DataDog · hestonhoffman · May 12, 2026 · May 7, 2026 · May 11, 2026 · May 11, 2026
@@ -71,20 +71,22 @@ Update the Datadog Operator and Agent image versions in your DatadogAgent manife
    ```bash
    helm repo update
    helm upgrade datadog-operator datadog/datadog-operator \
-       --set image.repository=datadog/operator \
-       --set image.tag=latest # you can pin a specific version, see available tags on [Docker Hub][102]
+       --set image.repository=registry.datadoghq.com/operator \
+       --set image.tag=latest
    ```
 
+   You can pin a specific version. To browse available tags, use [Docker Hub][102].
+
 2. Update the Agent image versions in your `datadog-agent.yaml` manifest:
 
    ```yaml
    override:
      nodeAgent:
        image:
-         name: datadog/agent:<NEW_AGENT_VERSION>
+         name: registry.datadoghq.com/agent:<NEW_AGENT_VERSION>
      clusterAgent:
        image:
-         name: datadog/cluster-agent:<NEW_AGENT_VERSION>
+         name: registry.datadoghq.com/cluster-agent:<NEW_AGENT_VERSION>
    ```
 
 3. Apply the updated manifest:

@@ -184,7 +184,7 @@ Install the Datadog Operator version 1.25.0:
 helm repo add datadog https://helm.datadoghq.com
 helm repo update
 helm install datadog-operator datadog/datadog-operator \
-    --set image.repository=datadog/operator \
+    --set image.repository=registry.datadoghq.com/operator \
     --set image.tag=1.25.0
 ```
 

@@ -855,7 +855,7 @@ docker service create \
   --env DD_SECRET_BACKEND_TYPE="docker.secrets" \
   --env DD_SITE="datadoghq.com" \
   --env DD_HOSTNAME="dd-agent" \
-  datadog/agent:latest
+  registry.datadoghq.com/agent:latest
 ```
 
 The secret `dd_api_key` is automatically mounted at `/run/secrets/dd_api_key`, and the Agent reads it using the `docker.secrets` backend.
@@ -869,7 +869,7 @@ version: '3.8'
 
 services:
   datadog:
-    image: datadog/agent:latest
+    image: registry.datadoghq.com/agent:latest
     environment:
       - DD_API_KEY=ENC[dd_api_key]
       - DD_SECRET_BACKEND_TYPE=docker.secrets

@@ -59,7 +59,7 @@ To keep the Datadog Agent updated, edit your `datadog-values.yaml` to remove any
 
 To use a specific container registry, set it with `agent.image.repository` and `clusterChecksRunner.image.repository`. Ensure that `agents.image.tag` and  `clusterChecksRunner.image.tag` are undefined.
 
-The default registry is `gcr.io/datadoghq/agent`.
+When the image repository is unset, the Helm chart derives it from `datadog.site`, cluster type, and `registryMigrationMode`.
 
 ```yaml
 agent:
@@ -143,7 +143,7 @@ spec:
         name: gcr.io/datadoghq/agent:6.33.0
 ```
 
-Use the `spec.global.registry` if you need to change the default registry. The default is `gcr.io/datadoghq`.
+Use `spec.global.registry` if you need to change the registry selected from your Datadog site, cluster type, and `registryMigrationMode`.
 
 Then, pin the Agent 7 image tag in `spec.override.nodeAgent.image.tag`.
 
@@ -279,4 +279,4 @@ datadog_config:
 
 [1]: /agent/versions/upgrade_to_agent_v7/?tab=linux
 [2]: /agent/configuration/agent-configuration-files/#agent-main-configuration-file
-[3]: /agent/configuration/agent-commands/#restart-the-agent
+[3]: /agent/configuration/agent-commands/#restart-the-agent
@@ -763,12 +763,12 @@ For a one-step install, run the following command. Replace `MY_API_KEY` with you
 
 On Amazon Linux v2:
 ```shell
-docker run -d --name dd-agent -v /var/run/docker.sock:/var/run/docker.sock:ro -v /proc/:/host/proc/:ro -v /cgroup/:/host/sys/fs/cgroup:ro -e DD_API_KEY=MY_API_KEY -e DD_SITE="datad0g.com" gcr.io/datadoghq/agent:6
+docker run -d --name dd-agent -v /var/run/docker.sock:/var/run/docker.sock:ro -v /proc/:/host/proc/:ro -v /cgroup/:/host/sys/fs/cgroup:ro -e DD_API_KEY=MY_API_KEY -e DD_SITE="datad0g.com" registry.datadoghq.com/agent:6
 ```
 
 On other operating systems:
 ```shell
-docker run -d --name dd-agent -v /var/run/docker.sock:/var/run/docker.sock:ro -v /proc/:/host/proc/:ro -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro -e DD_API_KEY=MY_API_KEY -e DD_SITE="datad0g.com" gcr.io/datadoghq/agent:6
+docker run -d --name dd-agent -v /var/run/docker.sock:/var/run/docker.sock:ro -v /proc/:/host/proc/:ro -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro -e DD_API_KEY=MY_API_KEY -e DD_SITE="datad0g.com" registry.datadoghq.com/agent:6
 ```
 
 #### Troubleshooting
@@ -1235,4 +1235,4 @@ Alternatively, you can build the Agent binary for version 6 following the [Getti
 [9]: https://github.com/DataDog/dd-agent/wiki/Windows-Agent-Installation
 [10]: /agent/guide/windows-agent-ddagent-user/
 [11]: https://github.com/DataDog/datadog-agent/blob/main/docs/dev/agent_omnibus.md#building-inside-docker-linux-only-recommended
-[12]: https://github.com/DataDog/datadog-agent#getting-started
+[12]: https://github.com/DataDog/datadog-agent#getting-started
@@ -629,7 +629,7 @@ To collect traces over UDS:
 {
     "containerDefinitions": [
         {
-            "image": "datadog/agent:latest",
+            "image": "public.ecr.aws/datadog/agent:latest",
             "mountPoints": [
                 {
                     "containerPath": "/var/run/datadog",

@@ -36,7 +36,7 @@ Datadog publishes container images to the Datadog Container Registry, Google Art
 
 {{% container-images-table %}}
 
-By default, the Helm chart pulls images from Google Artifact Registry (`gcr.io/datadoghq`). The Datadog Operator chart is progressively migrating to the Datadog Container Registry (`registry.datadoghq.com`).
+By default, the Datadog Agent Helm chart determines the Agent image registry from your Datadog site, cluster type, and `registryMigrationMode`. Depending on these values and environment exclusions, Agent images may be pulled from the Datadog Container Registry (`registry.datadoghq.com`) or from a site-specific registry. The Datadog Operator chart is included as a dependency of the Datadog Agent Helm chart by default. As of Datadog Operator chart version 2.19.0, when you install the Operator through that dependency, the Datadog Agent Helm chart's `registryMigrationMode` applies to Agent images managed by the Operator. The Operator Helm chart itself does not define `registryMigrationMode`; the Operator pod image is controlled separately by the Operator chart `image.repository` value.
 
 <div class="alert alert-warning">Docker Hub is subject to image pull rate limits. If you are not a Docker Hub customer, Datadog recommends that you update your Datadog Agent and Cluster Agent configuration to pull from another registry. For instructions, see <a href="/agent/guide/changing_container_registry">Changing your container registry</a>.</div>
 

@@ -299,7 +299,7 @@ If you cannot mount these files in the Agent container (for example, on Amazon E
 For example:
 
 ```Dockerfile
-FROM gcr.io/datadoghq/agent:latest-jmx
+FROM registry.datadoghq.com/agent:latest-jmx
 COPY <PATH_JMX_CONF_FILE> conf.d/tomcat.d/
 COPY <PATH_JMX_METRICS_FILE> conf.d/tomcat.d/
 ```

@@ -27,7 +27,7 @@ When selecting a container registry, Datadog recommends the following approach:
 
 4. **Docker Hub**: Avoid unless you have a Docker Hub subscription, as it is subject to rate limits. Only Docker Hub supports Notary for image signature verification.
 
-<div class="alert alert-info">As of version 2.19.0, the Datadog Operator chart is progressively migrating to the Datadog Container Registry (<code>registry.datadoghq.com</code>).</div>
+<div class="alert alert-info">The Datadog Agent Helm chart determines the default Agent image registry from your Datadog site, cluster type, and <code>registryMigrationMode</code>. The Datadog Operator chart is included as a dependency of the Datadog Agent Helm chart by default. As of Datadog Operator chart version 2.19.0, when you install the Operator through that dependency, the Datadog Agent Helm chart's <code>registryMigrationMode</code> applies to Agent images managed by the Operator. The Operator Helm chart itself does not define <code>registryMigrationMode</code>; the Operator pod image is controlled separately by the Operator chart <code>image.repository</code> value.</div>
 
 To update your registry, update your registry values based on the type of container environment you are deploying on. You can also use a private registry, but you need to [create a pull secret][1] to pull the images.
 
@@ -39,13 +39,13 @@ To update your containers registry, run the pull command for the new registry. T
 
 ## Kubernetes with Helm chart
 
-To update your containers registry while deploying the Datadog Agent (or Datadog Cluster Agent) with the Datadog helm chart on Kubernetes (including GKE, EKS, AKS, and OpenShift) update the `values.yaml` to specify a different registry:
+To update your containers registry while deploying the Datadog Agent (or Datadog Cluster Agent) with the Datadog Helm chart on Kubernetes (including GKE, EKS, AKS, and OpenShift), update the `values.yaml` to specify a different registry:
 
 ### Datadog Helm chart >= v2.7.0
 
-1. Update your `values.yaml`:
+1. Update your `values.yaml`. For example, to use Amazon ECR:
     ```yaml
-    registry: registry.datadoghq.com
+    registry: public.ecr.aws/datadog
     ```
 2. Remove any overrides for `agents.image.repository`, `clusterAgent.image.repository`, or `clusterChecksRunner.image.repository` in the `values.yaml`.
 
@@ -89,11 +89,11 @@ clusterChecksRunner:
 
 ## Kubernetes with the Datadog Operator
 
-As of Operator chart version 2.19.0, the Datadog Operator is migrating to `registry.datadoghq.com` for both the operator image and Agent images it manages. Previously, Agent images were pulled from site-specific registries (`gcr.io/datadoghq`, `eu.gcr.io/datadoghq`, `asia.gcr.io/datadoghq`, or `datadoghq.azurecr.io`). To keep using the previous site-specific registries, set `registryMigrationMode: ""` in your Operator Helm `values.yaml`.
+As of Datadog Operator chart version 2.19.0, when the Operator is installed through the Datadog Agent Helm chart dependency, the Datadog Agent Helm chart's `registryMigrationMode` can use `registry.datadoghq.com` for Agent images managed by the Operator. Earlier versions pulled Agent images from site-specific registries (`gcr.io/datadoghq`, `eu.gcr.io/datadoghq`, `asia.gcr.io/datadoghq`, or `datadoghq.azurecr.io`). To use the previous site-specific registries for Agent images in this deployment path, set `registryMigrationMode: ""` in your Datadog Agent Helm chart `values.yaml`. This setting has no effect when you explicitly set a registry, and it is not a setting in the standalone Operator Helm chart. To use a different registry for the Operator pod image, set `image.repository` in your Operator Helm `values.yaml`.
 
 To update your registry while deploying the Datadog Agent (or Datadog Cluster Agent) with the Datadog Operator:
 
-1. Update the Datadog Agent manifest file to override the default registry (`registry.datadoghq.com`). For example, with `public.ecr.aws/datadog`:
+1. Update the Datadog Agent manifest file to override the resolved registry. For example, with `public.ecr.aws/datadog`:
 ```yaml
 apiVersion: datadoghq.com/v2alpha1
 kind: DatadogAgent
@@ -134,7 +134,7 @@ For more information about the Datadog Operator, see [Deploying an Agent with th
 
 ### Using another container registry with Helm
 
-You can switch from the default `registry.datadoghq.com` registry to another registry, such as `public.ecr.aws/datadog` when installing the Operator with the Helm chart:
+To use another registry for the Operator pod image, such as `public.ecr.aws/datadog`, when installing the standalone Operator Helm chart:
 
 Update [`values.yaml`][6] with the new image:
 

@@ -83,7 +83,7 @@ Create a custom Datadog Agent image with pre-defined volumes for writable direct
 
 1. Create a Dockerfile that extends the Datadog Agent image and declares volumes for required paths:
 ```dockerfile
-FROM gcr.io/datadoghq/agent:latest
+FROM registry.datadoghq.com/agent:latest
 
 VOLUME ["/etc/datadog-agent", "/opt/datadog-agent/run", "/var/run/datadog", "/var/log/datadog"]
 
@@ -153,4 +153,3 @@ Agent flare requires write access to `/tmp/`. If generating flares is important
 [2]: https://docs.aws.amazon.com/eks/latest/best-practices/pod-security.html
 [3]: https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF
 [4]: https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
-
@@ -228,14 +228,14 @@ Datadog publishes container images to the Datadog Container Registry, Google Art
 
 {{% container-images-table %}}
 
-By default, the Helm chart pulls images from Google Artifact Registry (`gcr.io/datadoghq`). The Datadog Operator chart is progressively migrating to the Datadog Container Registry (`registry.datadoghq.com`).
+By default, the Datadog Agent Helm chart determines the Agent image registry from your Datadog site, cluster type, and `registryMigrationMode`. Depending on these values and environment exclusions, Agent images may be pulled from the Datadog Container Registry (`registry.datadoghq.com`) or from a site-specific registry. The Datadog Operator chart is included as a dependency of the Datadog Agent Helm chart by default. As of Datadog Operator chart version 2.19.0, when you install the Operator through that dependency, the Datadog Agent Helm chart's `registryMigrationMode` applies to Agent images managed by the Operator. The Operator Helm chart itself does not define `registryMigrationMode`; the Operator pod image is controlled separately by the Operator chart `image.repository` value.
 
 <div class="alert alert-warning">Docker Hub is subject to image pull rate limits. If you are not a Docker Hub customer, Datadog recommends that you update your Datadog Agent and Cluster Agent configuration to pull from another registry. For instructions, see <a href="/agent/guide/changing_container_registry">Changing your container registry</a>.</div>
 
 {{< tabs >}}
 {{% tab "Datadog Operator" %}}
 
-The Datadog Operator chart is migrating to `registry.datadoghq.com` for both the operator image and Agent images it manages. Previously, Agent images were pulled from site-specific registries (`gcr.io/datadoghq`, `eu.gcr.io/datadoghq`, `asia.gcr.io/datadoghq`, or `datadoghq.azurecr.io`). To keep using the previous site-specific registries, set `registryMigrationMode: ""` in your Operator Helm `values.yaml`.
+As of Datadog Operator chart version 2.19.0, when the Operator is installed through the Datadog Agent Helm chart dependency, the Datadog Agent Helm chart's `registryMigrationMode` can use `registry.datadoghq.com` for Agent images managed by the Operator. Earlier versions pulled Agent images from site-specific registries (`gcr.io/datadoghq`, `eu.gcr.io/datadoghq`, `asia.gcr.io/datadoghq`, or `datadoghq.azurecr.io`). To keep using the previous site-specific registries for Agent images in this deployment path, set `registryMigrationMode: ""` in your Datadog Agent Helm chart `values.yaml`. This setting has no effect when you explicitly set a registry, and it is not a setting in the standalone Operator Helm chart. To use a different registry for the Operator pod image, set `image.repository` in your Operator Helm `values.yaml`.
 
 To use a different container registry, modify `global.registry` in `datadog-agent.yaml`.
 

@@ -189,7 +189,7 @@ docker run -e "DD_API_KEY=${DD_API_KEY}" \
 Labels can also be specified in a `Dockerfile`, so you can build and deploy a custom agent without changing any infrastructure configuration:
 
 ```Dockerfile
-FROM datadog/agent:7.36.1
+FROM registry.datadoghq.com/agent:7.36.1
 
 LABEL "com.datadoghq.ad.check_names"='["mysql"]'
 LABEL "com.datadoghq.ad.init_configs"='[{}]'

@@ -315,7 +315,7 @@ For Postgres 9.6, add the following settings to the instance config where host a
 Labels can also be specified in a `Dockerfile`, so you can build and deploy a custom Agent without changing any infrastructure configuration:
 
 ```Dockerfile
-FROM datadog/agent:<AGENT_VERSION>
+FROM registry.datadoghq.com/agent:<AGENT_VERSION>
 
 LABEL "com.datadoghq.ad.check_names"='["postgres"]'
 LABEL "com.datadoghq.ad.init_configs"='[{}]'

@@ -88,7 +88,7 @@ Container installations must use BCFKS key store format. Use the `keytool` utili
    ```shell
    keytool -keystore java-app-keystore -genkey -alias java-app -dname CN=java-app -validity 365 -keyalg ec -storepass changeit
 
-   docker run --rm -v $(pwd):/ssl datadog/agent:latest-fips-jmx \
+   docker run --rm -v $(pwd):/ssl registry.datadoghq.com/agent:latest-fips-jmx \
      keytool -keystore /ssl/jmxfetch-keystore -genkey -alias jmxfetch -dname CN=jmxfetch -validity 365 -keyalg ec -storepass changeit -keypass changeit
    ```
 
@@ -97,7 +97,7 @@ Container installations must use BCFKS key store format. Use the `keytool` utili
    ```shell
    keytool -keystore java-app-keystore -export -alias java-app -rfc -file java-app-cert.pem -storepass changeit
 
-   docker run --rm -v $(pwd):/ssl datadog/agent:latest-fips-jmx \
+   docker run --rm -v $(pwd):/ssl registry.datadoghq.com/agent:latest-fips-jmx \
      keytool -keystore /ssl/jmxfetch-keystore -export -alias jmxfetch -rfc -file /ssl/jmxfetch-cert.pem -storepass changeit
    ```
 
@@ -106,7 +106,7 @@ Container installations must use BCFKS key store format. Use the `keytool` utili
    ```shell
    keytool -keystore java-app-truststore -import -alias jmxfetch -file jmxfetch-cert.pem -storepass changeit -noprompt
 
-   docker run --rm -v $(pwd):/ssl datadog/agent:latest-fips-jmx \
+   docker run --rm -v $(pwd):/ssl registry.datadoghq.com/agent:latest-fips-jmx \
      keytool -keystore /ssl/jmxfetch-truststore -import -alias java-app -file /ssl/java-app-cert.pem -storepass changeit -noprompt
    ```
 

@@ -152,7 +152,7 @@ When enabling additional Datadog features, always use the Datadog or OpenTelemet
 
 **Note**: As of operator `v1.22.0`, the DDOT container uses the `ddot-collector` image instead of the `-full` agent image.
 - When overriding the node agent image tag, use a tag >= `7.67.0` so the OTel container is scheduled (the `ddot-collector` image is only supported in >= `7.67.0`).
-- The `ddot-collector` image has no `-full` variant. If you need a `-full` image, set `spec.override.nodeAgent.image.name` to a full agent image (for example, `gcr.io/datadoghq/agent:7.72.1-full`).
+- The `ddot-collector` image has no `-full` variant. If you need a `-full` image, set `spec.override.nodeAgent.image.name` to a full agent image (for example, `registry.datadoghq.com/agent:7.72.1-full`).
 
 [1]: /getting_started/site
 [2]: /containers/guide/changing_container_registry/

@@ -43,7 +43,7 @@ spec:
            mountPath: "/cws-instrumentation-volume"
            readOnly: true
      - name: datadog-agent
-       image: datadog/agent:latest 
+       image: public.ecr.aws/datadog/agent:latest
        env:
          - name: DD_API_KEY
            value: "<DD_API_KEY>"
@@ -64,4 +64,4 @@ spec:
        - name: cws-instrumentation-volume
      serviceAccountName: datadog-agent
      shareProcessNamespace: true
-```
+```
@@ -33,7 +33,7 @@ docker run -e "DD_API_KEY=${DD_API_KEY}" \
       }]
     }
   }' \
-  datadog/agent:${DD_AGENT_VERSION}
+  registry.datadoghq.com/agent:${DD_AGENT_VERSION}
 ```
 
 ### Validate

@@ -24,7 +24,7 @@ docker run -e "DD_API_KEY=${DD_API_KEY}" \
       "env:<CUSTOM_ENV>"
     ]
   }]' \
-  gcr.io/datadoghq/agent:${DD_AGENT_VERSION}
+  registry.datadoghq.com/agent:${DD_AGENT_VERSION}
 ```
 
 Use the `service` and `env` tags to link your database telemetry to other telemetry through a common tagging scheme. See [Unified Service Tagging][3] on how these tags are used throughout Datadog.
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,7 +33,7 @@ docker run -e "DD_API_KEY=${DD_API_KEY}" \ @@
           }]
         }
       }' \
-      datadog/agent:${DD_AGENT_VERSION}
+      registry.datadoghq.com/agent:${DD_AGENT_VERSION}
     ```
     ### Validate
@@ Expand Down @@