DD-ScottBeamish/dd-agent.yaml

## dd-agent.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: datadog-agent
spec:
  template:
    metadata:
      labels:
        app: datadog-agent
      name: datadog-agent
    spec:
      serviceAccountName: datadog-agent
      containers:
      - image: datadog/agent:latest
        imagePullPolicy: Always
        name: datadog-agent
        ports:
          - containerPort: 8125
            name: dogstatsdport
            protocol: UDP
        env:
          - name: DD_API_KEY
            value: YOUR_API_KEY
          - name: KUBERNETES
            value: "yes"
          - name: DD_KUBERNETES_KUBELET_HOST
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
                #fieldPath: spec.nodeName
          - name: DD_KUBELET_TLS_VERIFY
            value: "false"
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "512Mi"
            cpu: "250m"
        volumeMounts:
          - name: dockersocket
            mountPath: /var/run/docker.sock
          - name: procdir
            mountPath: /host/proc
            readOnly: true
          - name: cgroups
            mountPath: /host/sys/fs/cgroup
            readOnly: true
          - name: tomcat-config
            mountPath: /conf.d
        livenessProbe:
          exec:
            command:
            - ./probe.sh
          initialDelaySeconds: 15
          periodSeconds: 5
      volumes:
        - hostPath:
            path: /var/run/docker.sock
          name: dockersocket
        - hostPath:
            path: /proc
          name: procdir
        - hostPath:
            path: /sys/fs/cgroup
          name: cgroups
        - name: tomcat-config
          configMap:
            name: datadog-config
            items:
            - key: tomcat-autoconf.yaml
              path: tomcat-autoconf.yaml

## rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: datadog-agent
rules:
- apiGroups:
  - ""
  resources:
  - services
  - events
  - endpoints
  - pods
  - nodes
  - componentstatuses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  resourceNames:
  - datadogtoken             # Kubernetes event collection state
  - datadog-leader-election  # Leader election token
  verbs:
  - get
  - update
- apiGroups:  # To create the leader election token
  - ""
  resources:
  - configmaps
  verbs:
  - create
- nonResourceURLs:
  - "/version"
  - "/healthz"
  verbs:
  - get
- apiGroups:  # Kubelet connectivity
  - ""
  resources:
  - nodes/metrics
  - nodes/spec
  - nodes/proxy
  verbs:
  - get
---
# You need to use that account for your dd-agent DaemonSet
kind: ServiceAccount
apiVersion: v1
metadata:
  name: datadog-agent
  namespace: default
---
# Your admin user needs the same permissions to be able to grant them
# Easiest way is to bind your user to the cluster-admin role
# See https://cloud.google.com/container-engine/docs/role-based-access-control#setting_up_role-based_access_control
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: datadog-agent
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datadog-agent
subjects:
- kind: ServiceAccount
  name: datadog-agent
  namespace: default
	apiVersion: extensions/v1beta1
	kind: DaemonSet
	metadata:
	name: datadog-agent
	spec:
	template:
	metadata:
	labels:
	app: datadog-agent
	name: datadog-agent
	spec:
	serviceAccountName: datadog-agent
	containers:
	- image: datadog/agent:latest
	imagePullPolicy: Always
	name: datadog-agent
	ports:
	- containerPort: 8125
	name: dogstatsdport
	protocol: UDP
	env:
	- name: DD_API_KEY
	value: YOUR_API_KEY
	- name: KUBERNETES
	value: "yes"
	- name: DD_KUBERNETES_KUBELET_HOST
	valueFrom:
	fieldRef:
	fieldPath: status.hostIP
	#fieldPath: spec.nodeName
	- name: DD_KUBELET_TLS_VERIFY
	value: "false"
	resources:
	requests:
	memory: "128Mi"
	cpu: "100m"
	limits:
	memory: "512Mi"
	cpu: "250m"
	volumeMounts:
	- name: dockersocket
	mountPath: /var/run/docker.sock
	- name: procdir
	mountPath: /host/proc
	readOnly: true
	- name: cgroups
	mountPath: /host/sys/fs/cgroup
	readOnly: true
	- name: tomcat-config
	mountPath: /conf.d
	livenessProbe:
	exec:
	command:
	- ./probe.sh
	initialDelaySeconds: 15
	periodSeconds: 5
	volumes:
	- hostPath:
	path: /var/run/docker.sock
	name: dockersocket
	- hostPath:
	path: /proc
	name: procdir
	- hostPath:
	path: /sys/fs/cgroup
	name: cgroups
	- name: tomcat-config
	configMap:
	name: datadog-config
	items:
	- key: tomcat-autoconf.yaml
	path: tomcat-autoconf.yaml
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: datadog-agent
	rules:
	- apiGroups:
	- ""
	resources:
	- services
	- events
	- endpoints
	- pods
	- nodes
	- componentstatuses
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- ""
	resources:
	- configmaps
	resourceNames:
	- datadogtoken # Kubernetes event collection state
	- datadog-leader-election # Leader election token
	verbs:
	- get
	- update
	- apiGroups: # To create the leader election token
	- ""
	resources:
	- configmaps
	verbs:
	- create
	- nonResourceURLs:
	- "/version"
	- "/healthz"
	verbs:
	- get
	- apiGroups: # Kubelet connectivity
	- ""
	resources:
	- nodes/metrics
	- nodes/spec
	- nodes/proxy
	verbs:
	- get
	---
	# You need to use that account for your dd-agent DaemonSet
	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: datadog-agent
	namespace: default
	---
	# Your admin user needs the same permissions to be able to grant them
	# Easiest way is to bind your user to the cluster-admin role
	# See https://cloud.google.com/container-engine/docs/role-based-access-control#setting_up_role-based_access_control
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: datadog-agent
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: datadog-agent
	subjects:
	- kind: ServiceAccount
	name: datadog-agent
	namespace: default