Last active
March 9, 2018 18:14
-
-
Save DD-ScottBeamish/2620a8cdd1c816afd553f64740d604db to your computer and use it in GitHub Desktop.
K8S + RBAC + AutoDisco + ConfigMap + Separate Namespaces
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
name: datadog-agent | |
spec: | |
selector: | |
matchLabels: | |
name: datadog-agent | |
template: | |
metadata: | |
labels: | |
app: datadog-agent | |
name: datadog-agent | |
name: datadog-agent | |
spec: | |
nodeSelector: | |
label: local | |
spec: | |
serviceAccountName: datadog | |
containers: | |
- image: datadog/agent:latest | |
imagePullPolicy: Always | |
name: datadog-agent | |
ports: | |
- containerPort: 8125 | |
name: dogstatsdport | |
protocol: UDP | |
- containerPort: 8126 | |
name: traceport | |
protocol: TCP | |
env: | |
- name: DD_API_KEY | |
value: <YOUR_API_KEY> | |
- name: DD_COLLECT_KUBERNETES_EVENTS | |
value: "true" | |
- name: DD_LEADER_ELECTION | |
value: "true" | |
- name: KUBERNETES | |
value: "yes" | |
- name: DD_KUBERNETES_KUBELET_HOST | |
valueFrom: | |
fieldRef: | |
fieldPath: status.hostIP | |
resources: | |
requests: | |
memory: "128Mi" | |
cpu: "100m" | |
limits: | |
memory: "512Mi" | |
cpu: "250m" | |
volumeMounts: | |
- name: dockersocket | |
mountPath: /var/run/docker.sock | |
- name: procdir | |
mountPath: /host/proc | |
readOnly: true | |
- name: cgroups | |
mountPath: /host/sys/fs/cgroup | |
readOnly: true | |
- name: datadog-agent-config | |
mountPath: /etc/datadog-agent/conf.d/mysql.d | |
subPath: mysql.d | |
livenessProbe: | |
exec: | |
command: | |
- ./probe.sh | |
initialDelaySeconds: 15 | |
periodSeconds: 5 | |
volumes: | |
- hostPath: | |
path: /run/docker.sock | |
name: dockersocket | |
- hostPath: | |
path: /proc | |
name: procdir | |
- hostPath: | |
path: /sys/fs/cgroup | |
name: cgroups | |
- name: datadog-agent-config | |
configMap: | |
name: datadog-agent-config | |
items: | |
- key: mysql-autoconf.yaml | |
path: mysql-autoconf.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Your admin user needs the same permissions to be able to grant them | |
# Easiest way is to bind your user to the cluster-admin role | |
# See https://cloud.google.com/container-engine/docs/role-based-access-control#setting_up_role-based_access_control | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: datadog | |
subjects: | |
- kind: ServiceAccount | |
name: datadog | |
namespace: default | |
roleRef: | |
kind: ClusterRole | |
name: datadog | |
apiGroup: rbac.authorization.k8s.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: datadog | |
rules: | |
- nonResourceURLs: | |
- "/version" # Used to get apiserver version metadata | |
- "/healthz" # Healthcheck | |
verbs: ["get"] | |
- apiGroups: [""] | |
resources: | |
- "nodes" | |
- "namespaces" # | |
- "events" # Cluster events + kube_service cache invalidation | |
- "services" # kube_service tag | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: | |
- "configmaps" | |
resourceNames: ["datadog-leader-elector"] | |
verbs: ["get", "delete", "update"] | |
- apiGroups: [""] | |
resources: | |
- "configmaps" | |
verbs: ["create"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: datadog-agent-config | |
namespace: default | |
data: | |
mysql-autoconf.yaml: |- | |
init_config: | |
instances: | |
- server: %%host%% | |
port: %%port%% | |
--- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# You need to use that account for your dd-agent DaemonSet | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: datadog | |
automountServiceAccountToken: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: mysql | |
annotations: | |
service-discovery.datadoghq.com/mysql.check_names: '["mysql"]' | |
service-discovery.datadoghq.com/mysql.init_configs: '[{}]' | |
service-discovery.datadoghq.com/mysql.instances: '[{"server":"%%host%%","port":"%%port%%","user":"root","pass":"different"}]' | |
spec: | |
containers: | |
- image: mysql | |
name: mysql | |
ports: | |
- containerPort: 3306 | |
name: mysqlport | |
protocol: TCP | |
env: | |
- name: MYSQL_ROOT_PASSWORD | |
value: different |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: mysql | |
annotations: | |
service-discovery.datadoghq.com/mysql.check_names: '["mysql"]' | |
service-discovery.datadoghq.com/mysql.init_configs: '[{}]' | |
service-discovery.datadoghq.com/mysql.instances: '[{"server":"%%host%%","port":"%%port%%","user":"root","pass":"abc123"}]' | |
spec: | |
containers: | |
- image: mysql | |
name: mysql | |
ports: | |
- containerPort: 3306 | |
name: mysqlport | |
protocol: TCP | |
env: | |
- name: MYSQL_ROOT_PASSWORD | |
value: abc123 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"kind": "Namespace", | |
"apiVersion": "v1", | |
"metadata": { | |
"name": "dev", | |
"labels": { | |
"name": "dev" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"kind": "Namespace", | |
"apiVersion": "v1", | |
"metadata": { | |
"name": "prod", | |
"labels": { | |
"name": "prod" | |
} | |
} | |
} |
Wow those are my docs reused :P
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Installing the Container via DaemonSet
kubectl create -f datadog-service-account.yaml
kubectl create -f datadog-cluster-role.yaml
kubectl create -f datadog-cluster-role-binding.yaml
kubectl create -f datadog-config-map.yaml
kubectl create --namespace=default -f datadog-agent-daemonset.yaml
kubectl create -f namespace-dev.json
kubectl create -f namespace-prod.json
kubectl create --namespace=dev -f mysql-dev.yaml
kubectl create --namespace=prod -f mysql-prod.yaml