Skip to content

Commit

Permalink
Merge pull request #14 from DataDog/vboulineau/add_mount_propagation
Browse files Browse the repository at this point in the history 
Add mount propagation option for hostVolumes
  • Loading branch information
@vboulineau
vboulineau authored Aug 6, 2020
2 parents 582eb25 + b5b5c7a commit 119972b
Show file tree
Hide file tree
Showing 11 changed files with 29 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .github/kubeval.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ set -euo pipefail

CHART_DIRS="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/master -- charts | grep '[cC]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g')"
KUBEVAL_VERSION="0.15.0"
SCHEMA_LOCATION="https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/"
SCHEMA_LOCATION="https://kubernetesjsonschema.dev/"

# install kubeval
curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-linux-amd64.tar.gz
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,11 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
# When changing versions here, check that the version exists at: https://github.com/instrumenta/kubernetes-json-schema
k8s:
- v1.14.10
- v1.16.9
- v1.18.4
- v1.16.4
- v1.18.1
steps:
- name: Checkout
uses: actions/checkout@v1
Expand Down
2 changes: 1 addition & 1 deletion charts/datadog/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: datadog
version: 2.4.4
version: 2.4.5
appVersion: "7"
description: Datadog Agent
keywords:
Expand Down
1 change: 1 addition & 0 deletions charts/datadog/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ helm install --name <RELEASE_NAME> \
| `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` |
| `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` |
| `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` |
| `datadog.hostVolumeMountPropagation` | Allow to specify the `mountPropagation` value on all volumeMounts using HostPath | `None` |
| `datadog.acInclude` | (Deprecated) Include containers based on image name | `nil` |
| `datadog.acExclude` | (Deprecated) Exclude containers based on image name | `nil` |
| `datadog.containerInclude` | Include containers based on image name, container name or kubernetes namespace | `nil` |
Expand Down
6 changes: 6 additions & 0 deletions charts/datadog/templates/container-agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@
{{- if eq .Values.targetSystem "linux" }}
- name: runtimesocketdir
mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }}
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "windows" }}
Expand All @@ -122,19 +123,24 @@
{{- end }}
- name: procdir
mountPath: /host/proc
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
- name: cgroups
mountPath: /host/sys/fs/cgroup
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }}
- name: pointerdir
mountPath: /opt/datadog-agent/run
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
- name: logpodpath
mountPath: /var/log/pods
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- if not .Values.datadog.criSocketPath }}
- name: logdockercontainerpath
mountPath: /var/lib/docker/containers
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- end }}
{{- end }}
Expand Down
3 changes: 3 additions & 0 deletions charts/datadog/templates/container-process-agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
{{- if eq .Values.targetSystem "linux" }}
- name: runtimesocketdir
mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }}
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "windows" }}
Expand All @@ -54,11 +55,13 @@
{{- if eq .Values.targetSystem "linux" }}
- name: cgroups
mountPath: /host/sys/fs/cgroup
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
- name: passwd
mountPath: /etc/passwd
- name: procdir
mountPath: /host/proc
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- if .Values.datadog.systemProbe.enabled }}
- name: sysprobe-socket-dir
Expand Down
4 changes: 4 additions & 0 deletions charts/datadog/templates/container-system-probe.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,21 @@
volumeMounts:
- name: debugfs
mountPath: /sys/kernel/debug
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
- name: sysprobe-config
mountPath: /etc/datadog-agent
- name: sysprobe-socket-dir
mountPath: /var/run/sysprobe
- name: procdir
mountPath: /host/proc
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
- name: modules
mountPath: /lib/modules
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
- name: src
mountPath: /usr/src
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- end -}}
1 change: 1 addition & 0 deletions charts/datadog/templates/container-trace-agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
{{- if eq .Values.targetSystem "linux" }}
- name: runtimesocketdir
mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }}
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- end }}
{{- if eq .Values.targetSystem "windows" }}
Expand Down
2 changes: 2 additions & 0 deletions charts/datadog/templates/containers-init-linux.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,11 @@
{{- end }}
- name: procdir
mountPath: /host/proc
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
- name: runtimesocketdir
mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }}
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
{{- if .Values.datadog.systemProbe.enabled }}
- name: sysprobe-config
Expand Down
1 change: 1 addition & 0 deletions charts/datadog/templates/system-probe-init.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
mountPath: /etc/config
- name: seccomp-root
mountPath: /host/var/lib/kubelet/seccomp
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
resources:
{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }}
{{- end -}}
6 changes: 6 additions & 0 deletions charts/datadog/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ datadog:
# type: "spc_t"
# level: "s0"

## @param - string - optional
## Allow to specify the `mountPropagation` value on all volumeMounts using HostPath
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
#
hostVolumeMountPropagation: None

## @param clusterName - string - optional
## Set a unique cluster name to allow scoping hosts and Cluster Checks easily
## The name must be unique and must be dot-separated tokens where a token can be up to 40 characters with the following restrictions:
Expand Down

0 comments on commit 119972b

Please sign in to comment.