scottzilla/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This gist contains manifests to deploy the datadog agent to an RBAC enabled Kubernetes cluster using a daemonset.

  
## configmap.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: datadog-agent-config
  namespace: monitoring
data:
  datadog-yaml: |-
    clustername: <CLUSTER_NAME_OR_IDENTIFIER>
    health_port: 5555
    listeners:
      - name: kubelet
      - name: docker
    config_providers:
      - name: kubelet
        polling: true
      - name: docker
        polling: true
    logs_enabled: true
    logs_config:
      container_collect_all: true
    process_config:
      enabled: true
#     apm_config:
#       enabled: true
#       env: <CLUSTER_NAME_OR_IDENTIFIER>
#       apm_non_local_traffic: true
#       receiver_port: 8126
#       ignore_resources: [
#         "(GET|POST) /healthz",
#         "(GET|POST) /health",
#         "(GET|POST) /ready"
#       ]
#       analyzed_spans:

    tags:
      - env:<CLUSTER_NAME_OR_IDENTIFIER>
    log_level: info
    collect_kubernetes_events: false
    kubernetes_pod_labels_as_tags:
      app: app
    # pod-template-hash: +kube_pod-template-hash
    dogstatsd_non_local_traffic: true
    exclude_pause_container: true
    check_runners: 10  # default is 4(?), worth observing
  disk.d-config: |-
    init_config:

    instances:
      - use_mount: false
        excluded_filesystems:
          - autofs
          - /proc/sys/fs/binfmt_misc
  journal.d-config: |-
    logs:
      - type: journald
        path: /host/rootfs/var/log/journal/
        source: journal.d
        sourcecategory: host
        exclude_units:
          - proc-sys-fs-binfmt_misc.automount

## daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: datadog-agent
  namespace: monitoring
spec:
  selector:
    matchLabels:
      app: datadog-agent
  template:
    metadata:
      labels:
        app: datadog-agent
      name: datadog-agent
    spec:
      serviceAccountName: datadog-agent
      containers:
      - image: datadog/agent:latest
        imagePullPolicy: Always
        name: datadog-agent
        securityContext:
          capabilities:
            add:
            - SYS_PTRACE
        ports:
          # custom metrics; use library in app
          # - {containerPort: 8125, hostPort: 8125, name: dogstatsdport, protocol: UDP}
          # - {containerPort: 8126, hostPort: 8126, name: traceport, protocol: TCP}
        env:
          - {name: DD_API_KEY, value: "<API_KEY>"}
          - {name: KUBERNETES, value: "true"}
          - {name: DD_CLUSTER_AGENT_ENABLED, value: "true"}
          - name: DD_CLUSTER_AGENT_AUTH_TOKEN
            valueFrom:
              secretKeyRef:
                name: datadog-auth-token
                key: token
          - name: DD_KUBERNETES_KUBELET_HOST
            valueFrom:
              fieldRef:
                fieldPath: status.hostIP
        resources:
          requests:
            memory: "256Mi"
            cpu: "200m"
          limits:
            memory: "256Mi"
            cpu: "200m"
        volumeMounts:
          - {name: dockersocket, mountPath: /var/run/docker.sock}
          - {name: procdir, mountPath: /host/proc, readOnly: true}
          - {name: cgroups, mountPath: /host/sys/fs/cgroup, readOnly: true}
          - {name: s6-run, mountPath: /var/run/s6}
          - {name: passwd, mountPath: /etc/passwd, readOnly: true}
          - {name: hostfs, mountPath: /host/rootfs, readOnly: true}
          - {name: datadog-agent-config, mountPath: /etc/datadog-agent/datadog.yaml, subPath: datadog.yaml}
          - {name: datadog-agent-config, mountPath: /etc/datadog-agent/conf.d/disk.d/conf.yaml, subPath: conf.yaml}
          - {name: datadog-agent-config, mountPath: /etc/datadog-agent/conf.d/journal.d/conf.yaml, subPath: conf.yaml}
        livenessProbe:
          exec:
            command:
            - ./probe.sh
          initialDelaySeconds: 15
          periodSeconds: 5
      volumes:
        - {name: dockersocket, hostPath: {path: /var/run/docker.sock}}
        - {name: procdir, hostPath: {path: /proc}}
        - {name: cgroups, hostPath: {path: /sys/fs/cgroup}}
        - {name: s6-run, emptyDir: {}}
        - {name: pointerdir, hostPath: {path: /opt/datadog-agent/run}}
        - {name: passwd, hostPath: {path: /etc/passwd}}
        - {name: hostfs, hostPath: {path: /}}
        - name: datadog-agent-config
          configMap:
            name: datadog-agent-config
            items:
              - key: datadog-yaml
                path: datadog.yaml
              - key: disk.d-config
                path: conf.yaml
              - key: journal.d-config
                path: conf.yaml

## rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: datadog-agent
rules:
- apiGroups:  # This is required by the agent to query the Kubelet API.
  - ""
  resources:
  - nodes/metrics
  - nodes/spec
  - nodes/proxy # Required to get /pods
  verbs:
  - get
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: datadog-agent
  namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: datadog-agent
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datadog-agent
subjects:
- kind: ServiceAccount
  name: datadog-agent
  namespace: monitoring
	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: datadog-agent-config
	namespace: monitoring
	data:
	datadog-yaml: \|-
	clustername: <CLUSTER_NAME_OR_IDENTIFIER>
	health_port: 5555
	listeners:
	- name: kubelet
	- name: docker
	config_providers:
	- name: kubelet
	polling: true
	- name: docker
	polling: true
	logs_enabled: true
	logs_config:
	container_collect_all: true
	process_config:
	enabled: true
	# apm_config:
	# enabled: true
	# env: <CLUSTER_NAME_OR_IDENTIFIER>
	# apm_non_local_traffic: true
	# receiver_port: 8126
	# ignore_resources: [
	# "(GET\|POST) /healthz",
	# "(GET\|POST) /health",
	# "(GET\|POST) /ready"
	# ]
	# analyzed_spans:

	tags:
	- env:<CLUSTER_NAME_OR_IDENTIFIER>
	log_level: info
	collect_kubernetes_events: false
	kubernetes_pod_labels_as_tags:
	app: app
	# pod-template-hash: +kube_pod-template-hash
	dogstatsd_non_local_traffic: true
	exclude_pause_container: true
	check_runners: 10 # default is 4(?), worth observing
	disk.d-config: \|-
	init_config:

	instances:
	- use_mount: false
	excluded_filesystems:
	- autofs
	- /proc/sys/fs/binfmt_misc
	journal.d-config: \|-
	logs:
	- type: journald
	path: /host/rootfs/var/log/journal/
	source: journal.d
	sourcecategory: host
	exclude_units:
	- proc-sys-fs-binfmt_misc.automount
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: datadog-agent
	namespace: monitoring
	spec:
	selector:
	matchLabels:
	app: datadog-agent
	template:
	metadata:
	labels:
	app: datadog-agent
	name: datadog-agent
	spec:
	serviceAccountName: datadog-agent
	containers:
	- image: datadog/agent:latest
	imagePullPolicy: Always
	name: datadog-agent
	securityContext:
	capabilities:
	add:
	- SYS_PTRACE
	ports:
	# custom metrics; use library in app
	# - {containerPort: 8125, hostPort: 8125, name: dogstatsdport, protocol: UDP}
	# - {containerPort: 8126, hostPort: 8126, name: traceport, protocol: TCP}
	env:
	- {name: DD_API_KEY, value: "<API_KEY>"}
	- {name: KUBERNETES, value: "true"}
	- {name: DD_CLUSTER_AGENT_ENABLED, value: "true"}
	- name: DD_CLUSTER_AGENT_AUTH_TOKEN
	valueFrom:
	secretKeyRef:
	name: datadog-auth-token
	key: token
	- name: DD_KUBERNETES_KUBELET_HOST
	valueFrom:
	fieldRef:
	fieldPath: status.hostIP
	resources:
	requests:
	memory: "256Mi"
	cpu: "200m"
	limits:
	memory: "256Mi"
	cpu: "200m"
	volumeMounts:
	- {name: dockersocket, mountPath: /var/run/docker.sock}
	- {name: procdir, mountPath: /host/proc, readOnly: true}
	- {name: cgroups, mountPath: /host/sys/fs/cgroup, readOnly: true}
	- {name: s6-run, mountPath: /var/run/s6}
	- {name: passwd, mountPath: /etc/passwd, readOnly: true}
	- {name: hostfs, mountPath: /host/rootfs, readOnly: true}
	- {name: datadog-agent-config, mountPath: /etc/datadog-agent/datadog.yaml, subPath: datadog.yaml}
	- {name: datadog-agent-config, mountPath: /etc/datadog-agent/conf.d/disk.d/conf.yaml, subPath: conf.yaml}
	- {name: datadog-agent-config, mountPath: /etc/datadog-agent/conf.d/journal.d/conf.yaml, subPath: conf.yaml}
	livenessProbe:
	exec:
	command:
	- ./probe.sh
	initialDelaySeconds: 15
	periodSeconds: 5
	volumes:
	- {name: dockersocket, hostPath: {path: /var/run/docker.sock}}
	- {name: procdir, hostPath: {path: /proc}}
	- {name: cgroups, hostPath: {path: /sys/fs/cgroup}}
	- {name: s6-run, emptyDir: {}}
	- {name: pointerdir, hostPath: {path: /opt/datadog-agent/run}}
	- {name: passwd, hostPath: {path: /etc/passwd}}
	- {name: hostfs, hostPath: {path: /}}
	- name: datadog-agent-config
	configMap:
	name: datadog-agent-config
	items:
	- key: datadog-yaml
	path: datadog.yaml
	- key: disk.d-config
	path: conf.yaml
	- key: journal.d-config
	path: conf.yaml
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: datadog-agent
	rules:
	- apiGroups: # This is required by the agent to query the Kubelet API.
	- ""
	resources:
	- nodes/metrics
	- nodes/spec
	- nodes/proxy # Required to get /pods
	verbs:
	- get
	---
	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: datadog-agent
	namespace: monitoring
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: datadog-agent
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: datadog-agent
	subjects:
	- kind: ServiceAccount
	name: datadog-agent
	namespace: monitoring