Dogstatsd configuration. + properties: + hostPortConfig: + description: |- + HostPortConfig contains host port configuration. + Enabled Default: false + Port Default: 8125 + properties: + enabled: + description: Enabled enables host port configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + mapperProfiles: + description: |- + Configure the Dogstasd Mapper Profiles. + Can be passed as raw data or via a json encoded string in a config map. + See also: https://docs.datadoghq.com/developers/dogstatsd/dogstatsd_mapper/ + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` + to a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + originDetectionEnabled: + description: |- + OriginDetectionEnabled enables origin detection for container tagging. + See also: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + type: boolean + tagCardinality: + description: |- + TagCardinality configures tag cardinality for the metrics collected using origin detection (`low`, `orchestrator` or `high`). + See also: https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables + Cardinality default: low + type: string + unixDomainSocketConfig: + description: |- + UnixDomainSocketConfig contains socket configuration. + See also: https://docs.datadoghq.com/agent/kubernetes/apm/?tab=helm#agent-environment-variables + Enabled Default: true + Path Default: `/var/run/datadog/dsd.socket` + properties: + enabled: + description: |- + Enabled enables Unix Domain Socket. + Default: true + type: boolean + path: + description: Path defines the socket path used when + enabled. + type: string + type: object + type: object + ebpfCheck: + description: EBPFCheck configuration. + properties: + enabled: + description: |- + Enables the eBPF check. + Default: false + type: boolean + type: object + eventCollection: + description: EventCollection configuration. + properties: + collectKubernetesEvents: + description: |- + CollectKubernetesEvents enables Kubernetes event collection. + Default: true + type: boolean + collectedEventTypes: + description: |- + CollectedEventTypes defines the list of events to collect when UnbundleEvents is enabled. + Default: + [ + {"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]}, + {"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]}, + {"kind":"CronJob","reasons":["SawCompletedJob"]} + ] + items: + description: EventTypes defines the kind and reasons + of events to collect. + properties: + kind: + description: 'Kind is the kind of event to collect. + (ex: Pod, Node, CronJob)' + type: string + reasons: + description: 'Reasons is a list of event reasons + to collect. (ex: Failed, BackOff, Unhealthy)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + description: |- + UnbundleEvents enables collection of Kubernetes events as individual events. + Default: false + type: boolean + type: object + externalMetricsServer: + description: ExternalMetricsServer configuration. + properties: + enabled: + description: |- + Enabled enables the External Metrics Server. + Default: false + type: boolean + endpoint: + description: |- + Override the API endpoint for the External Metrics Server. + URL Default: "https://app.datadoghq.com". + properties: + credentials: + description: Credentials defines the Datadog credentials + used to submit data to/query data from Datadog. + properties: + apiKey: + description: |- + APIKey configures your Datadog API key. + See also: https://app.datadoghq.com/account/settings#agent/kubernetes + type: string + apiSecret: + description: |- + APISecret references an existing Secret which stores the API key instead of creating a new one. + If set, this parameter takes precedence over "APIKey". + properties: + keyName: + description: KeyName is the key of the secret + to use. + type: string + secretName: + description: SecretName is the name of the + secret. + type: string + required: + - secretName + type: object + appKey: + description: |- + AppKey configures your Datadog application key. + If you are using features.externalMetricsServer.enabled = true, you must set + a Datadog application key for read access to your metrics. + type: string + appSecret: + description: |- + AppSecret references an existing Secret which stores the application key instead of creating a new one. + If set, this parameter takes precedence over "AppKey". + properties: + keyName: + description: KeyName is the key of the secret + to use. + type: string + secretName: + description: SecretName is the name of the + secret. + type: string + required: + - secretName + type: object + type: object + url: + description: URL defines the endpoint URL. + type: string + type: object + port: + description: |- + Port specifies the metricsProvider External Metrics Server service port. + Default: 8443 + format: int32 + type: integer + registerAPIService: + description: |- + RegisterAPIService registers the External Metrics endpoint as an APIService + Default: true + type: boolean + useDatadogMetrics: + description: |- + UseDatadogMetrics enables usage of the DatadogMetrics CRD (allowing one to scale on arbitrary Datadog metric queries). + Default: true + type: boolean + wpaController: + description: |- + WPAController enables the informer and controller of the Watermark Pod Autoscaler. + NOTE: The Watermark Pod Autoscaler controller needs to be installed. + See also: https://github.com/DataDog/watermarkpodautoscaler. + Default: false + type: boolean + type: object + helmCheck: + description: HelmCheck configuration. + properties: + collectEvents: + description: |- + CollectEvents set to `true` enables event collection in the Helm check + (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) + Default: false + type: boolean + enabled: + description: |- + Enabled enables the Helm check. + Default: false + type: boolean + valuesAsTags: + additionalProperties: + type: string + description: |- + ValuesAsTags collects Helm values from a release and uses them as tags + (Requires Agent and Cluster Agent 7.40.0+). + Default: {} + type: object + type: object + kubeStateMetricsCore: + description: KubeStateMetricsCore check configuration. + properties: + conf: + description: |- + Conf overrides the configuration for the default Kubernetes State Metrics Core check. + This must point to a ConfigMap containing a valid cluster check configuration. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` + to a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + enabled: + description: |- + Enabled enables Kube State Metrics Core. + Default: true + type: boolean + type: object + liveContainerCollection: + description: LiveContainerCollection configuration. + properties: + enabled: + description: |- + Enables container collection for the Live Container View. + Default: true + type: boolean + type: object + liveProcessCollection: + description: LiveProcessCollection configuration. + properties: + enabled: + description: |- + Enabled enables Process monitoring. + Default: false + type: boolean + scrubProcessArguments: + description: |- + ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). + Default: true + type: boolean + stripProcessArguments: + description: |- + StripProcessArguments enables stripping of all process arguments. + Default: false + type: boolean + type: object + logCollection: + description: LogCollection configuration. + properties: + containerCollectAll: + description: |- + ContainerCollectAll enables Log collection from all containers. + Default: false + type: boolean + containerCollectUsingFiles: + description: |- + ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API. + Collecting logs from files is usually the most efficient way of collecting logs. + See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + Default: true + type: boolean + containerLogsPath: + description: |- + ContainerLogsPath allows log collection from the container log path. + Set to a different path if you are not using the Docker runtime. + See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest + Default: `/var/lib/docker/containers` + type: string + containerSymlinksPath: + description: |- + ContainerSymlinksPath allows log collection to use symbolic links in this directory to validate container ID -> pod. + Default: `/var/log/containers` + type: string + enabled: + description: |- + Enabled enables Log collection. + Default: false + type: boolean + openFilesLimit: + description: |- + OpenFilesLimit sets the maximum number of log files that the Datadog Agent tails. + Increasing this limit can increase resource consumption of the Agent. + See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + Default: 100 + format: int32 + type: integer + podLogsPath: + description: |- + PodLogsPath allows log collection from a pod log path. + Default: `/var/log/pods` + type: string + tempStoragePath: + description: |- + TempStoragePath (always mounted from the host) is used by the Agent to store information about processed log files. + If the Agent is restarted, it starts tailing the log files immediately. + Default: `/var/lib/datadog-agent/logs` + type: string + type: object + npm: + description: NPM (Network Performance Monitoring) configuration. + properties: + collectDNSStats: + description: |- + CollectDNSStats enables DNS stat collection. + Default: false + type: boolean + enableConntrack: + description: |- + EnableConntrack enables the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data. + See also: http://conntrack-tools.netfilter.org/ + Default: false + type: boolean + enabled: + description: |- + Enabled enables Network Performance Monitoring. + Default: false + type: boolean + type: object + oomKill: + description: OOMKill configuration. + properties: + enabled: + description: |- + Enables the OOMKill eBPF-based check. + Default: false + type: boolean + type: object + orchestratorExplorer: + description: OrchestratorExplorer check configuration. + properties: + conf: + description: |- + Conf overrides the configuration for the default Orchestrator Explorer check. + This must point to a ConfigMap containing a valid cluster check configuration. + properties: + configData: + description: ConfigData corresponds to the configuration + file content. + type: string + configMap: + description: ConfigMap references an existing ConfigMap + with the configuration file content. + properties: + items: + description: Items maps a ConfigMap data `key` + to a file `path` mount. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Name is the name of the ConfigMap. + type: string + type: object + type: object + customResources: + description: |- + `CustomResources` defines custom resources for the orchestrator explorer to collect. + Each item should follow the convention `group/version/kind`. For example, `datadoghq.com/v1alpha1/datadogmetrics`. + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + description: |- + Override the API endpoint for the Orchestrator Explorer. + URL Default: "https://orchestrator.datadoghq.com". + type: string + enabled: + description: |- + Enabled enables the Orchestrator Explorer. + Default: true + type: boolean + extraTags: + description: |- + Additional tags to associate with the collected data in the form of `a b c`. + This is a Cluster Agent option distinct from DD_TAGS that is used in the Orchestrator Explorer. + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + description: |- + ScrubContainers enables scrubbing of sensitive container data (passwords, tokens, etc. ). + Default: true + type: boolean + type: object + otlp: + description: OTLP ingest configuration + properties: + receiver: + description: Receiver contains configuration for the OTLP + ingest receiver. + properties: + protocols: + description: Protocols contains configuration for + the OTLP ingest receiver protocols. + properties: + grpc: + description: GRPC contains configuration for the + OTLP ingest OTLP/gRPC receiver. + properties: + enabled: + description: Enable the OTLP/gRPC endpoint. + Host port is enabled by default and can + be disabled. + type: boolean + endpoint: + description: |- + Endpoint for OTLP/gRPC. + gRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md + The Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`). + Default: `0.0.0.0:4317`. + type: string + hostPortConfig: + description: |- + Enable hostPort for OTLP/gRPC + Default: true + properties: + enabled: + description: Enabled enables host port + configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + type: object + http: + description: HTTP contains configuration for the + OTLP ingest OTLP/HTTP receiver. + properties: + enabled: + description: Enable the OTLP/HTTP endpoint. + Host port is enabled by default and can + be disabled. + type: boolean + endpoint: + description: |- + Endpoint for OTLP/HTTP. + Default: '0.0.0.0:4318'. + type: string + hostPortConfig: + description: |- + Enable hostPorts for OTLP/HTTP + Default: true + properties: + enabled: + description: Enabled enables host port + configuration + type: boolean + hostPort: + description: |- + Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + If HostNetwork is enabled, this value must match the ContainerPort. + format: int32 + type: integer + type: object + type: object + type: object + type: object + type: object + processDiscovery: + description: ProcessDiscovery configuration. + properties: + enabled: + description: |- + Enabled enables the Process Discovery check in the Agent. + Default: true + type: boolean + type: object + prometheusScrape: + description: PrometheusScrape configuration. + properties: + additionalConfigs: + description: AdditionalConfigs allows adding advanced + Prometheus check configurations with custom discovery + rules. + type: string + enableServiceEndpoints: + description: |- + EnableServiceEndpoints enables generating dedicated checks for service endpoints. + Default: false + type: boolean + enabled: + description: |- + Enable autodiscovery of pods and services exposing Prometheus metrics. + Default: false + type: boolean + version: + description: |- + Version specifies the version of the OpenMetrics check. + Default: 2 + type: integer + type: object + remoteConfiguration: + description: Remote Configuration configuration. + properties: + enabled: + description: |- + Enable this option to activate Remote Configuration. + Default: true + type: boolean + type: object + sbom: + description: SBOM collection configuration. + properties: + containerImage: + description: SBOMTypeConfig contains configuration for + a SBOM collection type. + properties: + analyzers: + description: Analyzers to use for SBOM collection. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + Enable this option to activate SBOM collection. + Default: false + type: boolean + overlayFSDirectScan: + description: |- + Enable this option to enable experimental overlayFS direct scan. + Default: false + type: boolean + uncompressedLayersSupport: + description: |- + Enable this option to enable support for uncompressed layers. + Default: false + type: boolean + type: object + enabled: + description: |- + Enable this option to activate SBOM collection. + Default: false + type: boolean + host: + description: SBOMTypeConfig contains configuration for + a SBOM collection type. + properties: + analyzers: + description: Analyzers to use for SBOM collection. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + Enable this option to activate SBOM collection. + Default: false + type: boolean + type: object + type: object + tcpQueueLength: + description: TCPQueueLength configuration. + properties: + enabled: + description: |- + Enables the TCP queue length eBPF-based check. + Default: false + type: boolean + type: object + usm: + description: USM (Universal Service Monitoring) configuration. + properties: + enabled: + description: |- + Enabled enables Universal Service Monitoring. + Default: false + type: boolean + type: object + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogdashboards.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogdashboards.yaml new file mode 100644 index 000000000..107aa2591 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogdashboards.yaml @@ -0,0 +1,277 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogdashboards.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify + when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of + a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables + saved views. + items: + description: DashboardTemplateVariablePreset Template variables + saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template + variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within + the saved view, which will be unioned together using + `OR` if more than one is specified. Cannot be used in + conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for + this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down + is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables + on load. If more than one default is specified, they will + be unioned together with `OR`. Cannot be used in conjunction + with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only + tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of + Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations + of the state of a DatadogDashboard. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard + was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard + state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogmetrics.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogmetrics.yaml new file mode 100644 index 000000000..4bf315b08 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogmetrics.yaml @@ -0,0 +1,133 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogmetrics.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogMetric + listKind: DatadogMetricList + plural: datadogmetrics + singular: datadogmetric + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: active + type: string + - jsonPath: .status.conditions[?(@.type=='Valid')].status + name: valid + type: string + - jsonPath: .status.currentValue + name: value + type: string + - jsonPath: .status.autoscalerReferences + name: references + type: string + - jsonPath: .status.conditions[?(@.type=='Updated')].lastUpdateTime + name: update time + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogMetric allows autoscaling on arbitrary Datadog query + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogMetricSpec defines the desired state of DatadogMetric + properties: + externalMetricName: + description: ExternalMetricName is reserved for internal use + type: string + maxAge: + description: |- + MaxAge provides the max age for the metric query (overrides the default setting + `external_metrics_provider.max_age`) + type: string + query: + description: Query is the raw datadog query + type: string + timeWindow: + description: TimeWindow provides the time window for the metric query, + defaults to MaxAge. + type: string + type: object + status: + description: DatadogMetricStatus defines the observed state of DatadogMetric + properties: + autoscalerReferences: + description: List of autoscalers currently using this DatadogMetric + type: string + conditions: + description: Conditions Represents the latest available observations + of a DatadogMetric's current state. + items: + description: DatadogMetricCondition describes the state of a DatadogMetric + at a certain point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: Last time the condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMetric condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentValue: + description: Value is the latest value of the metric + type: string + required: + - currentValue + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogmonitors.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogmonitors.yaml new file mode 100644 index 000000000..5c0870f53 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogmonitors.yaml @@ -0,0 +1,376 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogmonitors.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogMonitor + listKind: DatadogMonitorList + plural: datadogmonitors + singular: datadogmonitor + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.monitorState + name: monitor state + type: string + - jsonPath: .status.monitorStateLastTransitionTime + name: last state transition + type: string + - format: date + jsonPath: .status.monitorStateLastUpdateTime + name: last state sync + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogMonitor allows to define and manage Monitors from your + Kubernetes Cluster + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogMonitorSpec defines the desired state of DatadogMonitor + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the + DatadogMonitor controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition + of required tags to monitors. + type: boolean + type: object + message: + description: Message is a message to include with notifications for + this monitor + type: string + name: + description: Name is the monitor name + type: string + options: + description: Options are the optional parameters associated with your + monitor + properties: + enableLogsSample: + description: A Boolean indicating whether to send a log sample + when the log monitor triggers. + type: boolean + escalationMessage: + description: A message to include with a re-notification. + type: string + evaluationDelay: + description: |- + Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), + the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. + This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. + format: int64 + type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor + triggers a single alert or multiple alerts when any group breaches + a threshold. + type: boolean + includeTags: + description: A Boolean indicating whether notifications from this + monitor automatically inserts its triggering tags into the title. + type: boolean + locked: + description: 'DEPRECATED: Whether or not the monitor is locked + (only editable by creator and admins). Use `restricted_roles` + instead.' + type: boolean + newGroupDelay: + description: |- + Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of + monitor results. Should be a non negative integer. + format: int64 + type: integer + noDataTimeframe: + description: |- + The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the + monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe + is used for metric alerts, and 24 hours is used for service checks. + format: int64 + type: integer + notificationPresetName: + description: An enum that toggles the display of additional content + sent in the monitor notification. + type: string + notifyAudit: + description: A Boolean indicating whether tagged users are notified + on changes to this monitor. + type: boolean + notifyBy: + description: |- + A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. + For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new + cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must + be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot + notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array + x-kubernetes-list-type: set + notifyNoData: + description: A Boolean indicating whether this monitor notifies + when data stops reporting. + type: boolean + onMissingData: + description: |- + An enum that controls how groups or monitors are treated if an evaluation does not return data points. + The default option results in different behavior depending on the monitor query type. + For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. + For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. + This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string + renotifyInterval: + description: |- + The number of minutes after the last notification before a monitor re-notifies on the current status. + It only re-notifies if it’s not resolved. + format: int64 + type: integer + renotifyOccurrences: + description: The number of times re-notification messages should + be sent on the current status at the provided re-notification + interval. + format: int64 + type: integer + renotifyStatuses: + description: The types of statuses for which re-notification messages + should be sent. Valid values are alert, warn, no data. + items: + description: MonitorRenotifyStatusType The different statuses + for which renotification is supported. + type: string + type: array + x-kubernetes-list-type: set + requireFullWindow: + description: |- + A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly + recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. + type: boolean + thresholdWindows: + description: A struct of the alerting time window options. + properties: + recoveryWindow: + description: Describes how long an anomalous metric must be + normal before the alert recovers. + type: string + triggerWindow: + description: Describes how long a metric must be anomalous + before an alert triggers. + type: string + type: object + thresholds: + description: A struct of the different monitor threshold values. + properties: + critical: + description: The monitor CRITICAL threshold. + type: string + criticalRecovery: + description: The monitor CRITICAL recovery threshold. + type: string + ok: + description: The monitor OK threshold. + type: string + unknown: + description: The monitor UNKNOWN threshold. + type: string + warning: + description: The monitor WARNING threshold. + type: string + warningRecovery: + description: The monitor WARNING recovery threshold. + type: string + type: object + timeoutH: + description: The number of hours of the monitor not reporting + data before it automatically resolves from a triggered state. + format: int64 + type: integer + type: object + priority: + description: Priority is an integer from 1 (high) to 5 (low) indicating + alert severity + format: int64 + type: integer + query: + description: Query is the Datadog monitor query + type: string + restrictedRoles: + description: |- + RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. + `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, + see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). + items: + type: string + type: array + x-kubernetes-list-type: set + tags: + description: Tags is the monitor tags associated with your monitor + items: + type: string + type: array + x-kubernetes-list-type: set + type: + description: Type is the monitor type + type: string + type: object + status: + description: DatadogMonitorStatus defines the observed state of DatadogMonitor + properties: + conditions: + description: Conditions Represents the latest available observations + of a DatadogMonitor's current state. + items: + description: DatadogMonitorCondition describes the current state + of a DatadogMonitor + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: Last time the condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMonitor condition + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the monitor was created + format: date-time + type: string + creator: + description: Creator is the identify of the monitor creator + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogMonitorSpec to know + if the Spec has changed and needs an update + type: string + downtimeStatus: + description: DowntimeStatus defines whether the monitor is downtimed + properties: + downtimeID: + description: DowntimeID is the downtime ID. + type: integer + isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. + type: boolean + type: object + id: + description: ID is the monitor ID generated in Datadog + type: integer + monitorLastForceSyncTime: + description: MonitorLastForceSyncTime is the last time the API monitor + was last force synced with the DatadogMonitor resource + format: date-time + type: string + monitorState: + description: MonitorState is the overall state of monitor + type: string + monitorStateLastTransitionTime: + description: MonitorStateLastTransitionTime is the last time the monitor + state changed + format: date-time + type: string + monitorStateLastUpdateTime: + description: MonitorStateLastUpdateTime is the last time the monitor + state updated + format: date-time + type: string + monitorStateSyncStatus: + description: MonitorStateSyncStatus shows the health of syncing the + monitor state to Datadog + type: string + primary: + description: |- + Primary defines whether the monitor is managed by the Kubernetes custom + resource (true) or outside Kubernetes (false) + type: boolean + triggeredState: + description: TriggeredState only includes details for monitor groups + that are triggering + items: + description: |- + DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor + The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data + properties: + lastTransitionTime: + format: date-time + type: string + monitorGroup: + description: MonitorGroup is the name of the triggering group + type: string + state: + description: DatadogMonitorState represents the overall DatadogMonitor + state + type: string + required: + - monitorGroup + type: object + type: array + x-kubernetes-list-map-keys: + - monitorGroup + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogpodautoscalers.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogpodautoscalers.yaml new file mode 100644 index 000000000..1686358b5 --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogpodautoscalers.yaml @@ -0,0 +1,663 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogpodautoscalers.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogPodAutoscaler + listKind: DatadogPodAutoscalerList + plural: datadogpodautoscalers + shortNames: + - dpa + singular: datadogpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.policy.applyMode + name: Apply Mode + type: string + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=='Error')].status + name: In Error + type: string + - jsonPath: .status.horizontal.target.desiredReplicas + name: Desired Replicas + type: integer + - jsonPath: .status.horizontal.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='HorizontalAbleToScale')].status + name: Able to Scale + type: string + - jsonPath: .status.horizontal.lastAction.time + name: Last Scale + type: date + - jsonPath: .status.vertical.target.podCPURequest + name: Target CPU Req + type: string + - jsonPath: .status.vertical.target.podMemoryRequest + name: Target Memory Req + type: string + - jsonPath: .status.vertical.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='VerticalAbleToApply')].status + name: Able to Apply + type: string + - jsonPath: .status.vertical.lastAction.time + name: Last Trigger + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogPodAutoscaler is the Schema for the datadogpodautoscalers + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogPodAutoscalerSpec defines the desired state of DatadogPodAutoscaler + properties: + constraints: + description: Constraints defines constraints that should always be + respected. + properties: + containers: + description: Containers defines constraints for the containers. + items: + description: |- + DatadogPodAutoscalerContainerConstraints defines constraints that should always be respected for a container. + If no constraints are set, it enables resources scaling for all containers without any constraints. + properties: + enabled: + description: Enabled false allows to disable resources autoscaling + for the container. Default to true. + type: boolean + limits: + description: Limits defines the constraints for the limits + of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests + of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests + of the container. + type: object + type: object + name: + description: Name is the name of the container. Can be "*" + to apply to all containers. + type: string + requests: + description: Requests defines the constraints for the requests + of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests + of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests + of the container. + type: object + type: object + required: + - name + type: object + type: array + maxReplicas: + description: MaxReplicas is the upper limit for the number of + POD replicas. Needs to be >= minReplicas. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the lower limit for the number of + POD replicas. Needs to be >= 1. Default to 1. + format: int32 + minimum: 1 + type: integer + required: + - maxReplicas + type: object + owner: + description: |- + Owner defines the source of truth for this object (local or remote) + Value needs to be set when a DatadogPodAutoscaler object is created. + enum: + - Local + - Remote + type: string + policy: + default: {} + description: Policy defines how recommendations should be applied. + properties: + applyMode: + default: All + description: |- + ApplyMode determines recommendations that should be applied by the controller: + - All: Apply all recommendations (regular and manual). + - Manual: Apply only manual recommendations (recommendations manually validated by user in the Datadog app). + - None: Prevent the controller to apply any recommendations. + It's also possible to selectively deactivate upscale, downscale or update actions thanks to the `Upscale`, `Downscale` and `Update` fields. + enum: + - All + - Manual + - None + type: string + downscale: + description: Downscale defines the policy to scale down the target + resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules + for horizontal that should be true for a certain amount + of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + update: + description: Update defines the policy to update target resource. + properties: + strategy: + description: Mode defines the mode of the update policy. + enum: + - Auto + - Disabled + type: string + type: object + upscale: + description: Upscale defines the policy to scale up the target + resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules + for horizontal that should be true for a certain amount + of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + type: object + remoteVersion: + description: |- + RemoteVersion is the version of the .Spec currently store in this object. + Only set if the owner is Remote. + format: int64 + type: integer + targetRef: + description: TargetRef is the reference to the resource to scale. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + targets: + description: |- + Targets are objectives to reach and maintain for the target resource. + Default to a single target to maintain 80% POD CPU utilization. + items: + description: DatadogPodAutoscalerTarget defines the objectives to + reach and maintain for the target resource. + properties: + containerResource: + description: ContainerResource allows to set a container-level + resource target. + properties: + container: + description: Container is the name of the container. + type: string + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of + the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed + (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the + target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - container + - name + - value + type: object + podResource: + description: PodResource allows to set a POD-level resource + target. + properties: + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of + the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed + (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the + target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - name + - value + type: object + type: + description: Type sets the type of the target. + enum: + - PodResource + - ContainerResource + type: string + required: + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - owner + - targetRef + type: object + status: + description: DatadogPodAutoscalerStatus defines the observed state of + DatadogPodAutoscaler + properties: + conditions: + description: Conditions describe the current state of the DatadogPodAutoscaler + operations. + items: + description: DatadogPodAutoscalerCondition describes the state of + DatadogPodAutoscaler. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMetric condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentReplicas: + description: CurrentReplicas is the current number of PODs for the + targetRef observed by the controller. + format: int32 + type: integer + horizontal: + description: Horizontal is the status of the horizontal scaling, if + activated. + properties: + lastActions: + description: LastActions are the last successful actions done + by the controller + items: + description: DatadogPodAutoscalerHorizontalAction represents + an horizontal action done by the controller + properties: + limitedReason: + description: LimitedReason is the reason why the action + was limited (ToReplicas != RecommendedReplicas) + type: string + recommendedReplicas: + description: RecommendedReplicas is the original number + of replicas recommended by Datadog + format: int32 + type: integer + replicas: + description: FromReplicas is the number of replicas before + the action + format: int32 + type: integer + time: + description: Time is the timestamp of the action + format: date-time + type: string + toReplicas: + description: ToReplicas is the effective number of replicas + after the action + format: int32 + type: integer + required: + - replicas + - time + - toReplicas + type: object + type: array + target: + description: Target is the current target of the horizontal scaling + properties: + desiredReplicas: + description: Replicas is the desired number of replicas for + the resource + format: int32 + type: integer + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation + was generated + format: date-time + type: string + source: + description: Source is the source of the value used to scale + the target resource + type: string + required: + - desiredReplicas + - source + type: object + type: object + vertical: + description: Vertical is the status of the vertical scaling, if activated. + properties: + lastAction: + description: LastAction is the last successful action done by + the controller + properties: + time: + description: Time is the timestamp of the action + format: date-time + type: string + type: + description: Type is the type of action + type: string + version: + description: Version is the recommendation version used for + the action + type: string + required: + - time + - type + - version + type: object + target: + description: Target is the current target of the vertical scaling + properties: + desiredResources: + description: DesiredResources is the desired resources for + containers + items: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of + compute resources allowed. + type: object + name: + description: Name is the name of the container + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes target resources of + compute resources allowed. + type: object + required: + - name + type: object + type: array + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation + was generated + format: date-time + type: string + podCPURequest: + anyOf: + - type: integer + - type: string + description: PODCPURequest is the sum of CPU requests for + all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podMemoryRequest: + anyOf: + - type: integer + - type: string + description: PODMemoryRequest is the sum of memory requests + for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + scaled: + description: Scaled is the current number of PODs having desired + resources + format: int32 + type: integer + source: + description: Source is the source of the value used to scale + the target resource + type: string + version: + description: Version is the current version of the received + recommendation + type: string + required: + - desiredResources + - podCPURequest + - podMemoryRequest + - source + - version + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogslos.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogslos.yaml new file mode 100644 index 000000000..735e8e54a --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/manifests/datadoghq.com_datadogslos.yaml @@ -0,0 +1,258 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: datadogslos.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from + Kubernetes cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the + DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition + of required tags to SLOs. + type: boolean + type: object + description: + description: |- + Description is a user-defined description of the service level objective. + Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: |- + Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. + Included in service level objective responses if it is not empty. + Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the + scope of a monitor service level objective. Required if type is + monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: |- + Query is the query for a metric-based SLO. Required if type is metric. + Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) + events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: |- + Tags is a list of tags to associate with your service level objective. + This can help you categorize and filter service level objectives in the service level objectives page of the UI. + Note: it's not currently possible to filter by these tags when querying via the API. + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when + the service level indicator is above this threshold over the given + timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such + that when the service level indicator is below this value for the + given threshold, but above the target threshold, the objective appears + in a "warning" state. This value must be greater than the target + threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations + of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogSLOSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last + force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state + to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/datadog-operator-certified-rhmp/1.10.0/metadata/annotations.yaml b/operators/datadog-operator-certified-rhmp/1.10.0/metadata/annotations.yaml new file mode 100644 index 000000000..8bf36938d --- /dev/null +++ b/operators/datadog-operator-certified-rhmp/1.10.0/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: datadog-operator-certified-rhmp + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + com.redhat.openshift.versions: v4.6