Created
July 17, 2018 16:02
-
-
Save DD-ScottBeamish/01896349b7f5110b668f4e97f7c5eca6 to your computer and use it in GitHub Desktop.
k8s 1.10 + RBAC + TLS_VERIFY=false
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
name: datadog-agent | |
spec: | |
template: | |
metadata: | |
labels: | |
app: datadog-agent | |
name: datadog-agent | |
spec: | |
serviceAccountName: datadog-agent | |
containers: | |
- image: datadog/agent:latest | |
imagePullPolicy: Always | |
name: datadog-agent | |
ports: | |
- containerPort: 8125 | |
name: dogstatsdport | |
protocol: UDP | |
env: | |
- name: DD_API_KEY | |
value: YOUR_API_KEY | |
- name: KUBERNETES | |
value: "yes" | |
- name: DD_KUBERNETES_KUBELET_HOST | |
valueFrom: | |
fieldRef: | |
fieldPath: status.hostIP | |
#fieldPath: spec.nodeName | |
- name: DD_KUBELET_TLS_VERIFY | |
value: "false" | |
resources: | |
requests: | |
memory: "128Mi" | |
cpu: "100m" | |
limits: | |
memory: "512Mi" | |
cpu: "250m" | |
volumeMounts: | |
- name: dockersocket | |
mountPath: /var/run/docker.sock | |
- name: procdir | |
mountPath: /host/proc | |
readOnly: true | |
- name: cgroups | |
mountPath: /host/sys/fs/cgroup | |
readOnly: true | |
- name: tomcat-config | |
mountPath: /conf.d | |
livenessProbe: | |
exec: | |
command: | |
- ./probe.sh | |
initialDelaySeconds: 15 | |
periodSeconds: 5 | |
volumes: | |
- hostPath: | |
path: /var/run/docker.sock | |
name: dockersocket | |
- hostPath: | |
path: /proc | |
name: procdir | |
- hostPath: | |
path: /sys/fs/cgroup | |
name: cgroups | |
- name: tomcat-config | |
configMap: | |
name: datadog-config | |
items: | |
- key: tomcat-autoconf.yaml | |
path: tomcat-autoconf.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: datadog-agent | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- services | |
- events | |
- endpoints | |
- pods | |
- nodes | |
- componentstatuses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
resourceNames: | |
- datadogtoken # Kubernetes event collection state | |
- datadog-leader-election # Leader election token | |
verbs: | |
- get | |
- update | |
- apiGroups: # To create the leader election token | |
- "" | |
resources: | |
- configmaps | |
verbs: | |
- create | |
- nonResourceURLs: | |
- "/version" | |
- "/healthz" | |
verbs: | |
- get | |
- apiGroups: # Kubelet connectivity | |
- "" | |
resources: | |
- nodes/metrics | |
- nodes/spec | |
- nodes/proxy | |
verbs: | |
- get | |
--- | |
# You need to use that account for your dd-agent DaemonSet | |
kind: ServiceAccount | |
apiVersion: v1 | |
metadata: | |
name: datadog-agent | |
namespace: default | |
--- | |
# Your admin user needs the same permissions to be able to grant them | |
# Easiest way is to bind your user to the cluster-admin role | |
# See https://cloud.google.com/container-engine/docs/role-based-access-control#setting_up_role-based_access_control | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: datadog-agent | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: datadog-agent | |
subjects: | |
- kind: ServiceAccount | |
name: datadog-agent | |
namespace: default |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is used to get past the "Unable to connect to kubelet URL automatically".
There are 2 changes made to overcome this error.