--- title: Configure the Datadog Operator description: >- Configure Datadog Agent deployment options using DatadogAgent custom resource specifications and example manifests breadcrumbs: Docs > Containers > Datadog Operator > Configure the Datadog Operator --- # Configure the Datadog Operator This page lists commonly-used configuration parameters for the Datadog Operator. For all configuration parameters, see the [configuration spec](https://github.com/DataDog/datadog-operator/blob/main/docs/configuration.v2alpha1.md) in the [`DataDog/datadog-operator`](https://github.com/DataDog/datadog-operator/) repo. ### Example manifests{% #example-manifests %} - [Manifest with logs, APM, process, and metrics collection enabled](https://github.com/DataDog/datadog-operator/blob/main/examples/datadogagent/datadog-agent-all.yaml) - [Manifest with logs, APM, and metrics collection enabled](https://github.com/DataDog/datadog-operator/blob/main/examples/datadogagent/datadog-agent-with-logs-apm.yaml) - [Manifest with APM and metrics collection enabled](https://github.com/DataDog/datadog-operator/blob/main/examples/datadogagent/datadog-agent-with-apm-hostport.yaml) - [Manifest with Cluster Agent](https://github.com/DataDog/datadog-operator/blob/main/examples/datadogagent/datadog-agent-with-clusteragent.yaml) - [Manifest with tolerations](https://github.com/DataDog/datadog-operator/blob/main/examples/datadogagent/datadog-agent-with-tolerations.yaml) ## Global options{% #global-options %} The table in this section lists configurable parameters for the `DatadogAgent` resource. To override parameters for individual components (Node Agent, Cluster Agent, or Cluster Checks Runner) see override options. For example: the following manifest uses the `global.clusterName` parameter to set a custom cluster name: ```yaml apiVersion: datadoghq.com/v2alpha1 kind: DatadogAgent metadata: name: datadog spec: global: clusterName: my-test-cluster credentials: apiSecret: secretName: datadog-secret keyName: api-key appSecret: secretName: datadog-secret keyName: app-key ``` {% collapsible-section open=null #global-options-list %} #### Parameters {% dl %} {% dt %} `features.admissionController.agentCommunicationMode` {% /dt %} {% dd %} AgentCommunicationMode corresponds to the mode used by the Datadog application libraries to communicate with the Agent. It can be "hostip", "service", or "socket". {% /dd %} {% dt %} `features.admissionController.agentSidecarInjection` {% /dt %} {% dd %} AgentSidecarInjection contains Agent sidecar injection configurations. See [link](https://docs.datadoghq.com/integrations/eks_fargate/?tab=admissioncontrollerdatadogoperator) for more information. {% /dd %} {% dt %} `features.admissionController.cwsInstrumentation.enabled` {% /dt %} {% dd %} Enable the CWS Instrumentation admission controller endpoint. Default: false {% /dd %} {% dt %} `features.admissionController.cwsInstrumentation.mode` {% /dt %} {% dd %} Defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". Default: "remote_copy" {% /dd %} {% dt %} `features.admissionController.enabled` {% /dt %} {% dd %} Enables the Admission Controller. Default: true {% /dd %} {% dt %} `features.admissionController.failurePolicy` {% /dt %} {% dd %} FailurePolicy determines how unrecognized and timeout errors are handled. {% /dd %} {% dt %} `features.admissionController.kubernetesAdmissionEvents.enabled` {% /dt %} {% dd %} Enable the Kubernetes Admission Events feature. Default: false {% /dd %} {% dt %} `features.admissionController.mutateUnlabelled` {% /dt %} {% dd %} MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false {% /dd %} {% dt %} `features.admissionController.mutation.enabled` {% /dt %} {% dd %} Enables the Admission Controller mutation webhook. Default: true {% /dd %} {% dt %} `features.admissionController.registry` {% /dt %} {% dd %} Defines an image registry for the admission controller. {% /dd %} {% dt %} `features.admissionController.serviceName` {% /dt %} {% dd %} ServiceName corresponds to the webhook service name. {% /dd %} {% dt %} `features.admissionController.validation.enabled` {% /dt %} {% dd %} Enables the Admission Controller validation webhook. Default: true {% /dd %} {% dt %} `features.admissionController.webhookName` {% /dt %} {% dd %} WebhookName is a custom name for the MutatingWebhookConfiguration. Default: "datadog-webhook" {% /dd %} {% dt %} `features.apm.enabled` {% /dt %} {% dd %} Enables Application Performance Monitoring. Default: true {% /dd %} {% dt %} `features.apm.errorTrackingStandalone.enabled` {% /dt %} {% dd %} Enables Error Tracking for backend services. Default: false {% /dd %} {% dt %} `features.apm.hostPortConfig.enabled` {% /dt %} {% dd %} Enables host port configuration {% /dd %} {% dt %} `features.apm.hostPortConfig.hostPort` {% /dt %} {% dd %} Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) If HostNetwork is enabled, this value must match the ContainerPort. {% /dd %} {% dt %} `features.apm.instrumentation` {% /dt %} {% dd %} SingleStepInstrumentation allows the agent to inject the Datadog APM libraries into all pods in the cluster. Feature is in beta. See also: [https://docs.datadoghq.com/tracing/trace_collection/single-step-apm](https://docs.datadoghq.com/tracing/trace_collection/single-step-apm) Enabled Default: false {% /dd %} {% dt %} `features.apm.unixDomainSocketConfig.enabled` {% /dt %} {% dd %} Enables Unix Domain Socket. Default: true {% /dd %} {% dt %} `features.apm.unixDomainSocketConfig.path` {% /dt %} {% dd %} Defines the socket path used when enabled. {% /dd %} {% dt %} `features.asm.iast.enabled` {% /dt %} {% dd %} Enables Interactive Application Security Testing (IAST). Default: false {% /dd %} {% dt %} `features.asm.sca.enabled` {% /dt %} {% dd %} Enables Software Composition Analysis (SCA). Default: false {% /dd %} {% dt %} `features.asm.threats.enabled` {% /dt %} {% dd %} Enables ASM App & API Protection. Default: false {% /dd %} {% dt %} `features.autoscaling.cluster.enabled` {% /dt %} {% dd %} Enables the cluster autoscaling product. (Requires Cluster Agent 7.74.0+) Default: false {% /dd %} {% dt %} `features.autoscaling.workload.enabled` {% /dt %} {% dd %} Enables the workload autoscaling product. Default: false {% /dd %} {% dt %} `features.clusterChecks.enabled` {% /dt %} {% dd %} Enables Cluster Checks scheduling in the Cluster Agent. Default: true {% /dd %} {% dt %} `features.clusterChecks.useClusterChecksRunners` {% /dt %} {% dd %} Enabled enables Cluster Checks Runners to run all Cluster Checks. Default: false {% /dd %} {% dt %} `features.controlPlaneMonitoring.enabled` {% /dt %} {% dd %} Enables control plane monitoring checks in the cluster agent. Default: true {% /dd %} {% dt %} `features.cspm.checkInterval` {% /dt %} {% dd %} CheckInterval defines the check interval. {% /dd %} {% dt %} `features.cspm.customBenchmarks` {% /dt %} {% dd %} CustomBenchmarks contains CSPM benchmarks. The content of the ConfigMap will be merged with the benchmarks bundled with the agent. Any benchmarks with the same name as those existing in the agent will take precedence. {% /dd %} {% dt %} `features.cspm.enabled` {% /dt %} {% dd %} Enables Cloud Security Posture Management, including Docker and Kubernetes benchmarks. Default: false {% /dd %} {% dt %} `features.cspm.hostBenchmarks.enabled` {% /dt %} {% dd %} Enables Linux host benchmarks. Requires `features.cspm.enabled` to be set to `true`. Default: true {% /dd %} {% dt %} `features.cspm.runInSystemProbe` {% /dt %} {% dd %} RunInSystemProbe configures CSPM to send payloads directly from the system-probe, without using the security-agent. This is an experimental feature. Contact support before using. Default: false {% /dd %} {% dt %} `features.cws.customPolicies.configData` {% /dt %} {% dd %} ConfigData corresponds to the configuration file content. {% /dd %} {% dt %} `features.cws.customPolicies.configMap.items` {% /dt %} {% dd %} Maps a ConfigMap data `key` to a file `path` mount. {% /dd %} {% dt %} `features.cws.customPolicies.configMap.name` {% /dt %} {% dd %} Is the name of the ConfigMap. {% /dd %} {% dt %} `features.cws.directSendFromSystemProbe` {% /dt %} {% dd %} DirectSendFromSystemProbe configures CWS to send payloads directly from the system-probe, without using the security-agent. This is an experimental feature. Contact support before using. Default: false {% /dd %} {% dt %} `features.cws.enabled` {% /dt %} {% dd %} Enables Cloud Workload Security. Default: false {% /dd %} {% dt %} `features.cws.enforcement.enabled` {% /dt %} {% dd %} Enables Enforcement for Cloud Workload Security. Default: true {% /dd %} {% dt %} `features.cws.network.enabled` {% /dt %} {% dd %} Enables Cloud Workload Security Network detections. Default: true {% /dd %} {% dt %} `features.cws.remoteConfiguration.enabled` {% /dt %} {% dd %} Enables Remote Configuration for Cloud Workload Security. Default: true {% /dd %} {% dt %} `features.cws.securityProfiles.enabled` {% /dt %} {% dd %} Enables Security Profiles collection for Cloud Workload Security. Default: true {% /dd %} {% dt %} `features.cws.syscallMonitorEnabled` {% /dt %} {% dd %} SyscallMonitorEnabled enables Syscall Monitoring (recommended for troubleshooting only). Default: false {% /dd %} {% dt %} `features.dataPlane.dogstatsd.enabled` {% /dt %} {% dd %} Configures the Data Plane to handle DogStatsD traffic. When enabled, DogStatsD is disabled in the Core Agent. Default: false {% /dd %} {% dt %} `features.dataPlane.enabled` {% /dt %} {% dd %} Enables the Data Plane. Default: false {% /dd %} {% dt %} `features.dogstatsd.hostPortConfig.enabled` {% /dt %} {% dd %} Enables host port configuration {% /dd %} {% dt %} `features.dogstatsd.hostPortConfig.hostPort` {% /dt %} {% dd %} Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) If HostNetwork is enabled, this value must match the ContainerPort. {% /dd %} {% dt %} `features.dogstatsd.mapperProfiles.configData` {% /dt %} {% dd %} ConfigData corresponds to the configuration file content. {% /dd %} {% dt %} `features.dogstatsd.mapperProfiles.configMap.items` {% /dt %} {% dd %} Maps a ConfigMap data `key` to a file `path` mount. {% /dd %} {% dt %} `features.dogstatsd.mapperProfiles.configMap.name` {% /dt %} {% dd %} Is the name of the ConfigMap. {% /dd %} {% dt %} `features.dogstatsd.nonLocalTraffic` {% /dt %} {% dd %} NonLocalTraffic enables non-local traffic for Dogstatsd. Default: true {% /dd %} {% dt %} `features.dogstatsd.originDetectionEnabled` {% /dt %} {% dd %} OriginDetectionEnabled enables origin detection for container tagging. See also: [https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging](https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging) {% /dd %} {% dt %} `features.dogstatsd.tagCardinality` {% /dt %} {% dd %} TagCardinality configures tag cardinality for the metrics collected using origin detection (`low`, `orchestrator` or `high`). This setting only applies when OriginDetectionEnabled is true. See also: [https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables](https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#environment-variables) Cardinality default: low {% /dd %} {% dt %} `features.dogstatsd.unixDomainSocketConfig.enabled` {% /dt %} {% dd %} Enables Unix Domain Socket. Default: true {% /dd %} {% dt %} `features.dogstatsd.unixDomainSocketConfig.path` {% /dt %} {% dd %} Defines the socket path used when enabled. {% /dd %} {% dt %} `features.ebpfCheck.enabled` {% /dt %} {% dd %} Enables the eBPF check. Default: false {% /dd %} {% dt %} `features.eventCollection.collectKubernetesEvents` {% /dt %} {% dd %} CollectKubernetesEvents enables Kubernetes event collection. Default: true {% /dd %} {% dt %} `features.eventCollection.collectedEventTypes` {% /dt %} {% dd %} CollectedEventTypes defines the list of events to collect when UnbundleEvents is enabled. Default: [ {"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]}, {"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]}, {"kind":"CronJob","reasons":["SawCompletedJob"]} ] {% /dd %} {% dt %} `features.eventCollection.unbundleEvents` {% /dt %} {% dd %} UnbundleEvents enables collection of Kubernetes events as individual events. Default: false {% /dd %} {% dt %} `features.externalMetricsServer` {% /dt %} {% dd %} ExternalMetricsServer configuration. See [link](https://github.com/DataDog/datadog-operator/blob/main/docs/configuration.v2alpha1.md) for more information. {% /dd %} {% dt %} `features.gpu.enabled` {% /dt %} {% dd %} Enables GPU monitoring core check. Default: false {% /dd %} {% dt %} `features.gpu.patchCgroupPermissions` {% /dt %} {% dd %} PatchCgroupPermissions enables the patch of cgroup permissions for GPU monitoring, in case the container runtime is not properly configured and the Agent containers lose access to GPU devices. Default: false {% /dd %} {% dt %} `features.gpu.privilegedMode` {% /dt %} {% dd %} PrivilegedMode enables GPU Probe module in System Probe. Default: false {% /dd %} {% dt %} `features.gpu.requiredRuntimeClassName` {% /dt %} {% dd %} PodRuntimeClassName specifies the runtime class name required for the GPU monitoring feature. If the value is an empty string, the runtime class is not set. Default: nvidia {% /dd %} {% dt %} `features.helmCheck.collectEvents` {% /dt %} {% dd %} CollectEvents set to `true` enables event collection in the Helm check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) Default: false {% /dd %} {% dt %} `features.helmCheck.enabled` {% /dt %} {% dd %} Enables the Helm check. Default: false {% /dd %} {% dt %} `features.helmCheck.valuesAsTags` {% /dt %} {% dd %} ValuesAsTags collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). Default: {} {% /dd %} {% dt %} `features.kubeStateMetricsCore.collectCrMetrics` {% /dt %} {% dd %} `CollectCrMetrics` defines custom resources for the kube-state-metrics core check to collect. The datadog agent uses the same logic as upstream `kube-state-metrics`. So is its configuration. The exact structure and existing fields of each item in this list can be found in: [https://github.com/kubernetes/kube-state-metrics/blob/main/docs/metrics/extend/customresourcestate-metrics.md](https://github.com/kubernetes/kube-state-metrics/blob/main/docs/metrics/extend/customresourcestate-metrics.md) {% /dd %} {% dt %} `features.kubeStateMetricsCore.conf` {% /dt %} {% dd %} Overrides the configuration for the default Kubernetes State Metrics Core check. This must point to a ConfigMap containing a valid cluster check configuration. {% /dd %} {% dt %} `features.kubeStateMetricsCore.enabled` {% /dt %} {% dd %} Enables Kube State Metrics Core. Default: true {% /dd %} {% dt %} `features.liveContainerCollection.enabled` {% /dt %} {% dd %} Enables container collection for the Live Container View. Default: true {% /dd %} {% dt %} `features.liveProcessCollection.enabled` {% /dt %} {% dd %} Enables Process monitoring. Default: false {% /dd %} {% dt %} `features.liveProcessCollection.scrubProcessArguments` {% /dt %} {% dd %} ScrubProcessArguments enables scrubbing of sensitive data in process command-lines (passwords, tokens, etc. ). Default: true {% /dd %} {% dt %} `features.liveProcessCollection.stripProcessArguments` {% /dt %} {% dd %} StripProcessArguments enables stripping of all process arguments. Default: false {% /dd %} {% dt %} `features.logCollection.autoMultiLineDetection` {% /dt %} {% dd %} AutoMultiLineDetection allows the Agent to detect and aggregate common multi-line logs automatically. See also: [https://docs.datadoghq.com/agent/logs/auto_multiline_detection/](https://docs.datadoghq.com/agent/logs/auto_multiline_detection/) {% /dd %} {% dt %} `features.logCollection.containerCollectAll` {% /dt %} {% dd %} ContainerCollectAll enables Log collection from all containers. Default: false {% /dd %} {% dt %} `features.logCollection.containerCollectUsingFiles` {% /dt %} {% dd %} ContainerCollectUsingFiles enables log collection from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: [https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup) Default: true {% /dd %} {% dt %} `features.logCollection.containerLogsPath` {% /dt %} {% dd %} ContainerLogsPath allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: [https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest](https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest) Default: `/var/lib/docker/containers` {% /dd %} {% dt %} `features.logCollection.containerSymlinksPath` {% /dt %} {% dd %} ContainerSymlinksPath allows log collection to use symbolic links in this directory to validate container ID -> pod. Default: `/var/log/containers` {% /dd %} {% dt %} `features.logCollection.enabled` {% /dt %} {% dd %} Enables Log collection. Default: false {% /dd %} {% dt %} `features.logCollection.openFilesLimit` {% /dt %} {% dd %} OpenFilesLimit sets the maximum number of log files that the Datadog Agent tails. Increasing this limit can increase resource consumption of the Agent. See also: [https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup) Default: 100 {% /dd %} {% dt %} `features.logCollection.podLogsPath` {% /dt %} {% dd %} PodLogsPath allows log collection from a pod log path. Default: `/var/log/pods` {% /dd %} {% dt %} `features.logCollection.tempStoragePath` {% /dt %} {% dd %} TempStoragePath (always mounted from the host) is used by the Agent to store information about processed log files. If the Agent is restarted, it starts tailing the log files immediately. Default: `/var/lib/datadog-agent/logs` {% /dd %} {% dt %} `features.npm.collectDNSStats` {% /dt %} {% dd %} CollectDNSStats enables DNS stat collection. Default: false {% /dd %} {% dt %} `features.npm.directSend` {% /dt %} {% dd %} DirectSend enables CNM/USM to send data directly to the backend Default: false {% /dd %} {% dt %} `features.npm.enableConntrack` {% /dt %} {% dd %} EnableConntrack enables the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data. See also: [http://conntrack-tools.netfilter.org/](http://conntrack-tools.netfilter.org/) Default: false {% /dd %} {% dt %} `features.npm.enabled` {% /dt %} {% dd %} Enables Network Performance Monitoring. Default: false {% /dd %} {% dt %} `features.oomKill.enabled` {% /dt %} {% dd %} Enables the OOMKill eBPF-based check. Default: false {% /dd %} {% dt %} `features.orchestratorExplorer.conf.configData` {% /dt %} {% dd %} ConfigData corresponds to the configuration file content. {% /dd %} {% dt %} `features.orchestratorExplorer.conf.configMap.items` {% /dt %} {% dd %} Maps a ConfigMap data `key` to a file `path` mount. {% /dd %} {% dt %} `features.orchestratorExplorer.conf.configMap.name` {% /dt %} {% dd %} Is the name of the ConfigMap. {% /dd %} {% dt %} `features.orchestratorExplorer.customResources` {% /dt %} {% dd %} `CustomResources` defines custom resources for the orchestrator explorer to collect. Each item should follow the convention `group/version/kind`. For example, `datadoghq.com/v1alpha1/datadogmetrics`. {% /dd %} {% dt %} `features.orchestratorExplorer.ddUrl` {% /dt %} {% dd %} Override the API endpoint for the Orchestrator Explorer. URL Default: "[https://orchestrator.datadoghq.com](https://orchestrator.datadoghq.com)". {% /dd %} {% dt %} `features.orchestratorExplorer.enabled` {% /dt %} {% dd %} Enables the Orchestrator Explorer. Default: true {% /dd %} {% dt %} `features.orchestratorExplorer.extraTags` {% /dt %} {% dd %} Additional tags to associate with the collected data in the form of `a b c`. This is a Cluster Agent option distinct from DD_TAGS that is used in the Orchestrator Explorer. {% /dd %} {% dt %} `features.orchestratorExplorer.scrubContainers` {% /dt %} {% dd %} ScrubContainers enables scrubbing of sensitive container data (passwords, tokens, etc. ). Default: true {% /dd %} {% dt %} `features.otelAgentGateway.conf` {% /dt %} {% dd %} Overrides the configuration for the default OTel Agent Gateway. This must point to a ConfigMap containing a valid OTel collector configuration. When passing a configmap, file name *must* be otel-gateway-config.yaml. {% /dd %} {% dt %} `features.otelAgentGateway.enabled` {% /dt %} {% dd %} Enables the OTel Agent Gateway. Default: false {% /dd %} {% dt %} `features.otelAgentGateway.featureGates` {% /dt %} {% dd %} FeatureGates are the feature gates to pass to the OTel collector as a comma-separated list. Example: "component.UseLocalHostAsDefaultHost,connector.datadogconnector.NativeIngest" {% /dd %} {% dt %} `features.otelAgentGateway.ports` {% /dt %} {% dd %} Contains the ports that the OTel Collector is listening on. Defaults: otel-grpc:4317 / otel-http:4318. {% /dd %} {% dt %} `features.otelCollector` {% /dt %} {% dd %} OtelCollector configuration. See [link](https://docs.datadoghq.com/opentelemetry/setup/ddot_collector/install/kubernetes_daemonset/?tab=datadogoperator#overview) for more information. {% /dd %} {% dt %} `features.otlp` {% /dt %} {% dd %} OTLP ingest configuration See [link](https://docs.datadoghq.com/opentelemetry/setup/otlp_ingest_in_the_agent/?tab=kubernetesoperator) for more information. {% /dd %} {% dt %} `features.processDiscovery.enabled` {% /dt %} {% dd %} Enables the Process Discovery check in the Agent. Default: true {% /dd %} {% dt %} `features.prometheusScrape.additionalConfigs` {% /dt %} {% dd %} AdditionalConfigs allows adding advanced Prometheus check configurations with custom discovery rules. {% /dd %} {% dt %} `features.prometheusScrape.enableServiceEndpoints` {% /dt %} {% dd %} EnableServiceEndpoints enables generating dedicated checks for service endpoints. Default: false {% /dd %} {% dt %} `features.prometheusScrape.enabled` {% /dt %} {% dd %} Enable autodiscovery of pods and services exposing Prometheus metrics. Default: false {% /dd %} {% dt %} `features.prometheusScrape.version` {% /dt %} {% dd %} Specifies the version of the OpenMetrics check. Default: 2 {% /dd %} {% dt %} `features.remoteConfiguration.enabled` {% /dt %} {% dd %} Enable this option to activate Remote Configuration. Default: true {% /dd %} {% dt %} `features.sbom.containerImage.analyzers` {% /dt %} {% dd %} To use for SBOM collection. {% /dd %} {% dt %} `features.sbom.containerImage.enabled` {% /dt %} {% dd %} Enable this option to activate SBOM collection. Default: false {% /dd %} {% dt %} `features.sbom.containerImage.overlayFSDirectScan` {% /dt %} {% dd %} Enable this option to enable experimental overlayFS direct scan. Default: false {% /dd %} {% dt %} `features.sbom.containerImage.uncompressedLayersSupport` {% /dt %} {% dd %} Enable this option to enable support for uncompressed layers. Default: false {% /dd %} {% dt %} `features.sbom.enabled` {% /dt %} {% dd %} Enable this option to activate SBOM collection. Default: false {% /dd %} {% dt %} `features.sbom.host.analyzers` {% /dt %} {% dd %} To use for SBOM collection. {% /dd %} {% dt %} `features.sbom.host.enabled` {% /dt %} {% dd %} Enable this option to activate SBOM collection. Default: false {% /dd %} {% dt %} `features.serviceDiscovery.enabled` {% /dt %} {% dd %} Enables the service discovery check. Default: false {% /dd %} {% dt %} `features.serviceDiscovery.networkStats.enabled` {% /dt %} {% dd %} DEPRECATED: this field is ignored. {% /dd %} {% dt %} `features.tcpQueueLength.enabled` {% /dt %} {% dd %} Enables the TCP queue length eBPF-based check. Default: false {% /dd %} {% dt %} `features.usm.enabled` {% /dt %} {% dd %} Enables Universal Service Monitoring. Default: false {% /dd %} {% dt %} `global.checksTagCardinality` {% /dt %} {% dd %} ChecksTagCardinality configures tag cardinality for the metrics collected by integrations (`low`, `orchestrator` or `high`). See also: [https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#tags-cardinality](https://docs.datadoghq.com/getting_started/tagging/assigning_tags/?tab=containerizedenvironments#tags-cardinality). Not set by default to avoid overriding existing DD_CHECKS_TAG_CARDINALITY configurations, the default value in the Agent is low. Ref: [https://github.com/DataDog/datadog-agent/blob/856cf4a66142ce91fd4f8a278149436eb971184a/pkg/config/setup/config.go#L625](https://github.com/DataDog/datadog-agent/blob/856cf4a66142ce91fd4f8a278149436eb971184a/pkg/config/setup/config.go#L625). {% /dd %} {% dt %} `global.clusterAgentToken` {% /dt %} {% dd %} ClusterAgentToken is the token for communication between the NodeAgent and ClusterAgent. {% /dd %} {% dt %} `global.clusterAgentTokenSecret.keyName` {% /dt %} {% dd %} KeyName is the key of the secret to use. {% /dd %} {% dt %} `global.clusterAgentTokenSecret.secretName` {% /dt %} {% dd %} SecretName is the name of the secret. {% /dd %} {% dt %} `global.clusterName` {% /dt %} {% dd %} ClusterName sets a unique cluster name for the deployment to easily scope monitoring data in the Datadog app. {% /dd %} {% dt %} `global.containerStrategy` {% /dt %} {% dd %} ContainerStrategy determines whether agents run in a single or multiple containers. Default: 'optimized' {% /dd %} {% dt %} `global.credentials.apiKey` {% /dt %} {% dd %} APIKey configures your Datadog API key. See also: [https://app.datadoghq.com/account/settings#agent/kubernetes](https://app.datadoghq.com/account/settings#agent/kubernetes) {% /dd %} {% dt %} `global.credentials.apiSecret.keyName` {% /dt %} {% dd %} KeyName is the key of the secret to use. {% /dd %} {% dt %} `global.credentials.apiSecret.secretName` {% /dt %} {% dd %} SecretName is the name of the secret. {% /dd %} {% dt %} `global.credentials.appKey` {% /dt %} {% dd %} AppKey configures your Datadog application key. If you are using features.externalMetricsServer.enabled = true, you must set a Datadog application key for read access to your metrics. {% /dd %} {% dt %} `global.credentials.appSecret.keyName` {% /dt %} {% dd %} KeyName is the key of the secret to use. {% /dd %} {% dt %} `global.credentials.appSecret.secretName` {% /dt %} {% dd %} SecretName is the name of the secret. {% /dd %} {% dt %} `global.criSocketPath` {% /dt %} {% dd %} Path to the container runtime socket (if different from Docker). {% /dd %} {% dt %} `global.csi.enabled` {% /dt %} {% dd %} Enables the usage of CSI driver in Datadog Agent. Requires installation of Datadog CSI Driver [https://github.com/DataDog/helm-charts/tree/main/charts/datadog-csi-driver](https://github.com/DataDog/helm-charts/tree/main/charts/datadog-csi-driver) Default: false {% /dd %} {% dt %} `global.dockerSocketPath` {% /dt %} {% dd %} Path to the docker runtime socket. {% /dd %} {% dt %} `global.endpoint.credentials.apiKey` {% /dt %} {% dd %} APIKey configures your Datadog API key. See also: [https://app.datadoghq.com/account/settings#agent/kubernetes](https://app.datadoghq.com/account/settings#agent/kubernetes) {% /dd %} {% dt %} `global.endpoint.credentials.apiSecret.keyName` {% /dt %} {% dd %} KeyName is the key of the secret to use. {% /dd %} {% dt %} `global.endpoint.credentials.apiSecret.secretName` {% /dt %} {% dd %} SecretName is the name of the secret. {% /dd %} {% dt %} `global.endpoint.credentials.appKey` {% /dt %} {% dd %} AppKey configures your Datadog application key. If you are using features.externalMetricsServer.enabled = true, you must set a Datadog application key for read access to your metrics. {% /dd %} {% dt %} `global.endpoint.credentials.appSecret.keyName` {% /dt %} {% dd %} KeyName is the key of the secret to use. {% /dd %} {% dt %} `global.endpoint.credentials.appSecret.secretName` {% /dt %} {% dd %} SecretName is the name of the secret. {% /dd %} {% dt %} `global.endpoint.url` {% /dt %} {% dd %} URL defines the endpoint URL. {% /dd %} {% dt %} `global.env` {% /dt %} {% dd %} Contains a list of environment variables that are set for all Agents. {% /dd %} {% dt %} `global.fips` {% /dt %} {% dd %} FIPS contains configuration used to customize the FIPS proxy sidecar. See [link](https://github.com/DataDog/datadog-operator/blob/main/docs/configuration.v2alpha1.md) for more information. {% /dd %} {% dt %} `global.kubelet.agentCAPath` {% /dt %} {% dd %} AgentCAPath is the container path where the kubelet CA certificate is stored. Default: '/var/run/host-kubelet-ca.crt' if hostCAPath is set, else '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' {% /dd %} {% dt %} `global.kubelet.host` {% /dt %} {% dd %} Overrides the host used to contact kubelet API (default to status.hostIP). {% /dd %} {% dt %} `global.kubelet.hostCAPath` {% /dt %} {% dd %} HostCAPath is the host path where the kubelet CA certificate is stored. {% /dd %} {% dt %} `global.kubelet.podResourcesSocketPath` {% /dt %} {% dd %} PodResourcesSocketPath is the host path where the pod resources socket is stored. Default: `/var/lib/kubelet/pod-resources/` {% /dd %} {% dt %} `global.kubelet.tlsVerify` {% /dt %} {% dd %} TLSVerify toggles kubelet TLS verification. Default: true {% /dd %} {% dt %} `global.kubernetesResourcesAnnotationsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Resource Groups to annotations mapping to Datadog Tags. : : KUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods) {% /dd %} {% dt %} `global.kubernetesResourcesLabelsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Resource Groups to labels mapping to Datadog Tags. : : KUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods) {% /dd %} {% dt %} `global.localService.forceEnableLocalService` {% /dt %} {% dd %} ForceEnableLocalService forces the creation of the internal traffic policy service to target the agent running on the local node. This parameter only applies to Kubernetes 1.21, where the feature is in alpha and is disabled by default. (On Kubernetes 1.22+, the feature entered beta and the internal traffic service is created by default, so this parameter is ignored.) Default: false {% /dd %} {% dt %} `global.localService.nameOverride` {% /dt %} {% dd %} NameOverride defines the name of the internal traffic service to target the agent running on the local node. {% /dd %} {% dt %} `global.logLevel` {% /dt %} {% dd %} LogLevel sets logging verbosity. This can be overridden by container. Valid log levels are: trace, debug, info, warn, error, critical, and off. Default: 'info' {% /dd %} {% dt %} `global.namespaceAnnotationsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags. : {% /dd %} {% dt %} `global.namespaceLabelsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Namespace Labels to Datadog Tags. : {% /dd %} {% dt %} `global.networkPolicy.create` {% /dt %} {% dd %} Defines whether to create a NetworkPolicy for the current deployment. {% /dd %} {% dt %} `global.networkPolicy.dnsSelectorEndpoints` {% /dt %} {% dd %} DNSSelectorEndpoints defines the cilium selector of the DNS server entity. {% /dd %} {% dt %} `global.networkPolicy.flavor` {% /dt %} {% dd %} Defines Which network policy to use. {% /dd %} {% dt %} `global.nodeLabelsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Node Labels to Datadog Tags. : {% /dd %} {% dt %} `global.originDetectionUnified.enabled` {% /dt %} {% dd %} Enables unified mechanism for origin detection. Default: false {% /dd %} {% dt %} `global.podAnnotationsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Annotations to Datadog Tags. : {% /dd %} {% dt %} `global.podLabelsAsTags` {% /dt %} {% dd %} Provide a mapping of Kubernetes Labels to Datadog Tags. : {% /dd %} {% dt %} `global.registry` {% /dt %} {% dd %} Is the image registry to use for all Agent images. Use 'public.ecr.aws/datadog' for AWS ECR. Use 'datadoghq.azurecr.io' for Azure Container Registry. Use 'gcr.io/datadoghq' for Google Container Registry. Use 'eu.gcr.io/datadoghq' for Google Container Registry in the EU region. Use 'asia.gcr.io/datadoghq' for Google Container Registry in the Asia region. Use 'docker.io/datadog' for DockerHub. Default: 'gcr.io/datadoghq' {% /dd %} {% dt %} `global.secretBackend.args` {% /dt %} {% dd %} List of arguments to pass to the command (space-separated strings). {% /dd %} {% dt %} `global.secretBackend.command` {% /dt %} {% dd %} The secret backend command to use. Datadog provides a pre-defined binary `/readsecret_multiple_providers.sh`. Read more about `/readsecret_multiple_providers.sh` at [https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers](https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers). {% /dd %} {% dt %} `global.secretBackend.config` {% /dt %} {% dd %} Additional configuration for the secret backend type. {% /dd %} {% dt %} `global.secretBackend.enableGlobalPermissions` {% /dt %} {% dd %} Whether to create a global permission allowing Datadog agents to read all Kubernetes secrets. Default: `false`. {% /dd %} {% dt %} `global.secretBackend.refreshInterval` {% /dt %} {% dd %} The refresh interval for secrets (0 disables refreshing). Default: `0`. {% /dd %} {% dt %} `global.secretBackend.roles` {% /dt %} {% dd %} For Datadog to read the specified secrets, replacing `enableGlobalPermissions`. They are defined as a list of namespace/secrets. Each defined namespace needs to be present in the DatadogAgent controller using `WATCH_NAMESPACE` or `DD_AGENT_WATCH_NAMESPACE`. See also: [https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent](https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent). {% /dd %} {% dt %} `global.secretBackend.timeout` {% /dt %} {% dd %} The command timeout in seconds. Default: `30`. {% /dd %} {% dt %} `global.secretBackend.type` {% /dt %} {% dd %} The built-in secret backend type to use (e.g., `k8s.secrets`, `docker.secrets`, `aws.secrets`). Alternative to Command; when Type is set, the Agent uses the built-in backend to resolve secrets. Requires Agent 7.70+. {% /dd %} {% dt %} `global.site` {% /dt %} {% dd %} Is the Datadog intake site Agent data are sent to. Set to 'datadoghq.com' to send data to the US1 site (default). Set to 'datadoghq.eu' to send data to the EU site. Set to 'us3.datadoghq.com' to send data to the US3 site. Set to 'us5.datadoghq.com' to send data to the US5 site. Set to 'ddog-gov.com' to send data to the US1-FED site. Set to 'ap1.datadoghq.com' to send data to the AP1 site. Default: 'datadoghq.com' {% /dd %} {% dt %} `global.tags` {% /dt %} {% dd %} Contains a list of tags to attach to every metric, event and service check collected. Learn more about tagging: [https://docs.datadoghq.com/tagging/](https://docs.datadoghq.com/tagging/) {% /dd %} {% dt %} `global.useFIPSAgent` {% /dt %} {% dd %} UseFIPSAgent enables the FIPS flavor of the Agent. If 'true', the FIPS proxy will always be disabled. Default: 'false' {% /dd %} {% dt %} `global.useVSock` {% /dt %} {% dd %} UseVSock allows the use of VSock communication between the Agent and containerized workloads. Default: 'false' {% /dd %} {% dt %} `override` {% /dt %} {% dd %} The default configurations of the agents {% /dd %} {% /dl %} {% /collapsible-section %} For a complete list of parameters, see the [Operator configuration spec](https://github.com/DataDog/datadog-operator/blob/main/docs/configuration.v2alpha1.md#all-configuration-options). ## Override options{% #override-options %} The following table lists parameters that can be used to override default or global settings for individual components. `override` is a map with the following possible keys: `nodeAgent`, `clusterAgent`, `otelAgentGateway`, or `clusterChecksRunner`. Maps and arrays have a type annotation in the table. In the parameter names, `component` refers to one of these component keys, and `container` refers to a specific container name within that component (such as `agent`, `cluster-agent`, `process-agent`, `trace-agent`, or `system-probe`). For example: the following manifest overrides the Node Agent's image and tag, in addition to the resource limits of the system probe container: ```yaml apiVersion: datadoghq.com/v2alpha1 kind: DatadogAgent metadata: name: datadog spec: override: nodeAgent: image: name: agent tag: 7.41.0-rc.5 containers: system-probe: resources: limits: cpu: "2" memory: 1Gi ``` In the table, `spec.override.nodeAgent.image.name` and `spec.override.nodeAgent.containers.system-probe.resources.limits` appear as `[component].image.name` and `[component].containers.[container].resources.limits`, respectively. {% collapsible-section open=null #override-options-list %} #### Parameters {% dl %} {% dt %} `[component].affinity` {% /dt %} {% dd %} If specified, the pod's scheduling constraints. See [link](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) for more information. {% /dd %} {% dt %} `[component].annotations` {% /dt %} {% dd %} *type*: `map[string]string`Annotations provide annotations that are added to the different component (Datadog Agent, Cluster Agent, Cluster Check Runner) pods. {% /dd %} {% dt %} `[component].celWorkloadExclude` {% /dt %} {% dd %} *type*: `[]object`CELWorkloadExclude enables excluding workloads from monitoring using Common Expression Language (CEL). See [https://docs.datadoghq.com/containers/guide/container-discovery-management](https://docs.datadoghq.com/containers/guide/container-discovery-management) (Requires Agent 7.73+ and Cluster Agent 7.73+) {% /dd %} {% dt %} `[component].containers` {% /dt %} {% dd %} *type*: `map[string]object`Configure the basic configurations for each Agent container. Valid Agent container names are: `agent`, `cluster-agent`, `init-config`, `init-volume`, `process-agent`, `seccomp-setup`, `security-agent`, `system-probe`, and `trace-agent`. {% /dd %} {% dt %} `[component].containers.[container].appArmorProfileName` {% /dt %} {% dd %} AppArmorProfileName specifies an apparmor profile. {% /dd %} {% dt %} `[component].containers.[container].args` {% /dt %} {% dd %} *type*: `[]string`Args allows the specification of extra args to the `Command` parameter {% /dd %} {% dt %} `[component].containers.[container].command` {% /dt %} {% dd %} *type*: `[]string`Command allows the specification of a custom entrypoint for container {% /dd %} {% dt %} `[component].containers.[container].env` {% /dt %} {% dd %} *type*: `[]object`Specify additional environment variables in the container. See also: [https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables](https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables) {% /dd %} {% dt %} `[component].containers.[container].healthPort` {% /dt %} {% dd %} HealthPort of the container for the internal liveness probe. Must be the same as the Liveness/Readiness probes. {% /dd %} {% dt %} `[component].containers.[container].livenessProbe` {% /dt %} {% dd %} Configure the Liveness Probe of the container See [link](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for more information. {% /dd %} {% dt %} `[component].containers.[container].logLevel` {% /dt %} {% dd %} LogLevel sets logging verbosity (overrides global setting). Valid log levels are: trace, debug, info, warn, error, critical, and off. Default: 'info' {% /dd %} {% dt %} `[component].containers.[container].name` {% /dt %} {% dd %} Name of the container that is overridden {% /dd %} {% dt %} `[component].containers.[container].ports` {% /dt %} {% dd %} *type*: `[]object`Specify additional ports to be exposed by the container. Not specifying a port here DOES NOT prevent that port from being exposed. See [https://pkg.go.dev/k8s.io/api/core/v1#Container](https://pkg.go.dev/k8s.io/api/core/v1#Container) documentation for more details. {% /dd %} {% dt %} `[component].containers.[container].readinessProbe` {% /dt %} {% dd %} Configure the Readiness Probe of the container See [link](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for more information. {% /dd %} {% dt %} `[component].containers.[container].resources` {% /dt %} {% dd %} Specify the Request and Limits of the pods To get guaranteed QoS class, specify requests and limits equal. See also: [http://kubernetes.io/docs/user-guide/compute-resources/](http://kubernetes.io/docs/user-guide/compute-resources/) See [link](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for more information. {% /dd %} {% dt %} `[component].containers.[container].seccompConfig` {% /dt %} {% dd %} Seccomp configurations to override Operator actions. For all other Seccomp Profile manipulation, use SecurityContext. See [link](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#seccomp) for more information. {% /dd %} {% dt %} `[component].containers.[container].securityContext` {% /dt %} {% dd %} Container-level SecurityContext. See [link](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for more information. {% /dd %} {% dt %} `[component].containers.[container].startupProbe` {% /dt %} {% dd %} Configure the Startup Probe of the container See [link](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for more information. {% /dd %} {% dt %} `[component].containers.[container].volumeMounts` {% /dt %} {% dd %} *type*: `[]object`Specify additional volume mounts in the container. {% /dd %} {% dt %} `[component].createPodDisruptionBudget` {% /dt %} {% dd %} Set CreatePodDisruptionBudget to true to create a PodDisruptionBudget for this component. Not applicable for the Node Agent. A Cluster Agent PDB is set with 1 minimum available pod, and a Cluster Checks Runner PDB is set with 1 maximum unavailable pod. {% /dd %} {% dt %} `[component].createRbac` {% /dt %} {% dd %} Set CreateRbac to false to prevent automatic creation of Role/ClusterRole for this component {% /dd %} {% dt %} `[component].customConfigurations` {% /dt %} {% dd %} *type*: `map[string]object`CustomConfiguration allows to specify custom configuration files for `datadog.yaml`, `datadog-cluster.yaml`, `security-agent.yaml`, and `system-probe.yaml`. The content is merged with configuration generated by the Datadog Operator, with priority given to custom configuration. WARNING: It is possible to override values set in the `DatadogAgent`. {% /dd %} {% dt %} `[component].customConfigurations.[container].configData` {% /dt %} {% dd %} ConfigData corresponds to the configuration file content. {% /dd %} {% dt %} `[component].customConfigurations.[container].configMap.items` {% /dt %} {% dd %} Items maps a ConfigMap data `key` to a file `path` mount. {% /dd %} {% dt %} `[component].customConfigurations.[container].configMap.name` {% /dt %} {% dd %} Name is the name of the ConfigMap. {% /dd %} {% dt %} `[component].disabled` {% /dt %} {% dd %} Disabled force disables a component. {% /dd %} {% dt %} `[component].dnsConfig` {% /dt %} {% dd %} Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. See [link](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config) for more information. {% /dd %} {% dt %} `[component].dnsPolicy` {% /dt %} {% dd %} Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. See [link](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config) for more information. {% /dd %} {% dt %} `[component].env` {% /dt %} {% dd %} *type*: `[]object`Specify additional environment variables for all containers in this component Priority is Container > Component. See also: [https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables](https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables) {% /dd %} {% dt %} `[component].envFrom` {% /dt %} {% dd %} *type*: `[]object`EnvFrom specifies the ConfigMaps and Secrets to expose as environment variables. Priority is env > envFrom. {% /dd %} {% dt %} `[component].extraChecksd` {% /dt %} {% dd %} Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ See [https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6](https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6) for more details. {% /dd %} {% dt %} `[component].extraConfd` {% /dt %} {% dd %} Confd configuration allowing to specify config files for custom checks placed under /etc/datadog-agent/conf.d/. See [https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6](https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6) for more details. {% /dd %} {% dt %} `[component].hostNetwork` {% /dt %} {% dd %} Host networking requested for this pod. Use the host's network namespace. {% /dd %} {% dt %} `[component].hostPID` {% /dt %} {% dd %} Use the host's PID namespace. {% /dd %} {% dt %} `[component].image.jmxEnabled` {% /dt %} {% dd %} Define whether the Agent image should support JMX. To be used if the `Name` field does not correspond to a full image string. {% /dd %} {% dt %} `[component].image.name` {% /dt %} {% dd %} Defines the Agent image name for the pod. You can provide this as: * `` - Use `agent` for the Datadog Agent, `cluster-agent` for the Datadog Cluster Agent, or `dogstatsd` for DogStatsD. The full image string is derived from `global.registry`, `[key].image.tag`, and `[key].image.jmxEnabled`. * `:` - For example, `agent:latest`. The registry is derived from `global.registry`. `[key].image.tag` and `[key].image.jmxEnabled` are ignored. * `/:` - For example, `gcr.io/datadoghq/agent:latest`. If the full image string is specified like this, then `global.registry`, `[key].image.tag`, and `[key].image.jmxEnabled` are ignored. {% /dd %} {% dt %} `[component].image.pullPolicy` {% /dt %} {% dd %} The Kubernetes pull policy: Use `Always`, `Never`, or `IfNotPresent`. {% /dd %} {% dt %} `[component].image.pullSecrets` {% /dt %} {% dd %} It is possible to specify Docker registry credentials. See [https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) {% /dd %} {% dt %} `[component].image.tag` {% /dt %} {% dd %} Define the image tag to use. To be used if the `Name` field does not correspond to a full image string. {% /dd %} {% dt %} `[component].labels` {% /dt %} {% dd %} *type*: `map[string]string`AdditionalLabels provide labels that are added to the different component (Datadog Agent, Cluster Agent, Cluster Check Runner) pods. {% /dd %} {% dt %} `[component].name` {% /dt %} {% dd %} Name overrides the default name for the resource {% /dd %} {% dt %} `[component].nodeSelector` {% /dt %} {% dd %} *type*: `map[string]string`A map of key-value pairs. For this pod to run on a specific node, the node must have these key-value pairs as labels. See [https://kubernetes.io/docs/concepts/configuration/assign-pod-node/](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) {% /dd %} {% dt %} `[component].priorityClassName` {% /dt %} {% dd %} If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority is default, or zero if there is no default. {% /dd %} {% dt %} `[component].replicas` {% /dt %} {% dd %} Number of the replicas. Not applicable for a DaemonSet/ExtendedDaemonSet deployment {% /dd %} {% dt %} `[component].runtimeClassName` {% /dt %} {% dd %} If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. {% /dd %} {% dt %} `[component].securityContext` {% /dt %} {% dd %} Pod-level SecurityContext. See [link](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for more information. {% /dd %} {% dt %} `[component].serviceAccountAnnotations` {% /dt %} {% dd %} *type*: `map[string]string`Sets the ServiceAccountAnnotations used by this component. {% /dd %} {% dt %} `[component].serviceAccountName` {% /dt %} {% dd %} Sets the ServiceAccount used by this component. Ignored if the field CreateRbac is true. {% /dd %} {% dt %} `[component].tolerations` {% /dt %} {% dd %} *type*: `[]object`Configure the component tolerations. See [link](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for more information. {% /dd %} {% dt %} `[component].topologySpreadConstraints` {% /dt %} {% dd %} *type*: `[]object`TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. See [link](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#topologyspreadconstraint) for more information. {% /dd %} {% dt %} `[component].updateStrategy` {% /dt %} {% dd %} The deployment strategy to use to replace existing pods with new ones. See [link]([https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment) [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#updating-a-daemonset](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#updating-a-daemonset)) for more information. {% /dd %} {% dt %} `[component].volumes` {% /dt %} {% dd %} *type*: `[]object`Specify additional volumes in the different components (Datadog Agent, Cluster Agent, Cluster Check Runner). {% /dd %} {% /dl %} {% /collapsible-section %} For a complete list of parameters, see the [Operator configuration spec](https://github.com/DataDog/datadog-operator/blob/main/docs/configuration.v2alpha1.md#override).