Install the Datadog CSI driver on kubernetes

문서 > 컨테이너 모니터링 > 쿠버네티스(Kubernetes) > Install the Datadog CSI driver on kubernetes

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

This page provides an overview of the Datadog CSI driver and installation instructions on a kubernetes cluster.

More information about Kubernetes Container Storage Interface (CSI) can be found here.

CSI Driver is not supported on windows.

Introduction

Datadog CSI driver is a daemonset that runs a GRPC server implementing the CSI specfications on each node of your kubernetes cluster.

Installing Datadog CSI driver on a kubernetes cluster allows users to leverage CSI volumes by specifying the datadog’s driver name.

The Datadog CSI node server will be responsible for managing Datadog CSI’s volume lifecycle.

How It Works

Datadog CSI driver allows the agent to share the trace agent and dogstatsd Unix Domain Sockets with user pods regardless of the pods’ namespace pod security standards.

If CSI volumes are not used, the UDS sockets need to be shared with the user pod via hostpath volumes. If the user pod is running in a namespace having a non-privileged pod security standard, the pod will fail to start because hostpath volumes are not permitted in such contexts.

Datadog CSI driver shifts the hostpath volume from the user application to the CSI node server; the CSI daemonset runs in a separate privileged namespace and allows injecting UDS sockets into user pods with a Datadog CSI volume, allowing user pods to run in namespaces with baselinne or restricted pod security standards.

Installation

Datadog CSI driver can be installed using the public helm chart.

Requires Helm.

CSI driver needs to run with privileged security context in order to mount volumes from the host file system to the user pods.

Add the Datadog CSI Helm repository

Run:

helm repo add datadog-csi-driver https://helm.datadoghq.com
helm repo update

Deploy Datadog CSI Driver

Run:

helm install datadog-csi-driver datadog/datadog-csi-driver

Unprivileged installation

To run an unprivileged installation, add the following to datadog-agent.yaml:

apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  global:
    clusterName: <CLUSTER_NAME>
    site: <DATADOG_SITE>
    credentials:
      apiSecret:
        secretName: datadog-secret
        keyName: api-key
agent:
  config:
    securityContext:
      runAsUser: <USER_ID>
      supplementalGroups:
        - <GROUP_ID>

Replace <USER_ID> with the UID to run the Datadog Agent. Datadog recommends setting this value to 100 since Datadog Agent v7.48+.
Replace <GROUP_ID> with the group ID that owns the Docker or containerd socket.

Then, deploy the Agent:

kubectl apply -f datadog-agent.yaml

To run an unprivileged installation, add the following to your datadog-values.yaml file:

datadog:
  apiKeyExistingSecret: datadog-secret
  site: <DATADOG_SITE>
  securityContext:
      runAsUser: <USER_ID>
      supplementalGroups:
        - <GROUP_ID>

Replace <USER_ID> with the UID to run the Datadog Agent.
Replace <GROUP_ID> with the group ID that owns the Docker or containerd socket.

Then, deploy the Agent:

helm install datadog-agent -f datadog-values.yaml datadog/datadog