Update datadog configurations and bump datadog image to v6.9.0

charts/datadog/latest/.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# OWNERS file for Kubernetes
+OWNERS

charts/datadog/latest/Chart.yaml

+name: datadog
+version: 1.21.0
+appVersion: 6.9.0
+description: DataDog Agent
+keywords:
+- monitoring
+- alerting
+- metric
+home: https://www.datadoghq.com
+icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png
+sources:
+- https://app.datadoghq.com/account/settings#agent/kubernetes
+- https://github.com/DataDog/datadog-agent
+maintainers:
+- name: hkaj
+  email: haissam@datadoghq.com
+- name: irabinovitch
+  email: ilan@datadoghq.com
+- name: xvello
+  email: xavier.vello@datadoghq.com
+- name: charlyf
+  email: charly@datadoghq.com

charts/datadog/latest/OWNERS

+approvers:
+- hkaj
+- irabinovitch
+- xvello
+- charlyf
+reviewers:
+- hkaj
+- irabinovitch
+- xvello
+- charlyf

charts/datadog/latest/app-readme.md

+# Datadog
+
+[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform.
+
+## Introduction
+
+This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
+
+For more details of the datadog-agent v6 environment configurations, please reference the [docs](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent) here.

charts/datadog/latest/questions.yml

+questions:
+#image configurations
+- variable: defaultImage
+  default: "true"
+  description: "Use default Datadog image or specify a custom one"
+  label: Use Default Datadog Image
+  type: boolean
+  show_subquestion_if: false
+  group: "Container Images"
+  subquestions:
+  - variable: image.repository
+    default: "datadog/agent"
+    description: "Datadog image name"
+    type: string
+    label: Datadog Image Name
+  - variable: image.tag
+    default: "6.9.0"
+    description: "Datadog Image Tag"
+    type: string
+    label: Datadog Image Tag
+  - variable: clusterAgent.image.repository
+    default: "datadog/cluster-agent"
+    description: "Datadog clusterAgent image name"
+    type: string
+    label: Datadog ClusterAgent Image Name
+  - variable: clusterAgent.image.tag
+    default: "1.1.0"
+    description: "Datadog ClusterAgent Image Tag"
+    type: string
+    label: Datadog ClusterAgent Image Tag
+  - variable: kubeStateMetrics.image.repository
+    default: "quay.io/coreos/kube-state-metrics"
+    description: "KubeState image name"
+    type: string
+    label: KubeState Image Name
+    show_if: "kubeStateMetrics.enabled=true&&defaultImage=false"
+  - variable: kubeStateMetrics.image.tag
+    default: "v1.4.0"
+    description: "KubeState Image Tag"
+    type: string
+    label: KubeState Image Tag
+    show_if: "kubeStateMetrics.enabled=true&&defaultImage=false"
+#cluster agent configurations
+- variable: clusterAgent.enabled
+  default: false
+  description: "Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only), https://docs.datadoghq.com/agent/kubernetes/cluster/"
+  type: boolean
+  label: Enable Cluster Agent Metrics(Kubernetes 1.10+ only)
+  group: "Cluster Agent"
+- variable: clusterAgent.metricsProvider.enabled
+  default: true
+  description: "Enable the metricsProvider to be able to scale based on metrics in Datadog"
+  type: boolean
+  label: Enable the metricsProvider
+  show_if: "clusterAgent.enabled=true"
+  group: "Cluster Agent"
+- variable: datadog.appKey
+  default: ""
+  description: "Datadog App key required to use metricsProvider"
+  type: string
+  required: true
+  label: Datadog Metrics App Key
+  group: "Cluster Agent"
+  show_if: "clusterAgent.enabled=true&&clusterAgent.metricsProvider.enabled=true"
+#datadog agent configurations
+- variable: datadog.apiKey
+  default: ""
+  description: "Enter your Datadog API Key."
+  type: string
+  label: Datadog API Key
+  group: "Agent Configuration"
+  required: true
+- variable: datadog.site
+  default: "datadoghq.com"
+  description: "The site of the Datadog intake to send Agent data to"
+  type: enum
+  label: Datadog Site URL
+  group: "Agent Configuration"
+  required: true
+  options:
+    - "datadoghq.com"
+    - "datadoghq.eu"
+    - "custom"
+- variable: datadog.dd_url
+  required: true
+  default: ""
+  description: "The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL"
+  type: string
+  label: Datadog Custom Site URL
+  group: "Agent Configuration"
+  show_if: "datadog.site=custom"
+- variable: datadog.logLevel
+  default: "warn"
+  description: "Set Agent logging verbosity"
+  type: enum
+  options:
+    - "trace"
+    - "debug"
+    - "info"
+    - "warn"
+    - "error"
+    - "critical"
+    - "off"
+  label: Log Level
+  group: "Agent Configuration"
+- variable: datadog.tags
+  default: ""
+  description: "Host tags, separated by spaces. For example: 'simple-tag-0 tag-key-1:tag-value-1'"
+  type: string
+  label: Host Tags
+  group: "Agent Configuration"
+- variable: datadog.useCriSocketVolume
+  default: true
+  description: "Enable container runtime socket volume mounting"
+  type: boolean
+  label: Enable Mounting The Container Runtime Socket In Agent Containers
+  group: "Agent Configuration"
+- variable: datadog.criSocketPath
+  default: ""
+  description: "Path to the container runtime socket (if different from Docker), default to `/var/run/docker.sock`"
+  type: string
+  label: Path To The Container Runtime Socket(Optional)
+  group: "Agent Configuration"
+  show_if: "datadog.useCriSocketVolume=true"
+- variable: datadog.nonLocalTraffic
+  default: false
+  description: "Whether DogStatsD should listen to non local UDP traffic, required to send custom metrics"
+  type: boolean
+  label: DogStatsD Non-Local Traffic
+  group: "Agent Configuration"
+- variable: datadog.collectEvents
+  default: false
+  description: "Enable event collection from the kubernetes API"
+  type: boolean
+  label: Collect Events
+  group: "Agent Configuration"
+# Datadog Tagging 
+- variable: datadog.podLabelsAsTags
+  default: ""
+  description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'"
+  type: string
+  label: Extract Pod Labels as Tags
+  group: "Datadog Tagging"
+- variable: datadog.podAnnotationsAsTags
+  default: ""
+  description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'"
+  type: string
+  label: Extract Pod Annotations as Tags
+  group: "Datadog Tagging"
+- variable: datadog.nodeLabelsAsTags
+  default: ""
+  description: "Specify a JSON map, where the map key is the source label name and the map value the datadog tag name. E.g: '{\"app\":\"kube_app\",\"release\":\"helm_release\"}'"
+  type: string
+  label: Extract Node Labels As Tags
+  group: "Datadog Tagging"
+#daemonset configurations
+- variable: daemonset.rkeETCDControlPlane
+  default: true
+  description: "Configure Datadog Agent pods with the required tolerations to be deployed on the RKE etcd and control plane."
+  type: boolean
+  label: Run datadog pod on RKE Control Plane Nodes
+  group: "Daemonset Configuration"
+- variable: daemonset.useHostNetwork
+  default: false
+  description: "Bind ports on the hostNetwork. Useful for CNI networking where hostPort might not be supported. The ports will need to be available on all hosts"
+  type: boolean
+  label: Use HostNetwork
+  group: "Daemonset Configuration"
+- variable: daemonset.useHostPort
+  default: false
+  description: "Sets the hostPort to the same value of the container port"
+  type: boolean
+  label: Use HostPort
+  group: "Daemonset Configuration"
+- variable: daemonset.useHostPID
+  default: false
+  description: "Run the agent in the host's PID namespace"
+  type: boolean
+  label: Use HostPID
+  group: "Daemonset Configuration"
+#proxy configurations
+- variable: datadog.httpProxy
+  default: ""
+  description: "An http URL to use as a proxy for http requests"
+  type: string
+  label: Datadog Proxy for HTTP Requests
+  group: "Proxy Configuration"
+- variable: datadog.httpsProxy
+  default: ""
+  description: "An http URL to use as a proxy for https requests"
+  type: string
+  label: Datadog Proxy for HTTPS Requests
+  group: "Proxy Configuration"
+- variable: datadog.noProxy
+  default: ""
+  description: "a space-separated list of URLs for which no proxy should be used"
+  type: string
+  label: Datadog No-Proxy List(separated by a space)
+  group: "Proxy Configuration"
+# Optional Collection agents
+- variable: datadog.apmEnabled
+  default: false
+  description: "Run the trace-agent along with the infrastructure agent, allowing the container to accept traces on 8126/tcp"
+  type: boolean
+  label: Enable APM
+  group: "Optional Collection Agents"
+- variable: datadog.apmNonLocalTraffic
+  default: false
+  description: "Allow non-local traffic when tracing from other containers"
+  type: boolean
+  label: Allow APM Non-local Traffic
+  group: "Optional Collection Agents"
+- variable: datadog.processAgentEnabled
+  default: false
+  description: "Enable live process collection in the process-agent"
+  type: boolean
+  label: Enable Live Process Agent
+  group: "Optional Collection Agents"
+- variable: datadog.logsEnabled
+  default: false
+  description: "Run the log-agent along with the infrastructure agent"
+  type: boolean
+  label: Collect Logs
+  group: "Optional Collection Agents"
+
+#Kube State Metrics
+- variable: kubeStateMetrics.enabled
+  default: true
+  description: "Create a kube-state-metrics deployment"
+  type: boolean
+  label: Deployment KubeState Metrics Deployment
+  group: "Kube-State-Metrics"

charts/datadog/latest/requirements.lock

+dependencies:
+- name: kube-state-metrics
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 0.13.1
+digest: sha256:4eeef86887d04fc0fadad89d23d9aba59aac95bdf70b3122046bcdb3fde8a10d
+generated: 2019-02-11T11:42:33.861791+08:00

charts/datadog/latest/requirements.yaml

+dependencies:
+  - name: kube-state-metrics
+    version: 0.13.1
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    condition: kubeStateMetrics.enabled

charts/datadog/latest/templates/NOTES.txt

+{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }}
+DataDog agents are spinning up on each node in your cluster. After a few
+minutes, you should see your agents starting in your event stream:
+
+    https://app.datadoghq.com/event/stream
+  {{- if .Values.datadog.apiKeyExistingSecret }}
+You disabled creation of Secret containing API key, therefore it is expected
+that you create Secret named '{{ .Values.datadog.apiKeyExistingSecret }}' which includes a key called 'api-key' containing the API key.
+  {{- else if (.Values.datadog.apiKey) }}
+  {{- end }}
+{{- else }}
+##############################################################################
+####               ERROR: You did not set a datadog.apiKey.               ####
+##############################################################################
+
+This deployment will be incomplete until you get your API key from Datadog.
+One can sign up for a free Datadog trial at https://app.datadoghq.com/signup
+
+Once registered you can request an API key at:
+
+    https://app.datadoghq.com/account/settings#agent/kubernetes
+
+Then run:
+
+    helm upgrade {{ .Release.Name }} \
+        --set datadog.apiKey=YOUR-KEY-HERE stable/datadog
+{{- end }}
+
+{{- if .Values.clusterAgent.enabled }}
+
+  {{- if .Values.clusterAgent.metricsProvider.enabled }}
+    {{- if .Values.datadog.appKeyExistingSecret }}
+You disabled creation of Secret containing APP key, therefore it is expected
+that you create a Secret named '{{ .Values.datadog.appKeyExistingSecret }}' which includes a key called 'app-key' containing the APP key.
+    {{- else if (.Values.datadog.appKey) }}
+    {{- else }}
+
+##############################################################################
+####               ERROR: You did not set a datadog.appKey.               ####
+##############################################################################
+
+This deployment will be incomplete until you get your APP key from Datadog.
+Create an application key at https://app.datadoghq.com/account/settings#api
+    {{- end }}
+  {{- end }}
+
+  {{- if not .Values.clusterAgent.token }}
+
+##############################################################################
+####               INFO: You did not set a clusterAgent.token            ####
+##############################################################################
+
+Because you enabled the Cluster Agent but did not provide a token, a random token was generated.
+This token is used to secure the communication between the Agents and the Cluster Agent.
+
+Make sure to recreate all pods on upgrade (with the --recreate-pods flag) to ensure all
+agents use the same shared token.
+
+  {{- end }}
+
+{{- end }}
+
+{{- if .Values.datadog.apmEnabled }}
+The datadog agent is listening on port 8126.
+{{- end }}
+
+{{- if .Values.datadog.autoconf }}
+
+#################################################################
+####               WARNING: Deprecation notice               ####
+#################################################################
+
+The autoconf value is deprecated, Autodiscovery templates can now
+be safely moved to the confd value. As a temporary measure, both
+values were merged into the {{ template "datadog.confd.fullname" . }} configmap,
+but this will be removed in a future chart release.
+Please note that duplicate file names may have conflicted during
+the merge. In that case, the confd entry will take precedence.
+{{- end }}
+
+{{- if eq .Values.image.repository "datadog/docker-dd-agent" }}
+
+######################################################################
+####               ERROR: Unsupported agent version               ####
+######################################################################
+
+This version of the chart does not support deploying Agent 5.x.
+If you cannot upgrade to Agent 6.x, you can use a previous version
+of the chart by calling helm install with `--version 0.18.0`.
+{{- end }}

charts/datadog/latest/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "datadog.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "datadog.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return secret name to be used based on provided values.
+*/}}
+{{- define "datadog.apiSecretName" -}}
+{{- $fullName := include "datadog.fullname" . -}}
+{{- default $fullName .Values.datadog.apiKeyExistingSecret | quote -}}
+{{- end -}}
+
+{{/*
+Return secret name to be used based on provided values.
+*/}}
+{{- define "datadog.appKeySecretName" -}}
+{{- $fullName := printf "%s-appkey" (include "datadog.fullname" .) -}}
+{{- default $fullName .Values.datadog.appKeyExistingSecret | quote -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified confd name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datadog.confd.fullname" -}}
+{{- printf "%s-datadog-confd" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified checksd name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datadog.checksd.fullname" -}}
+{{- printf "%s-datadog-checksd" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified cluster-agent name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datadog.clusterAgent.fullname" -}}
+{{- printf "%s-cluster-agent" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for RBAC APIs.
+*/}}
+{{- define "rbac.apiVersion" -}}
+{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion -}}
+"rbac.authorization.k8s.io/v1"
+{{- else -}}
+"rbac.authorization.k8s.io/v1beta1"
+{{- end -}}
+{{- end -}}

charts/datadog/latest/templates/agent-apiservice.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}}
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.external.metrics.k8s.io
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+spec:
+  service:
+    name: {{ template "datadog.clusterAgent.fullname" . }}-metrics-api
+    namespace: {{ .Release.Namespace }}
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  group: external.metrics.k8s.io
+  groupPriorityMinimum: 100
+  versionPriority: 100
+  priority: 100
+{{- end -}}

charts/datadog/latest/templates/agent-clusterrole.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - events
+  - endpoints
+  - pods
+  - nodes
+  - componentstatuses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["quota.openshift.io"]
+  resources:
+  - clusterresourcequotas
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - "autoscaling"
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - list
+  - watch
+{{- if .Values.datadog.collectEvents }}
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - datadogtoken  # Kubernetes event collection state
+  verbs:
+  - get
+  - update
+{{- end }}
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - datadog-leader-election  # Leader election token
+{{- if .Values.clusterAgent.metricsProvider.enabled }}
+  - datadog-custom-metrics
+  - extension-apiserver-authentication
+{{- end }}
+  verbs:
+  - get
+  - update
+- apiGroups:  # To create the leader election token
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+- nonResourceURLs:
+  - "/version"
+  - "/healthz"
+  verbs:
+  - get
+{{- end -}}

charts/datadog/latest/templates/agent-clusterrolebinding-auth-delegator.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  name: {{ template "datadog.clusterAgent.fullname" . }}:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "datadog.clusterAgent.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/datadog/latest/templates/agent-clusterrolebinding.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "datadog.clusterAgent.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/datadog/latest/templates/agent-secret.yaml

+{{- if .Values.clusterAgent.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+type: Opaque
+data:
+  {{ if .Values.clusterAgent.token -}}
+  token: {{ .Values.clusterAgent.token | b64enc | quote }}
+  {{ else -}}
+  token: {{ randAlphaNum 32 | b64enc | quote }}
+  {{ end }}
+{{- end }}

charts/datadog/latest/templates/agent-service-cmd.yaml

+{{- if .Values.clusterAgent.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+spec:
+  type: ClusterIP
+  selector:
+    app: {{ template "datadog.clusterAgent.fullname" . }}
+  ports:
+  - port: 5005
+    name: agentport
+    protocol: TCP
+{{ end }}

charts/datadog/latest/templates/agent-service-metrics.yaml

+{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "datadog.clusterAgent.fullname" . }}-metrics-api
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+spec:
+  type: ClusterIP
+  selector:
+    app: {{ template "datadog.clusterAgent.fullname" . }}
+  ports:
+  - port: 443
+    name: metricsapi
+    protocol: TCP
+{{ end }}

charts/datadog/latest/templates/agent-serviceaccount.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+{{- end -}}

charts/datadog/latest/templates/agenthpa-rolebinding.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  name: "{{ template "datadog.clusterAgent.fullname" . }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "datadog.clusterAgent.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/datadog/latest/templates/apikey-secret.yaml

+{{- if not .Values.datadog.apiKeyExistingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "datadog.fullname" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+type: Opaque
+data:
+  api-key: {{ default "MISSING" .Values.datadog.apiKey | b64enc | quote }}
+
+{{- end }}

charts/datadog/latest/templates/appkey-secret.yaml

+{{- if not .Values.datadog.appKeyExistingSecret }}
+{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "datadog.appKeySecretName" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+type: Opaque
+data:
+  app-key: {{ default "MISSING" .Values.datadog.appKey | b64enc | quote }}
+{{- end }}
+{{- end }}

charts/datadog/latest/templates/checksd-configmap.yaml

+{{- if .Values.datadog.checksd }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "datadog.checksd.fullname" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  annotations:
+    checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }}
+data:
+{{ tpl (toYaml .Values.datadog.checksd) . | indent 2 }}
+{{- end -}}

charts/datadog/latest/templates/cluster-agent-deployment.yaml

+{{- if .Values.clusterAgent.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "datadog.clusterAgent.fullname" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+spec:
+  replicas: {{ .Values.clusterAgent.replicas }}
+  selector:
+    matchLabels:
+      app: {{ template "datadog.clusterAgent.fullname" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "datadog.clusterAgent.fullname" . }}
+      name: {{ template "datadog.clusterAgent.fullname" . }}
+    spec:
+      {{- if .Values.clusterAgent.image.pullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ .Values.clusterAgent.containerName }}
+        image: "{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}"
+        imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.clusterAgent.resources | indent 12 }}
+        ports:
+        - containerPort: 5005
+          name: agentport
+          protocol: TCP
+        {{- if .Values.clusterAgent.metricsProvider.enabled }}
+        - containerPort: 443
+          name: metricsapi
+          protocol: TCP
+        {{- end }}
+        env:
+          - name: DD_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "datadog.apiSecretName" . }}
+                key: api-key
+          {{- if .Values.clusterAgent.metricsProvider.enabled }}
+          - name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED
+            value: {{ .Values.clusterAgent.metricsProvider.enabled | quote }}
+          - name: DD_APP_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "datadog.appKeySecretName" . }}
+                key: app-key
+          {{- end }}
+          {{- if .Values.datadog.site }}
+          - name: DD_SITE
+            value: {{ .Values.datadog.site | quote }}
+          {{- end }}
+          {{- if .Values.datadog.dd_url }}
+          - name: DD_DD_URL
+            value: {{ .Values.datadog.dd_url | quote }}
+          {{- end }}
+          {{- if .Values.datadog.logLevel }}
+          - name: DD_LOG_LEVEL
+            value: {{ .Values.datadog.logLevel | quote }}
+          {{- end }}
+          - name: DD_LEADER_ELECTION
+            value: {{ .Values.datadog.leaderElection | default "true" | quote}}
+          {{- if .Values.datadog.leaderLeaseDuration }}
+          - name: DD_LEADER_LEASE_DURATION
+            value: {{ .Values.datadog.leaderLeaseDuration | quote }}
+          {{- end }}
+          {{- if .Values.datadog.collectEvents }}
+          - name: DD_COLLECT_KUBERNETES_EVENTS
+            value: {{ .Values.datadog.collectEvents | quote}}
+          - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME
+            value: {{ template "datadog.clusterAgent.fullname" . }}
+          {{- end }}
+          - name: DD_CLUSTER_AGENT_AUTH_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "datadog.clusterAgent.fullname" . }}
+                key: token
+          - name: DD_KUBE_RESOURCES_NAMESPACE
+            value: {{ .Release.Namespace }}
+{{- if .Values.clusterAgent.env }}
+{{ toYaml .Values.clusterAgent.env | indent 10 }}
+{{- end }}
+{{- if .Values.clusterAgent.livenessProbe }}
+        livenessProbe:
+{{ toYaml .Values.clusterAgent.livenessProbe | indent 10 }}
+{{- else if .Values.clusterAgent.metricsProvider.enabled }}
+        livenessProbe:
+          httpGet:
+            port: 443
+            path: /healthz
+            scheme: HTTPS
+{{- end }}
+{{- if .Values.clusterAgent.readinessProbe }}
+        readinessProbe:
+{{ toYaml .Values.clusterAgent.readinessProbe | indent 10 }}
+{{- else if .Values.clusterAgent.metricsProvider.enabled}}
+        readinessProbe:
+          httpGet:
+            port: 443
+            path: /healthz
+            scheme: HTTPS
+{{- end }}
+      {{- if .Values.clusterAgent.tolerations }}
+      tolerations:
+{{ toYaml .Values.clusterAgent.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.clusterAgent.affinity }}
+      affinity:
+{{ toYaml .Values.clusterAgent.affinity | indent 8 }}
+      {{- end }}
+      serviceAccountName: {{ if .Values.rbac.create }}{{ template "datadog.clusterAgent.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }}
+{{ end }}

charts/datadog/latest/templates/clusterrole.yaml

+{{- if .Values.rbac.create -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+  name: {{ template "datadog.fullname" . }}
+rules:
+{{- if not .Values.clusterAgent.enabled }}
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - events
+  - endpoints
+  - pods
+  - nodes
+  - componentstatuses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["quota.openshift.io"]
+  resources:
+  - clusterresourcequotas
+  verbs:
+  - get
+  - list
+{{- if .Values.datadog.collectEvents }}
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - datadogtoken  # Kubernetes event collection state
+  verbs:
+  - get
+  - update
+{{- end }}
+{{- if .Values.datadog.leaderElection }}
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  resourceNames:
+  - datadog-leader-election  # Leader election token
+  verbs:
+  - get
+  - update
+- apiGroups:  # To create the leader election token
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+{{- end }}
+- nonResourceURLs:
+  - "/version"
+  - "/healthz"
+  verbs:
+  - get
+{{- end }}
+- apiGroups:  # Kubelet connectivity
+  - ""
+  resources:
+  - nodes/metrics
+  - nodes/spec
+  - nodes/proxy
+  verbs:
+  - get
+{{- end -}}

charts/datadog/latest/templates/clusterrolebinding.yaml

+{{- if .Values.rbac.create -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  name: {{ template "datadog.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "datadog.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "datadog.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/datadog/latest/templates/confd-configmap.yaml

+{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "datadog.confd.fullname" . }}
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  annotations:
+    checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }}
+    checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }}
+data:
+{{/*
+Merge the legacy autoconf dict before so confd static configurations
+override duplicates
+*/}}
+{{- if .Values.datadog.autoconf }}
+{{ tpl (toYaml .Values.datadog.autoconf) . | indent 2 }}
+{{- end -}}
+{{- if .Values.datadog.confd }}
+{{ tpl (toYaml .Values.datadog.confd) . | indent 2 }}
+{{- end -}}
+{{- end -}}

charts/datadog/latest/templates/hpa-clusterrole.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+  name: {{ template "datadog.clusterAgent.fullname" . }}-external-metrics-reader
+rules:
+- apiGroups:
+  - "external.metrics.k8s.io"
+  resources:
+  - "*"
+  verbs:
+  - list
+  - get
+  - watch
+{{- end -}}

charts/datadog/latest/templates/hpa-clusterrolebinding.yaml

+{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}}
+apiVersion: {{ template "rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  name: {{ template "datadog.clusterAgent.fullname" . }}-external-metrics-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "datadog.clusterAgent.fullname" . }}-external-metrics-reader
+subjects:
+- kind: ServiceAccount
+  name: horizontal-pod-autoscaler
+  namespace: kube-system
+{{- end -}}

charts/datadog/latest/templates/serviceaccount.yaml

+# You need to use that account for your dd-agent DaemonSet
+{{ if .Values.rbac.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: "{{ template "datadog.fullname" . }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+  name: {{ template "datadog.fullname" . }}
+{{- end -}}