Many features in Datadog rely on the Agent to provide an accurate hostname for monitored hosts. While this is straightforward when the Agent runs directly on a host, the hostname resolution process is different when the Agent runs in a containerized environment.
Since version 7.40, the Agent properly recognizes failed hostname resolution in containerized environments. Without a resolved hostname, the Agent exits with an error shortly after it starts.
When that happens, the following ERROR message is printed in the logs:
Error while getting hostname, exiting: unable to reliably determine the host name. You can define one in the agent config file or in your hosts file
Encountering this error usually means that some part of the Agent configuration is incorrect. Use the following information to resolve various common cases of this misconfiguration.
Make sure the Agent can access the Kubelet API. When it can, the Agent prints this log:
Successful configuration found for Kubelet, using URL: ******
The Kubernetes RBAC permissions are set automatically by our official Helm chart, the Datadog Operator and our official manifests. If you use a different solution to deploy the Agent, make sure the following permissions are present in a Role or ClusterRole that is bounded to the Agent service account:
rules:- apiGroups:# Kubelet connectivity- ""resources:- nodes/metrics- nodes/spec- nodes/proxy- nodes/statsverbs:- get
The most common error that prevents connection to the Kubelet API is the verification of Kubelet TLS certificate. In many Kubernetes distributions the Kubelet certificate is either:
Not signed by the cluster CA.
Does not contain a SAN corresponding to the address it’s reachable at.
This prevents the Agent from connecting to the Kubelet API through HTTPS, because TLS verification is enabled by default.
You can disable TLS verification by using dedicated parameters or by setting the DD_KUBELET_TLS_VERIFY variable for all containers in the Agent manifest:
If you run in AWS, Google Cloud, or Azure, the Agent can use a metadata endpoint to retrieve the hostname.
Accessing the cloud provider metadata endpoint allows Datadog to properly match Agent data and cloud integration data in the application.
Encountering this issue usually means that access to the metadata endpoint has been restricted.
For example, on AWS, this could be due to the hop limit setting.
Use this solution only in the unlikely event that you explicitly don’t want the Agent to connect to Kubelet API, and if you are not running in a supported cloud provider described above.
In this case you can use the downward API to set DD_HOSTNAME:
If you run in AWS, Google Cloud, or Azure, the Agent can use a metadata endpoint to retrieve the hostname.
Accessing the cloud provider metadata endpoint allows Datadog to properly match Agent data and cloud integration data in the application.
Encountering this issue usually means that access to the metadata endpoint has been restricted.
For example, on AWS, this could be due to the hop limit setting.