In #1573 , datadog.sbom.containerImage.uncompressedLayersSupport was set to true to prevent errors for the SBOM feature on EKS, GKE, AKS where discard_uncompressed_layers is enabled by default. However, this feature requires CAP_SYS_ADMIN and mounts some directories that are not necessarily compatible with other distributions such as GKE Autopilot where the Daemonset can't be admitted anymore. This PR gates this default behind datadog.sbom.containerImage.enabled (false by default) to ensure we only add these modifications if and only if the user wants to use the SBOM container image feature.
Which issue this PR fixes
Fixes #1584
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[ ] Chart Version bumped
[ ] Documentation has been updated with helm-docs (run: .github/helm-docs.sh)
[ ] CHANGELOG.md has been updated
[ ] Variables are documented in the README.md
[ ] For Datadog Operator chart or value changes update the test baselines (run: make update-test-baselines)
What this PR does / why we need it:
In #1573 ,
datadog.sbom.containerImage.uncompressedLayersSupportwas set totrueto prevent errors for the SBOM feature on EKS, GKE, AKS where discard_uncompressed_layers is enabled by default. However, this feature requiresCAP_SYS_ADMINand mounts some directories that are not necessarily compatible with other distributions such as GKE Autopilot where the Daemonset can't be admitted anymore. This PR gates this default behinddatadog.sbom.containerImage.enabled(falseby default) to ensure we only add these modifications if and only if the user wants to use the SBOM container image feature.Which issue this PR fixes
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
.github/helm-docs.sh)CHANGELOG.mdhas been updatedREADME.mdmake update-test-baselines)