Installing the Datadog Agent on Amazon EKS with the Datadog Operator add-on
Starting with v0.1.9, the Datadog Operator add-on supports automatic Agent sidecar injection in pods scheduled on Fargate instances. See
this guide for more details.
You can install the Datadog Agent on an Amazon EKS cluster by installing the Datadog Operator
as an Amazon EKS add-on and applying the DatadogAgent
manifest.
Agents installed using the Operator add-on only collect data from pods running on EC2 instances. For pods running on AWS Fargate, follow the Amazon EKS on AWS Fargate documentation.
Compared to the regular Helm installation, there are certain differences when installing as an add-on:
- During Operator installation, images must be pulled only from the EKS repository. This can’t be changed by the user.
- Operator Helm Chart values, which can be overriden, are restricted to a schema file.
These restriction are necessary to make Operator compliant with the EKS add-on policies, allow EKS to ensure the safety of the installation, and disable features not yet supported in the add-on environment.
Prerequisites
- Subscription to the Datadog Operator product.
- kubectl installed
- If you are using the command line interface for setting up the add-on, AWS CLI
Installing Operator
- Go to the EKS cluster in the AWS console.
- Go to the add-on tab and select Get more add-ons.
- Find and select Datadog Operator. Then follow the prompts to complete the installation.
To install the Operator add-on, run:
aws eks create-addon --addon-name datadog_operator --region <AWS_REGION> --cluster-name <CLUSTER_NAME>
Add-on installation is asynchronous. To check installation status, run:
aws eks describe-addon --addon-name datadog_operator --region <AWS_REGION> --cluster-name <CLUSTER_NAME>
To verify that the installation was successful, use the AWS Management Console, eksctl
, or the AWS CLI to confirm that a datadog-operator
pod is running.
Configuring the Agent
After you have installed the Operator add-on, you can proceed to set up the Datadog Agent.
Follow the instructions to set up the Datadog Agent by using the DatadogAgent
custom resource.
Switch to the Operator installation namespace, which is datadog-agent
by default.
kubectl config set-context --current --namespace=datadog-agent
Create a Kubernetes secret with your Datadog API and application keys:
kubectl create secret generic datadog-secret --from-literal api-key=<DATADOG_API_KEY> --from-literal app-key=<DATADOG_APP_KEY>
Replace <DATADOG_API_KEY>
and <DATADOG_APP_KEY>
with your Datadog API and application keys.
Create a datadog-agent.yaml
file with the spec of your DatadogAgent
deployment configuration. The Datadog Operator uses default Agent and Cluster Agent image settings and pulls them from a public registry.
If you want to pull images from a private EKS registry, you can add global.registry
. The following configuration enables metrics, logs, and APM:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
global:
# Required in case the Agent cannot resolve the cluster name through IMDS. See the note below.
clusterName: <CLUSTER_NAME>
registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com/datadog
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
appSecret:
secretName: datadog-secret
keyName: app-key
features:
apm:
enabled: true
logCollection:
enabled: true
This Agent instance configuration pulls the Datadog agent image from an AWS Marketplace hosted ECR repository, which also contains the image for the Datadog Operator Amazon EKS add-on. Should you require alternatives, edit the ‘global.registry’ entry in the manifest above.
For all configuration options, see the Operator configuration spec.
Note: If access to IMDS v1 is blocked on the node, the Agent cannot resolve the cluster name, and certain features (for example, Orchestrator Explorer) do not work. Hence, Datadog recommends adding spec.global.ClusterName
in the DatadogAgent
manifest. See this comment on how to configure the Agent to request metadata using IMDS v2.
Deploy the Datadog Agent:
kubectl apply -f /path/to/your/datadog-agent.yaml
Uninstall the Operator
If you want to uninstall the Agent and Operator, first delete the DatadogAgent
custom resource:
kubectl delete datadogagents.datadoghq.com datadog
Confirm all Agent resources are deleted and proceed with add-on uninstallation:
- Go to the EKS cluster in the AWS console.
- Go to the add-on tab and select the Datadog Operator add-on.
- Click Remove and confirm when prompted.
To delete the add-on, run:
aws eks delete-addon --addon-name datadog_operator --region <AWS_REGION> --cluster-name <CLUSTER_NAME>
Note: If you uninstall the Operator add-on before deleting the DatadogAgent
custom resource, Agents continue to run on the cluster. Deleting the namespace fails since the DatadogAgent
cannot be finalized without a running Operator. See this Github issue for a workaround.
Additional helpful documentation, links, and articles: