Draft
Conversation
Bump the default from v1.0.1 to v1.0.3, which includes system-probe / NPM exemptions required for the NPM feature on GKE Autopilot. Users can override the version via the experimental.agent.datadoghq.com/autopilot-allowlist-version annotation on the DatadogAgent. Malformed versions are rejected with a log message and fall back to the default.
…n override On GKE Autopilot the kubelet endpoint is not reachable, so the Agent must use the Kubernetes API server to discover pods. Inject DD_KUBELET_USE_API_SERVER=true on all node-agent containers when the autopilot annotation is set. Expose a new annotation experimental.agent.datadoghq.com/autopilot-allowlist-version so users can point at a specific WorkloadAllowlist version instead of the default. Add a regression test asserting that NPM volumes/mounts and HostPID survive the autopilot overrides (system-probe relies on them when the WorkloadAllowlist grants the required exemptions).
…PI server mode When autopilot is enabled: - Fine-grained kubelet authorization is turned on by default (users can still opt in explicitly via the existing annotation on non-autopilot clusters). - A pods get/list ClusterRole rule is added so the Agent can list pods via the API server when DD_KUBELET_USE_API_SERVER=true.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2983 +/- ##
==========================================
+ Coverage 40.75% 41.18% +0.42%
==========================================
Files 332 332
Lines 28197 28288 +91
==========================================
+ Hits 11493 11651 +158
+ Misses 15929 15850 -79
- Partials 775 787 +12
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
This comment has been minimized.
This comment has been minimized.
…and add /var/run/sysprobe for socket by default
…' into tbavelier/contp-1596-autopilot
…' into tbavelier/contp-1596-autopilot
…' into tbavelier/contp-1596-autopilot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
A brief description of the change being made with this pull request.
Motivation
What inspired you to submit this pull request?
Additional Notes
Anything else we should know when reviewing?
Minimum Agent Versions
Are there minimum versions of the Datadog Agent and/or Cluster Agent required?
Describe your test plan
Write there any instructions and details you may have to test your PR.
Checklist
bug,enhancement,refactoring,documentation,tooling, and/ordependenciesqa/skip-qalabel