diff --git a/apis/datadoghq/common/envvar.go b/apis/datadoghq/common/envvar.go index ba045573a..de272a4cf 100644 --- a/apis/datadoghq/common/envvar.go +++ b/apis/datadoghq/common/envvar.go @@ -79,6 +79,8 @@ const ( DDPodLabelsAsTags = "DD_KUBERNETES_POD_LABELS_AS_TAGS" DDPPMReceiverSocket = "DD_APM_RECEIVER_SOCKET" DDProcessAgentEnabled = "DD_PROCESS_AGENT_ENABLED" + DDProcessConfigScrubArgs = "DD_PROCESS_CONFIG_SCRUB_ARGS" + DDProcessConfigStripArgs = "DD_PROCESS_CONFIG_STRIP_PROC_ARGUMENTS" DDPrometheusScrapeChecks = "DD_PROMETHEUS_SCRAPE_CHECKS" DDPrometheusScrapeEnabled = "DD_PROMETHEUS_SCRAPE_ENABLED" DDPrometheusScrapeServiceEndpoints = "DD_PROMETHEUS_SCRAPE_SERVICE_ENDPOINTS" diff --git a/apis/datadoghq/v2alpha1/datadogagent_default_test.go b/apis/datadoghq/v2alpha1/datadogagent_default_test.go index e6f263d54..e9607caaf 100644 --- a/apis/datadoghq/v2alpha1/datadogagent_default_test.go +++ b/apis/datadoghq/v2alpha1/datadogagent_default_test.go @@ -225,6 +225,48 @@ func Test_defaultFeatures(t *testing.T) { }, }, }, + { + name: "liveProcess is enabled", + ddaSpec: &DatadogAgentSpec{ + Features: &DatadogFeatures{ + LiveProcessCollection: &LiveProcessCollectionFeatureConfig{ + Enabled: apiutils.NewBoolPointer(valueTrue), + }, + }, + }, + want: &DatadogAgentSpec{ + Features: &DatadogFeatures{ + LiveProcessCollection: &LiveProcessCollectionFeatureConfig{ + Enabled: apiutils.NewBoolPointer(valueTrue), + }, + LiveContainerCollection: &LiveContainerCollectionFeatureConfig{ + Enabled: apiutils.NewBoolPointer(defaultLiveContainerCollectionEnabled), + }, + Dogstatsd: &DogstatsdFeatureConfig{ + OriginDetectionEnabled: apiutils.NewBoolPointer(defaultDogstatsdOriginDetectionEnabled), + HostPortConfig: &HostPortConfig{Enabled: apiutils.NewBoolPointer(defaultDogstatsdHostPortEnabled)}, + UnixDomainSocketConfig: &UnixDomainSocketConfig{ + Enabled: apiutils.NewBoolPointer(defaultDogstatsdSocketEnabled), + Path: apiutils.NewStringPointer(defaultDogstatsdSocketPath), + }, + }, + EventCollection: &EventCollectionFeatureConfig{ + CollectKubernetesEvents: apiutils.NewBoolPointer(defaultCollectKubernetesEvents), + }, + OrchestratorExplorer: &OrchestratorExplorerFeatureConfig{ + Enabled: apiutils.NewBoolPointer(defaultOrchestratorExplorerEnabled), + ScrubContainers: apiutils.NewBoolPointer(defaultOrchestratorExplorerScrubContainers), + }, + KubeStateMetricsCore: &KubeStateMetricsCoreFeatureConfig{ + Enabled: apiutils.NewBoolPointer(defaultKubeStateMetricsCoreEnabled), + }, + ClusterChecks: &ClusterChecksFeatureConfig{ + Enabled: apiutils.NewBoolPointer(defaultClusterChecksEnabled), + UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners), + }, + }, + }, + }, { name: "logCollection is enabled", ddaSpec: &DatadogAgentSpec{ diff --git a/apis/datadoghq/v2alpha1/datadogagent_types.go b/apis/datadoghq/v2alpha1/datadogagent_types.go index 58bae1e6c..510657ad9 100644 --- a/apis/datadoghq/v2alpha1/datadogagent_types.go +++ b/apis/datadoghq/v2alpha1/datadogagent_types.go @@ -170,6 +170,16 @@ type LiveProcessCollectionFeatureConfig struct { // Default: false // +optional Enabled *bool `json:"enabled,omitempty"` + + // ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). + // Default: true + // +optional + ScrubProcessArguments *bool `json:"scrubProcessArguments,omitempty"` + + // StripProcessArguments enables stripping of all process arguments. + // Default: false + // +optional + StripProcessArguments *bool `json:"stripProcessArguments,omitempty"` } // LiveContainerCollectionFeatureConfig contains Container Collection configuration. diff --git a/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go b/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go index 6711701ef..889be69b8 100644 --- a/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go +++ b/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go @@ -1061,6 +1061,16 @@ func (in *LiveProcessCollectionFeatureConfig) DeepCopyInto(out *LiveProcessColle *out = new(bool) **out = **in } + if in.ScrubProcessArguments != nil { + in, out := &in.ScrubProcessArguments, &out.ScrubProcessArguments + *out = new(bool) + **out = **in + } + if in.StripProcessArguments != nil { + in, out := &in.StripProcessArguments, &out.StripProcessArguments + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LiveProcessCollectionFeatureConfig. diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml index 6a79dbb16..fdfe8dd9e 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml @@ -13142,6 +13142,15 @@ spec: description: 'Enabled enables Process monitoring. Default: false' type: boolean + scrubProcessArguments: + description: 'ScrubProcessArguments enables scrubbing of sensitive + data in process command-lines (passwords, tokens, etc. ). + Default: true' + type: boolean + stripProcessArguments: + description: 'StripProcessArguments enables stripping of all + process arguments. Default: false' + type: boolean type: object logCollection: description: LogCollection configuration. diff --git a/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml index dda2bf83e..85f77815b 100644 --- a/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml @@ -26030,6 +26030,15 @@ spec: description: 'Enabled enables Process monitoring. Default: false' type: boolean + scrubProcessArguments: + description: 'ScrubProcessArguments enables scrubbing of sensitive + data in process command-lines (passwords, tokens, etc. ). + Default: true' + type: boolean + stripProcessArguments: + description: 'StripProcessArguments enables stripping of all + process arguments. Default: false' + type: boolean type: object logCollection: description: LogCollection configuration. diff --git a/controllers/datadogagent/controller.go b/controllers/datadogagent/controller.go index 6fad4d0bc..b10915e45 100644 --- a/controllers/datadogagent/controller.go +++ b/controllers/datadogagent/controller.go @@ -39,6 +39,7 @@ import ( _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/enabledefault" _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/eventcollection" _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/kubernetesstatecore" + _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/liveprocess" _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/logcollection" _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/npm" _ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/oomkill" diff --git a/controllers/datadogagent/feature/ids.go b/controllers/datadogagent/feature/ids.go index 38cbd092b..5e1dbd8b7 100644 --- a/controllers/datadogagent/feature/ids.go +++ b/controllers/datadogagent/feature/ids.go @@ -17,6 +17,8 @@ const ( EventCollectionIDType = "event_collection" // KubernetesStateCoreIDType Kubernetes state core check feature. KubernetesStateCoreIDType = "ksm" + // LiveProcessIDType Live Process feature. + LiveProcessIDType = "live_process" // OrchestratorExplorerIDType Orchestrator Explorer feature. OrchestratorExplorerIDType = "orchestrator_explorer" // LogCollectionIDType Log Collection feature. diff --git a/controllers/datadogagent/feature/liveprocess/feature.go b/controllers/datadogagent/feature/liveprocess/feature.go new file mode 100644 index 000000000..0144c3d30 --- /dev/null +++ b/controllers/datadogagent/feature/liveprocess/feature.go @@ -0,0 +1,134 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + +package liveprocess + +import ( + corev1 "k8s.io/api/core/v1" + + "github.com/DataDog/datadog-operator/apis/datadoghq/v1alpha1" + "github.com/DataDog/datadog-operator/apis/datadoghq/v2alpha1" + apiutils "github.com/DataDog/datadog-operator/apis/utils" + + apicommon "github.com/DataDog/datadog-operator/apis/datadoghq/common" + apicommonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1" + "github.com/DataDog/datadog-operator/controllers/datadogagent/feature" + "github.com/DataDog/datadog-operator/controllers/datadogagent/object/volume" +) + +func init() { + err := feature.Register(feature.LiveProcessIDType, buildLiveProcessFeature) + if err != nil { + panic(err) + } +} + +func buildLiveProcessFeature(options *feature.Options) feature.Feature { + liveProcessFeat := &liveProcessFeature{} + + return liveProcessFeat +} + +type liveProcessFeature struct { + scrubArgs *bool + stripArgs *bool +} + +// ID returns the ID of the Feature +func (f *liveProcessFeature) ID() feature.IDType { + return feature.LiveProcessIDType +} + +// Configure is used to configure the feature from a v2alpha1.DatadogAgent instance. +func (f *liveProcessFeature) Configure(dda *v2alpha1.DatadogAgent) (reqComp feature.RequiredComponents) { + if dda.Spec.Features.LiveProcessCollection != nil && apiutils.BoolValue(dda.Spec.Features.LiveProcessCollection.Enabled) { + if dda.Spec.Features.LiveProcessCollection.ScrubProcessArguments != nil { + f.scrubArgs = apiutils.NewBoolPointer(*dda.Spec.Features.LiveProcessCollection.ScrubProcessArguments) + } + if dda.Spec.Features.LiveProcessCollection.StripProcessArguments != nil { + f.stripArgs = apiutils.NewBoolPointer(*dda.Spec.Features.LiveProcessCollection.StripProcessArguments) + } + reqComp = feature.RequiredComponents{ + Agent: feature.RequiredComponent{ + IsRequired: apiutils.NewBoolPointer(true), + Containers: []apicommonv1.AgentContainerName{ + apicommonv1.CoreAgentContainerName, + apicommonv1.ProcessAgentContainerName, + }, + }, + } + } + + return reqComp +} + +// ConfigureV1 use to configure the feature from a v1alpha1.DatadogAgent instance. +func (f *liveProcessFeature) ConfigureV1(dda *v1alpha1.DatadogAgent) (reqComp feature.RequiredComponents) { + if dda.Spec.Agent.Process != nil && *dda.Spec.Agent.Process.ProcessCollectionEnabled { + reqComp = feature.RequiredComponents{ + Agent: feature.RequiredComponent{ + IsRequired: apiutils.NewBoolPointer(true), + Containers: []apicommonv1.AgentContainerName{ + apicommonv1.CoreAgentContainerName, + apicommonv1.ProcessAgentContainerName, + }, + }, + } + } + + return reqComp +} + +// ManageDependencies allows a feature to manage its dependencies. +// Feature's dependencies should be added in the store. +func (f *liveProcessFeature) ManageDependencies(managers feature.ResourceManagers, components feature.RequiredComponents) error { + return nil +} + +// ManageClusterAgent allows a feature to configure the ClusterAgent's corev1.PodTemplateSpec +// It should do nothing if the feature doesn't need to configure it. +func (f *liveProcessFeature) ManageClusterAgent(managers feature.PodTemplateManagers) error { + return nil +} + +// ManageNodeAgent allows a feature to configure the Node Agent's corev1.PodTemplateSpec +// It should do nothing if the feature doesn't need to configure it. +func (f *liveProcessFeature) ManageNodeAgent(managers feature.PodTemplateManagers) error { + // passwd volume mount + passwdVol, passwdVolMount := volume.GetVolumes(apicommon.PasswdVolumeName, apicommon.PasswdHostPath, apicommon.PasswdMountPath, true) + managers.VolumeMount().AddVolumeMountToContainer(&passwdVolMount, apicommonv1.ProcessAgentContainerName) + managers.Volume().AddVolume(&passwdVol) + + enableEnvVar := &corev1.EnvVar{ + Name: apicommon.DDProcessAgentEnabled, + Value: "true", + } + + managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, enableEnvVar) + + if f.scrubArgs != nil { + scrubArgsEnvVar := &corev1.EnvVar{ + Name: apicommon.DDProcessConfigScrubArgs, + Value: apiutils.BoolToString(f.scrubArgs), + } + managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, scrubArgsEnvVar) + } + + if f.stripArgs != nil { + stripArgsEnvVar := &corev1.EnvVar{ + Name: apicommon.DDProcessConfigStripArgs, + Value: apiutils.BoolToString(f.stripArgs), + } + managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, stripArgsEnvVar) + } + + return nil +} + +// ManageClusterChecksRunner allows a feature to configure the ClusterChecksRunner's corev1.PodTemplateSpec +// It should do nothing if the feature doesn't need to configure it. +func (f *liveProcessFeature) ManageClusterChecksRunner(managers feature.PodTemplateManagers) error { + return nil +} diff --git a/controllers/datadogagent/feature/liveprocess/feature_test.go b/controllers/datadogagent/feature/liveprocess/feature_test.go new file mode 100644 index 000000000..c4018d978 --- /dev/null +++ b/controllers/datadogagent/feature/liveprocess/feature_test.go @@ -0,0 +1,195 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + +package liveprocess + +import ( + "testing" + + apicommon "github.com/DataDog/datadog-operator/apis/datadoghq/common" + apicommonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1" + "github.com/DataDog/datadog-operator/apis/datadoghq/v1alpha1" + "github.com/DataDog/datadog-operator/apis/datadoghq/v2alpha1" + apiutils "github.com/DataDog/datadog-operator/apis/utils" + "github.com/DataDog/datadog-operator/controllers/datadogagent/feature" + "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/fake" + "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/test" + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" +) + +func createEmptyFakeManager(t testing.TB) feature.PodTemplateManagers { + mgr := fake.NewPodTemplateManagers(t) + return mgr +} + +func Test_liveProcessFeature_Configure(t *testing.T) { + ddav1LiveProcessDisabled := v1alpha1.DatadogAgent{ + Spec: v1alpha1.DatadogAgentSpec{ + Agent: v1alpha1.DatadogAgentSpecAgentSpec{ + Process: &v1alpha1.ProcessSpec{ + ProcessCollectionEnabled: apiutils.NewBoolPointer(false), + }, + }, + }, + } + + ddav1LiveProcessEnabled := ddav1LiveProcessDisabled.DeepCopy() + { + ddav1LiveProcessEnabled.Spec.Agent.Process.ProcessCollectionEnabled = apiutils.NewBoolPointer(true) + } + + ddav2LiveProcessDisabled := v2alpha1.DatadogAgent{ + Spec: v2alpha1.DatadogAgentSpec{ + Features: &v2alpha1.DatadogFeatures{ + LiveProcessCollection: &v2alpha1.LiveProcessCollectionFeatureConfig{ + Enabled: apiutils.NewBoolPointer(false), + }, + }, + }, + } + ddav2LiveProcessEnabled := ddav2LiveProcessDisabled.DeepCopy() + { + ddav2LiveProcessEnabled.Spec.Features.LiveProcessCollection.Enabled = apiutils.NewBoolPointer(true) + } + + liveProcessAgentNodeWantFunc := func(t testing.TB, mgrInterface feature.PodTemplateManagers) { + mgr := mgrInterface.(*fake.PodTemplateManagers) + + // check volume mounts + wantVolumeMounts := []corev1.VolumeMount{ + { + Name: apicommon.PasswdVolumeName, + MountPath: apicommon.PasswdMountPath, + ReadOnly: true, + }, + } + + processAgentMounts := mgr.VolumeMountMgr.VolumeMountsByC[apicommonv1.ProcessAgentContainerName] + assert.True(t, apiutils.IsEqualStruct(processAgentMounts, wantVolumeMounts), "Process Agent volume mounts \ndiff = %s", cmp.Diff(processAgentMounts, wantVolumeMounts)) + + // check volumes + wantVolumes := []corev1.Volume{ + { + Name: apicommon.PasswdVolumeName, + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: apicommon.PasswdHostPath, + }, + }, + }, + } + + volumes := mgr.VolumeMgr.Volumes + assert.True(t, apiutils.IsEqualStruct(volumes, wantVolumes), "Volumes \ndiff = %s", cmp.Diff(volumes, wantVolumes)) + + // check env vars + wantEnvVars := []*corev1.EnvVar{ + { + Name: apicommon.DDProcessAgentEnabled, + Value: "true", + }, + } + + processAgentEnvVars := mgr.EnvVarMgr.EnvVarsByC[apicommonv1.ProcessAgentContainerName] + assert.True(t, apiutils.IsEqualStruct(processAgentEnvVars, wantEnvVars), "Process Agent envvars \ndiff = %s", cmp.Diff(processAgentEnvVars, wantEnvVars)) + } + + ddav2LiveProcessEnabledWithScrubStripArgs := ddav2LiveProcessEnabled.DeepCopy() + { + ddav2LiveProcessEnabledWithScrubStripArgs.Spec.Features.LiveProcessCollection.ScrubProcessArguments = apiutils.NewBoolPointer(true) + ddav2LiveProcessEnabledWithScrubStripArgs.Spec.Features.LiveProcessCollection.StripProcessArguments = apiutils.NewBoolPointer(true) + } + + liveProcessAgentNodeWantFuncWithScrubStripArgs := func(t testing.TB, mgrInterface feature.PodTemplateManagers) { + mgr := mgrInterface.(*fake.PodTemplateManagers) + + // check volume mounts + wantVolumeMounts := []corev1.VolumeMount{ + { + Name: apicommon.PasswdVolumeName, + MountPath: apicommon.PasswdMountPath, + ReadOnly: true, + }, + } + + processAgentMounts := mgr.VolumeMountMgr.VolumeMountsByC[apicommonv1.ProcessAgentContainerName] + assert.True(t, apiutils.IsEqualStruct(processAgentMounts, wantVolumeMounts), "Process Agent volume mounts \ndiff = %s", cmp.Diff(processAgentMounts, wantVolumeMounts)) + + // check volumes + wantVolumes := []corev1.Volume{ + { + Name: apicommon.PasswdVolumeName, + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: apicommon.PasswdHostPath, + }, + }, + }, + } + + volumes := mgr.VolumeMgr.Volumes + assert.True(t, apiutils.IsEqualStruct(volumes, wantVolumes), "Volumes \ndiff = %s", cmp.Diff(volumes, wantVolumes)) + + // check env vars + wantEnvVars := []*corev1.EnvVar{ + { + Name: apicommon.DDProcessAgentEnabled, + Value: "true", + }, + { + Name: apicommon.DDProcessConfigScrubArgs, + Value: "true", + }, + { + Name: apicommon.DDProcessConfigStripArgs, + Value: "true", + }, + } + + processAgentEnvVars := mgr.EnvVarMgr.EnvVarsByC[apicommonv1.ProcessAgentContainerName] + assert.True(t, apiutils.IsEqualStruct(processAgentEnvVars, wantEnvVars), "Process Agent envvars \ndiff = %s", cmp.Diff(processAgentEnvVars, wantEnvVars)) + } + + tests := test.FeatureTestSuite{ + /////////////////////////// + // v1alpha1.DatadogAgent // + /////////////////////////// + { + Name: "v1alpha1 live process collection not enabled", + DDAv1: ddav1LiveProcessDisabled.DeepCopy(), + WantConfigure: false, + }, + { + Name: "v1alpha1 live process collection enabled", + DDAv1: ddav1LiveProcessEnabled, + WantConfigure: true, + Agent: test.NewDefaultComponentTest().WithWantFunc(liveProcessAgentNodeWantFunc), + }, + /////////////////////////// + // v2alpha1.DatadogAgent // + /////////////////////////// + { + Name: "v2alpha1 live process collection not enabled", + DDAv2: ddav2LiveProcessDisabled.DeepCopy(), + WantConfigure: false, + }, + { + Name: "v2alpha1 live process collection enabled", + DDAv2: ddav2LiveProcessEnabled, + WantConfigure: true, + Agent: test.NewDefaultComponentTest().WithWantFunc(liveProcessAgentNodeWantFunc), + }, + { + Name: "v2alpha1 live process collection enabled with scrub and strip args", + DDAv2: ddav2LiveProcessEnabledWithScrubStripArgs, + WantConfigure: true, + Agent: test.NewDefaultComponentTest().WithWantFunc(liveProcessAgentNodeWantFuncWithScrubStripArgs), + }, + } + + tests.Run(t, buildLiveProcessFeature) +} diff --git a/controllers/datadogagent/feature/test/testsuite.go b/controllers/datadogagent/feature/test/testsuite.go index 7f6272a44..9cabfca2f 100644 --- a/controllers/datadogagent/feature/test/testsuite.go +++ b/controllers/datadogagent/feature/test/testsuite.go @@ -141,11 +141,11 @@ func runTest(t *testing.T, tt FeatureTest, buildFunc feature.BuildFunc) { } if gotConfigure.IsEnabled() != tt.WantConfigure { - t.Errorf("feature.Configure() = %v, want %v", gotConfigure, tt.WantConfigure) + t.Errorf("feature.Configure() = %v, want %v", gotConfigure.IsEnabled(), tt.WantConfigure) } if !gotConfigure.IsEnabled() { - // If the feature is now enable return now + // If the feature is not enabled return now return } diff --git a/controllers/datadogagent_controller_v2_test.go b/controllers/datadogagent_controller_v2_test.go index b0ce48b65..58bedd21f 100644 --- a/controllers/datadogagent_controller_v2_test.go +++ b/controllers/datadogagent_controller_v2_test.go @@ -79,6 +79,11 @@ var _ = Describe("V2 Controller - DatadogAgent Deployment", func() { testFunction(testutils.NewDatadogAgentWithKSM(namespace, "with-ksm")), ) + Context( + "with live process collection", + testFunction(testutils.NewDatadogAgentWithLiveProcessCollection(namespace, "with-live-process-collection")), + ) + Context( "with log collection", testFunction(testutils.NewDatadogAgentWithLogCollection(namespace, "with-log-collection")), diff --git a/controllers/testutils/agent.go b/controllers/testutils/agent.go index 2572d1321..fa0d6f180 100644 --- a/controllers/testutils/agent.go +++ b/controllers/testutils/agent.go @@ -116,6 +116,19 @@ func NewDatadogAgentWithKSM(namespace string, name string) v2alpha1.DatadogAgent ) } +// NewDatadogAgentWithLiveProcessCollection returns an agent with LiveProcess collection enabled +func NewDatadogAgentWithLiveProcessCollection(namespace string, name string) v2alpha1.DatadogAgent { + return newDatadogAgentWithFeatures( + namespace, + name, + &v2alpha1.DatadogFeatures{ + LiveProcessCollection: &v2alpha1.LiveProcessCollectionFeatureConfig{ + Enabled: apiutils.NewBoolPointer(true), + }, + }, + ) +} + // NewDatadogAgentWithLogCollection returns an agent with log collection enabled func NewDatadogAgentWithLogCollection(namespace string, name string) v2alpha1.DatadogAgent { return newDatadogAgentWithFeatures( diff --git a/docs/configuration.v2alpha1.md b/docs/configuration.v2alpha1.md index a6ca3eec4..070f8b363 100644 --- a/docs/configuration.v2alpha1.md +++ b/docs/configuration.v2alpha1.md @@ -78,6 +78,8 @@ spec: | features.kubeStateMetricsCore.enabled | Enabled enables Kube State Metrics Core. Default: true | | features.liveContainerCollection.enabled | Enables container collection for the Live Container View. Default: true | | features.liveProcessCollection.enabled | Enabled enables Process monitoring. Default: false | +| features.liveProcessCollection.scrubProcessArguments | ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). Default: true | +| features.liveProcessCollection.stripProcessArguments | StripProcessArguments enables stripping of all process arguments. Default: false | | features.logCollection.containerCollectAll | ContainerCollectAll enables Log collection from all containers. Default: false | | features.logCollection.containerCollectUsingFiles | ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default: true | | features.logCollection.containerLogsPath | ContainerLogsPath allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest Default: `/var/lib/docker/containers` |