From 5f6a7efd14fa2751d322a3b0d874671f84d7b4b6 Mon Sep 17 00:00:00 2001 From: Brett Curtis Date: Fri, 15 Nov 2024 10:13:55 -0500 Subject: [PATCH] Update Datadog Operator version and disable APM, IAST, SCA, and CSPM by default (#16) --- regional/README.md | 48 +++++++++++++++++++++ regional/manifests/README.md | 74 +++++++++++++++++++++++++++++++++ regional/manifests/variables.tf | 40 +++++++++++------- regional/variables.tf | 2 +- 4 files changed, 149 insertions(+), 15 deletions(-) create mode 100644 regional/README.md create mode 100644 regional/manifests/README.md diff --git a/regional/README.md b/regional/README.md new file mode 100644 index 0000000..a096420 --- /dev/null +++ b/regional/README.md @@ -0,0 +1,48 @@ +# Terraform Documentation + +A child module automatically inherits its parent's default (un-aliased) provider configurations. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent. + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [helm](#provider\_helm) | 2.16.1 | +| [kubernetes](#provider\_kubernetes) | 2.33.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 | + +## Resources + +| Name | Type | +|------|------| +| [helm_release.datadog_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubernetes_secret_v1.datadog_operator_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [agent\_namespace](#input\_agent\_namespace) | Namespace for the Datadog Agent | `string` | `"datadog"` | no | +| [api\_key](#input\_api\_key) | Datadog API key | `string` | n/a | yes | +| [app\_key](#input\_app\_key) | Datadog APP key | `string` | n/a | yes | +| [cluster\_prefix](#input\_cluster\_prefix) | Prefix for your cluster name, region, and zone (if applicable) will be added to the end of the cluster name | `string` | n/a | yes | +| [limits\_cpu](#input\_limits\_cpu) | CPU limits for the Datadog Operator | `string` | `"200m"` | no | +| [limits\_memory](#input\_limits\_memory) | Memory limits for the Datadog Operator | `string` | `"64Mi"` | no | +| [operator\_version](#input\_operator\_version) | The version of the Datadog Operator to install | `string` | `"2.3.0"` | no | +| [requests\_cpu](#input\_requests\_cpu) | CPU requests for the Datadog Operator | `string` | `"100m"` | no | +| [requests\_memory](#input\_requests\_memory) | Memory requests for the Datadog Operator | `string` | `"32Mi"` | no | +| [watch\_namespaces](#input\_watch\_namespaces) | Restricts the Operator to watch its managed resources on specific namespaces - set to [""] to watch all namespaces | `list(string)` | 
[
  "datadog"
]
| no | + +## Outputs + +No outputs. + diff --git a/regional/manifests/README.md b/regional/manifests/README.md new file mode 100644 index 0000000..5562296 --- /dev/null +++ b/regional/manifests/README.md @@ -0,0 +1,74 @@ +# Terraform Documentation + +A child module automatically inherits its parent's default (un-aliased) provider configurations. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent. + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [kubernetes](#provider\_kubernetes) | 2.33.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 | + +## Resources + +| Name | Type | +|------|------| +| [kubernetes_manifest.agent](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | +| [kubernetes_manifest.kubernetes_monitor_templates](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | +| [kubernetes_priority_class_v1.datadog](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class_v1) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [api\_key](#input\_api\_key) | Datadog API key | `string` | n/a | yes | +| [app\_key](#input\_app\_key) | Datadog APP key | `string` | n/a | yes | +| [cluster\_agent\_env\_vars](#input\_cluster\_agent\_env\_vars) | Environment variables for the cluster agent | 
list(object({
    name  = string
    value = string
  }))
| `[]` | no | +| [cluster\_agent\_limits\_cpu](#input\_cluster\_agent\_limits\_cpu) | CPU limits for the Datadog cluster agent | `string` | `"200m"` | no | +| [cluster\_agent\_limits\_memory](#input\_cluster\_agent\_limits\_memory) | Memory limits for the Datadog cluster agent | `string` | `"256Mi"` | no | +| [cluster\_agent\_requests\_cpu](#input\_cluster\_agent\_requests\_cpu) | CPU requests for the Datadog cluster agent | `string` | `"100m"` | no | +| [cluster\_agent\_requests\_memory](#input\_cluster\_agent\_requests\_memory) | Memory requests for the Datadog cluster agent | `string` | `"128Mi"` | no | +| [cluster\_prefix](#input\_cluster\_prefix) | Prefix for your cluster name, region, and zone (if applicable) will be added to the end of the cluster name | `string` | n/a | yes | +| [enable\_apm](#input\_enable\_apm) | Enable Application Performance Monitoring (APM)
Cost: $36.00 per host monthly | `bool` | `false` | no | +| [enable\_apm\_instrumentation](#input\_enable\_apm\_instrumentation) | Enable Application Performance Monitoring (APM) Single-Step instrumentation | `bool` | `false` | no | +| [enable\_asm\_iast](#input\_enable\_asm\_iast) | Enable Interactive Application Security Testing (IAST) | `bool` | `false` | no | +| [enable\_asm\_sca](#input\_enable\_asm\_sca) | Enable Software Composition Analysis (SCA) | `bool` | `false` | no | +| [enable\_asm\_threats](#input\_enable\_asm\_threats) | Enable ASM App & API Protection
Cost: $36.00 per host monthly | `bool` | `false` | no | +| [enable\_container\_collect\_all](#input\_enable\_container\_collect\_all) | Enable log collection for all containers | `bool` | `true` | no | +| [enable\_cspm](#input\_enable\_cspm) | Enable Cloud Security Posture Management (CSPM)
Cost: $12.00 per host monthly | `bool` | `false` | no | +| [enable\_cws](#input\_enable\_cws) | Enable Cloud Workload Security (CWS)
Cost: $36.00 per host monthly | `bool` | `false` | no | +| [enable\_cws\_network\_detection](#input\_enable\_cws\_network\_detection) | Enable Cloud Workload Security (CWS) network detections | `bool` | `false` | no | +| [enable\_external\_metrics\_server](#input\_enable\_external\_metrics\_server) | Enable the External Metrics Server | `bool` | `true` | no | +| [enable\_jmx](#input\_enable\_jmx) | Whether the Agent image should support JMX | `bool` | `false` | no | +| [enable\_log\_collection](#input\_enable\_log\_collection) | Enable log collection | `bool` | `true` | no | +| [enable\_npm](#input\_enable\_npm) | Enable Network Performance Monitoring (NPM) | `bool` | `true` | no | +| [enable\_sbom](#input\_enable\_sbom) | Enable Software Bill of Materials (SBOM) | `bool` | `true` | no | +| [enable\_usm](#input\_enable\_usm) | Enable Universal Service Monitoring (USM) | `bool` | `true` | no | +| [node\_agent\_env\_dd\_container\_exclude](#input\_node\_agent\_env\_dd\_container\_exclude) | Environment variable for the Datadog node agent to exclude containers | `string` | `""` | no | +| [node\_agent\_env\_dd\_ignore\_auto\_conf](#input\_node\_agent\_env\_dd\_ignore\_auto\_conf) | Environment variable for the Datadog node agent to ignore auto configuration | `string` | `""` | no | +| [node\_agent\_image](#input\_node\_agent\_image) | Image for the Datadog node agent, relative to datadog | `string` | `"agent"` | no | +| [node\_agent\_limits\_cpu](#input\_node\_agent\_limits\_cpu) | CPU limits for the Datadog Node Agent | `string` | `"200m"` | no | +| [node\_agent\_limits\_memory](#input\_node\_agent\_limits\_memory) | Memory limits for the Datadog Node Agent | `string` | `"256Mi"` | no | +| [node\_agent\_log\_level](#input\_node\_agent\_log\_level) | Node Agent log level | `string` | `"info"` | no | +| [node\_agent\_requests\_cpu](#input\_node\_agent\_requests\_cpu) | CPU requests for the Datadog Node Agent | `string` | `"100m"` | no | +| [node\_agent\_requests\_memory](#input\_node\_agent\_requests\_memory) | Memory requests for the Datadog Node Agent | `string` | `"128Mi"` | no | +| [node\_agent\_tag](#input\_node\_agent\_tag) | Tag for the Datadog node agent image | `string` | `"7.59.0"` | no | +| [node\_agent\_tolerations](#input\_node\_agent\_tolerations) | Tolerations for the Datadog node agent | 
list(object({
    key      = string
    operator = string
    value    = string
    effect   = string
  }))
| `[]` | no | +| [registry](#input\_registry) | Docker registry for the Datadog container images | `string` | n/a | yes | +| [team](#input\_team) | Team name to be used as a tag in Datadog | `string` | n/a | yes | +| [trace\_agent\_env\_dd\_apm\_filter\_tags\_regex\_reject](#input\_trace\_agent\_env\_dd\_apm\_filter\_tags\_regex\_reject) | Environment variable values for the Datadog trace agent to regex reject APM tags | `string` | `""` | no | + +## Outputs + +No outputs. + diff --git a/regional/manifests/variables.tf b/regional/manifests/variables.tf index d2c632b..49b5cf8 100644 --- a/regional/manifests/variables.tf +++ b/regional/manifests/variables.tf @@ -52,9 +52,12 @@ variable "cluster_prefix" { } variable "enable_apm" { - description = "Enable Application Performance Monitoring (APM)" + description = <