Skip to content

Instantly share code, notes, and snippets.

@scottzilla

scottzilla/README.md

Last active January 3, 2019 17:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save scottzilla/433b1d8fa7558e747371aa8dcf96aae3 to your computer and use it in GitHub Desktop.
Save scottzilla/433b1d8fa7558e747371aa8dcf96aae3 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes (K8s) w/ RBAC Manifests - DataDog Cluster Agent
Raw
README.md

This gist contains manifests to deploy the datadog cluster agent to an RBAC enabled Kubernetes cluster using a deployment.

Raw
deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: datadog-cluster-agent
namespace: monitoring
spec:
template:
metadata:
labels:
app: datadog-cluster-agent
name: datadog-agent
annotations:
ad.datadoghq.com/datadog-cluster-agent.check_names: '["prometheus"]'
ad.datadoghq.com/datadog-cluster-agent.init_configs: '[{}]'
ad.datadoghq.com/datadog-cluster-agent.instances: '[{"prometheus_url": "http://%%host%%:5000/metrics","namespace": "datadog.cluster_agent","metrics": ["go_goroutines","go_memstats_*","process_*","api_requests","datadog_requests","external_metrics"]}]'
spec:
serviceAccountName: datadog-cluster-agent
containers:
- image: datadog/cluster-agent:latest
imagePullPolicy: Always
name: datadog-cluster-agent
env:
- {name: DD_API_KEY, value: "<API_KEY>"}
- {name: DD_KUBE_RESOURCES_NAMESPACE, value: "monitoring"}
# Optionally reference an APP KEY for the External Metrics Provider.
# - name: DD_APP_KEY
# value: '<YOUR_APP_KEY>'
- {name: DD_COLLECT_KUBERNETES_EVENTS, value: "true"}
- {name: DD_LEADER_ELECTION, value: "true"}
- {name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED, value: "true"}
- name: DD_CLUSTER_AGENT_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: datadog-auth-token
key: token
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "256Mi"
cpu: "200m"
Raw
rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: datadog-cluster-agent
rules:
- apiGroups:
- ""
resources:
- services
- events
- endpoints
- pods
- nodes
- componentstatuses
verbs:
- get
- list
- watch
- apiGroups:
- "autoscaling"
resources:
- horizontalpodautoscalers
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- datadogtoken # Kubernetes event collection state
- datadog-leader-election # Leader election token
verbs:
- get
- update
- apiGroups: # To create the leader election token
- ""
resources:
- configmaps
verbs:
- create
- get
- update
- nonResourceURLs:
- "/version"
- "/healthz"
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datadog-cluster-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datadog-cluster-agent
subjects:
- kind: ServiceAccount
name: datadog-cluster-agent
namespace: monitoring
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: datadog-cluster-agent
namespace: monitoring
Raw
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: datadog-auth-token
namespace: monitoring
type: Opaque
data:
token: <Base64 encoded alphanumeric string that is a minimum of 32 characters>
Raw
service.yaml
apiVersion: v1
kind: Service
metadata:
name: datadog-cluster-agent
namespace: monitoring
labels:
app: datadog-cluster-agent
spec:
ports:
- port: 5005 # Has to be the same as the one exposed in the DCA. Default is 5005.
protocol: TCP
selector:
app: datadog-cluster-agent
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment