Getting Started with the Datadog Operator
The Datadog Operator is an open source Kubernetes Operator that enables you to deploy and configure the Datadog Agent in a Kubernetes environment. This guide describes how to use the Operator to deploy the Datadog Agent.
Prerequisites
- Kubernetes v1.20.X+
- Helm for deploying the Datadog Operator
- The Kubernetes command-line tool, kubectl, for installing the Datadog Agent
Installation and deployment
- Install the Datadog Operator with Helm:
helm repo add datadog https://helm.datadoghq.com
helm install my-datadog-operator datadog/datadog-operator
- Create a Kubernetes secret with your API key:
kubectl create secret generic datadog-secret --from-literal api-key=<DATADOG_API_KEY>
Replace <DATADOG_API_KEY>
with your Datadog API key.
Note: Add an application key for autoscaling using the external metrics server by adding --from-literal app-key=<DATADOG_APP_KEY>
- Create a
datadog-agent.yaml
file with the spec of your DatadogAgent
deployment configuration. The following sample configuration enables metrics, logs, and APM:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
global:
site: datadoghq.com
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
features:
apm:
enabled: true
logCollection:
enabled: true
Note: Make sure to set site
to the Datadog site you are using (for instance, datadoghq.eu
).
For all configuration options, see the Operator configuration spec.
- Deploy the Datadog Agent:
kubectl apply -f /path/to/your/datadog-agent.yaml
Running Agents in a single container
Available in Operator v1.4.0 or later
By default, the Datadog Operator creates an Agent DaemonSet with pods running multiple Agent containers. Datadog Operator v1.4.0 introduces a configuration which allows users to run Agents in a single container. In order to avoid elevating privileges for all Agents in the single container, this feature is only applicable when system-probe
or security-agent
is not required. For more details, see Running as an unprivileged user on the Agent Data Security page.
To enable this feature add global.containerStrategy: single
to the DatadogAgent
manifest:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
global:
containerStrategy: single
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
features:
apm:
enabled: true
logCollection:
enabled: true
With the above configuration, Agent pods run as single containers with three Agent processes. The default for
global.containerStrategy
is
optimized
and runs each Agent process in a separate container.
Note: Running multiple Agent processes in a single container is discouraged in orchestrated environments such as Kubernetes. Pods running multiple processes need their lifecycles to be managed by a process manager, which is not directly controllable by Kubernetes and potentially leads to inconsistencies or conflicts in the container lifecycle management.
Validation
Use kubectl get daemonset
and kubectl get pod -owide
to validate your installation.
In a cluster with two worker Nodes, you should see Agent Pods created on each Node:
$ kubectl get daemonset
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
datadog-agent 2 2 2 2 2 <none> 5m30s
$ kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE
agent-datadog-operator-d897fc9b-7wbsf 1/1 Running 0 1h 10.244.2.11 kind-worker
datadog-agent-k26tp 1/1 Running 0 5m59s 10.244.2.13 kind-worker
datadog-agent-zcxx7 1/1 Running 0 5m59s 10.244.1.7 kind-worker2
Cleanup
The following commands delete all Kubernetes resources created in this guide:
kubectl delete datadogagent datadog
helm delete my-datadog-operator
Further Reading
Additional helpful documentation, links, and articles: