DataDog · dd-mergequeue · Jan 5, 2026 · Oct 2, 2025 · Dec 23, 2025 · Dec 23, 2025
@@ -1,5 +1,9 @@
 # Datadog changelog
 
+## 3.158.0
+
+* deprecate-run-in-core-agent ([#2265](https://github.com/DataDog/helm-charts/pull/2265)).
+
 ## 3.157.0
 
 * Enable Datadog Operator chart dependency ([#2112](https://github.com/DataDog/helm-charts/pull/2112)).

@@ -1,7 +1,7 @@
 ---
 apiVersion: v1
 name: datadog
-version: 3.157.0
+version: 3.158.0
 appVersion: "7"
 description: Datadog Agent
 keywords:

@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.157.0](https://img.shields.io/badge/Version-3.157.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.158.0](https://img.shields.io/badge/Version-3.158.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -891,7 +891,7 @@ helm install <RELEASE_NAME> \
 | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset |
 | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection |
 | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations |
-| datadog.processAgent.runInCoreAgent | bool | `true` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.60.0+ and Linux. |
+| datadog.processAgent.runInCoreAgent | bool | `true` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.60.0+ and Linux. # DEPRECATED: This behavior will be enabled by default for installations that meet the requirements. |
 | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing |
 | datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. |
 | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) |

@@ -482,7 +482,7 @@ On GKE Autopilot environments, GPU Monitoring is not supported. The option 'data
 ####               INFO: OpenShift Control Plane Monitoring                    ####
 ###################################################################################
 
-Certificates are needed to communicate with the Etcd service, which can be found in the secret etcd-metric-client in the openshift-etcd-operator namespace. 
+Certificates are needed to communicate with the Etcd service, which can be found in the secret etcd-metric-client in the openshift-etcd-operator namespace.
 
 To give the Datadog Agent access to these certificates, copy them into the same namespace the Datadog Agent is running in:
 
@@ -750,45 +750,20 @@ To learn more about it please refer to the following documentation:
 https://docs.datadoghq.com/agent/guide/fips-agent/
 {{- end }}
 
-{{- if .Values.clusterAgent.admissionController.configMode }}
-{{- if and (not .Values.datadog.csi.enabled) (eq .Values.clusterAgent.admissionController.configMode "csi") }}
+{{- if (and (not .Values.datadog.csi.enabled ) (eq .Values.clusterAgent.admissionController.configMode "csi"))  }}
 ################################################################
 ###    WARNING: Admission Controller CSI Misconfiguration    ###
 ################################################################
 Enabling csi via `datadog.csi.enabled` is required to benefit from `csi` admission controller config mode.
 
 Otherwise, `socket` config mode will be used.
 {{- end }}
-{{- end }}
 
 {{- if and (eq .Values.targetSystem "linux") (not (.Values.datadog.processAgent.runInCoreAgent)) }}
 #################################################################
 ####               WARNING: Deprecation notice               ####
 #################################################################
 You have set `datadog.processAgent.runInCoreAgent` to `false`.
-Support for this configuration will be deprecated in a future version.
-This configuration controlled whether the Process Agent or Core Agent runs the following features: Live Processes, Live Containers, Process Discovery.
-This behavior will be adjusted automatically and the Core Agent will be used by default on versions 7.60+.
-
-{{- end }}
-
-{{- if and (ne (include "hpa-autoscaling-v2-supported" .) "true") (.Values.otelAgentGateway.autoscaling.enabled) }}
-
-###################################################################################
-####               WARNING: OTel Agent Gateway misconfiguration               ####
-###################################################################################
-OTel Agent Gateway autoscaling has no effect in Kubernetes version 1.22.x and below
-
-{{- end }}
-
-{{ if .Values.datadog.operator.enabled }}
-###################################################################################
-####                     INFO: Datadog Operator is enabled                     ####
-###################################################################################
-Datadog Operator is enabled by default and running.
-
-Learn more about the Datadog Operator: https://docs.datadoghq.com/containers/datadog_operator/
-
-To disable the Datadog Operator, set `datadog.operator.enabled` to `false`.
-
+However, this configuration is deprecated.
+If the agent version is 7.60+, the following features will run in the core agent: Live Processes, Live Containers, Process Discovery.
 {{- end }}
@@ -333,7 +333,7 @@
       mountPath: /host/sys/fs/cgroup
       mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
       readOnly: true
-    {{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") }}
+    {{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (and (eq (include "process-checks-enabled" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true")) }}
     - name: passwd
       mountPath: /etc/passwd
       readOnly: true

@@ -1289,7 +1289,7 @@ Create RBACs for custom resources
     false
   {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}}
     {{- include "get-process-checks-in-core-agent-envvar" . -}}
-  {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.60.0-0" (include "get-agent-version" .)) -}}
+  {{- else if and (not .Values.agents.image.doNotCheckTag) (semverCompare ">=7.60.0-0" (include "get-agent-version" .)) -}}
       true
   {{- else -}}
     false

@@ -843,6 +843,7 @@ datadog:
 
     # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery.
     ## This requires Agent 7.60.0+ and Linux.
+    ## DEPRECATED: This behavior will be enabled by default for installations that meet the requirements.
     runInCoreAgent: true
 
      # datadog.processAgent.containerCollection -- Set this to true to enable container collection

@@ -29,7 +29,7 @@ func Test_processAgentConfigs(t *testing.T) {
 		assertions func(t *testing.T, manifest string)
 	}{
 		{
-			name: "checks in process agent -- linux",
+			name: "default behavior -- linux",
 			command: common.HelmCommand{
 				ReleaseName: "datadog",
 				ChartPath:   "../../charts/datadog",
@@ -38,13 +38,12 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":        "datadog-secret",
 					"datadog.appKeyExistingSecret":        "datadog-secret",
-					"datadog.processAgent.runInCoreAgent": "false",
 				},
 			},
-			assertions: verifyDaemonsetProcessAgentChecks,
+			assertions: verifyDefaultDaemonset,
 		},
 		{
-			name: "checks in process agent -- windows",
+			name: "default behavior -- windows",
 			command: common.HelmCommand{
 				ReleaseName: "datadog",
 				ChartPath:   "../../charts/datadog",
@@ -72,7 +71,6 @@ func Test_processAgentConfigs(t *testing.T) {
 					"datadog.processAgent.containerCollection":               "false",
 					"datadog.processAgent.processDiscovery":                  "false",
 					"datadog.apm.instrumentation.language_detection.enabled": "false",
-					"datadog.processAgent.runInCoreAgent":                    "false",
 				},
 			},
 			assertions: verifyChecksOff,
@@ -92,7 +90,6 @@ func Test_processAgentConfigs(t *testing.T) {
 					"datadog.processAgent.processDiscovery":                  "false",
 					"datadog.apm.instrumentation.language_detection.enabled": "false",
 					"datadog.networkMonitoring.enabled":                      "true",
-					"datadog.processAgent.runInCoreAgent":                    "false",
 				},
 			},
 			assertions: verifyOnlyNetworkMonitoringEnabled,
@@ -107,7 +104,6 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":           "datadog-secret",
 					"datadog.appKeyExistingSecret":           "datadog-secret",
-					"datadog.processAgent.runInCoreAgent":    "true",
 					"datadog.processAgent.processCollection": "true",
 					"agents.image.tag":                       "7.60.0",
 				},
@@ -125,7 +121,6 @@ func Test_processAgentConfigs(t *testing.T) {
 					"datadog.apiKeyExistingSecret":        "datadog-secret",
 					"datadog.appKeyExistingSecret":        "datadog-secret",
 					"targetSystem":                        "windows",
-					"datadog.processAgent.runInCoreAgent": "true",
 					"agents.image.tag":                    "7.60.0",
 				},
 			},
@@ -146,7 +141,6 @@ func Test_processAgentConfigs(t *testing.T) {
 					"datadog.processAgent.processDiscovery":                  "false",
 					"datadog.apm.instrumentation.language_detection.enabled": "false",
 					"datadog.orchestratorExplorer.enabled":                   "true",
-					"datadog.processAgent.runInCoreAgent":                    "false",
 				},
 			},
 			assertions: verifyOrchestratorEnabledLatest,
@@ -181,7 +175,6 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":        "datadog-secret",
 					"datadog.appKeyExistingSecret":        "datadog-secret",
-					"datadog.processAgent.runInCoreAgent": "true",
 					"agents.image.tag":                    "7.52.0",
 				},
 			},
@@ -197,7 +190,6 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":        "datadog-secret",
 					"datadog.appKeyExistingSecret":        "datadog-secret",
-					"datadog.processAgent.runInCoreAgent": "true",
 					"agents.image.doNotCheckTag":          "true",
 				},
 			},
@@ -213,7 +205,6 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":           "datadog-secret",
 					"datadog.appKeyExistingSecret":           "datadog-secret",
-					"datadog.processAgent.runInCoreAgent":    "false",
 					"agents.image.doNotCheckTag":             "true",
 					"datadog.processAgent.processCollection": "true",
 				},
@@ -230,7 +221,6 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":                           "datadog-secret",
 					"datadog.appKeyExistingSecret":                           "datadog-secret",
-					"datadog.processAgent.runInCoreAgent":                    "false",
 					"datadog.processAgent.processCollection":                 "true",
 					"agents.image.tag":                                       "7.56",
 					"datadog.apm.instrumentation.language_detection.enabled": "true",
@@ -249,7 +239,6 @@ func Test_processAgentConfigs(t *testing.T) {
 				Overrides: map[string]string{
 					"datadog.apiKeyExistingSecret":                           "datadog-secret",
 					"datadog.appKeyExistingSecret":                           "datadog-secret",
-					"datadog.processAgent.runInCoreAgent":                    "true",
 					"datadog.processAgent.processCollection":                 "true",
 					"agents.image.tag":                                       "7.60.0",
 					"datadog.apm.instrumentation.language_detection.enabled": "true",
@@ -284,22 +273,18 @@ func Test_processAgentConfigs(t *testing.T) {
 	}
 }
 
-func verifyDaemonsetProcessAgentChecks(t *testing.T, manifest string) {
+func verifyDefaultDaemonset(t *testing.T, manifest string) {
 	var deployment appsv1.DaemonSet
 	common.Unmarshal(t, manifest, &deployment)
 	coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent")
 	assert.True(t, ok)
 	coreEnvs := getEnvVarMap(coreAgentContainer.Env)
 	assertDefaultCommonProcessEnvs(t, coreEnvs)
-	assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled])
-	assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts))
+	assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled])
+	assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts))
 
-	processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent")
-	assert.True(t, ok)
-	processEnvs := getEnvVarMap(processAgentContainer.Env)
-	assertDefaultCommonProcessEnvs(t, processEnvs)
-	assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled])
-	assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts))
+	_, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent")
+	assert.False(t, ok)
 }
 
 func verifyDaemonsetWindowsProcessAgentChecks(t *testing.T, manifest string) {
@@ -381,7 +366,7 @@ func verifyChecksOff(t *testing.T, manifest string) {
 	assert.True(t, ok)
 	coreEnvs := getEnvVarMap(coreAgentContainer.Env)
 	assertFalseCommonProcessEnvs(t, coreEnvs)
-	assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled])
+	assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled])
 	assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts))
 
 	_, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent")
@@ -391,18 +376,19 @@ func verifyChecksOff(t *testing.T, manifest string) {
 func verifyOnlyNetworkMonitoringEnabled(t *testing.T, manifest string) {
 	var deployment appsv1.DaemonSet
 	common.Unmarshal(t, manifest, &deployment)
+
 	coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent")
 	assert.True(t, ok)
 	coreEnvs := getEnvVarMap(coreAgentContainer.Env)
 	assertFalseCommonProcessEnvs(t, coreEnvs)
-	assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled])
+	assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled])
 	assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts))
 
 	processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent")
 	assert.True(t, ok)
 	processEnvs := getEnvVarMap(processAgentContainer.Env)
 	assertFalseCommonProcessEnvs(t, processEnvs)
-	assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled])
+	assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled])
 	assert.Equal(t, "true", processEnvs[DDSystemProbeEnabled])
 	assert.Equal(t, "true", processEnvs[DDNetworkMonitoringEnabled])
 	assert.False(t, getPasswdMount(t, processAgentContainer.VolumeMounts))
@@ -415,7 +401,7 @@ func verifyOrchestratorEnabledLatest(t *testing.T, manifest string) {
 	assert.True(t, ok)
 	coreEnvs := getEnvVarMap(coreAgentContainer.Env)
 	assertFalseCommonProcessEnvs(t, coreEnvs)
-	assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled])
+	assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled])
 	assert.Equal(t, "true", coreEnvs[DDOrchestratorEnabled])
 	assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts))