calico

Supported OS Linux Windows Mac OS

Integration version4.0.0

Overview

This check monitors Calico through the Datadog Agent.

The Calico check sends metrics concerning network and security in a Kubernetes cluster set up with Calico.

Setup

Installation

The Calico check is included in the Datadog Agent package.

Installation with a Kubernetes cluster-based Agent

Using annotations:

  1. Set up Calico on your cluster.

  2. Enable Prometheus metrics using the instructions in Monitor Calico component metrics. Once enabled, you should have a felix-metrics-svc service running in your cluster, as well as a prometheus-pod.

  3. To use Autodiscovery, modify prometheus-pod. Add the following snippet to your Prometheus YAML configuration file:

    metadata:
      [...]
      annotations:
       ad.datadoghq.com/prometheus-pod.check_names: |
       ["openmetrics"]
       ad.datadoghq.com/prometheus-pod.init_configs: |
       [{}]
       ad.datadoghq.com/prometheus-pod.instances: |
         [
            {
               "prometheus_url": "http://<FELIX-SERVICE-IP>:<FELIX-SERVICE-PORT>/metrics",
               "namespace": "calico",
               "metrics": ["*"]
            }
         ]
      spec:
        [....]
    

You can find values for <FELIX-SERVICE-IP> and <FELIX-SERVICE-PORT> by running kubectl get all -all-namespaces.

Installation with an OS-based Agent

  1. Follow Monitor Calico component metrics until you have a felix-metrics-svc service running by using kubectl get all --all-namespaces.

  2. If you are using minikube, you must forward port 9091 to felix-metrics-svc. Run kubectl port-forward service/felix-metrics-svc 9091:9091 -n kube-system.

    If you are not using minikube, check that felix-metrics-svc has an external IP. If the service does not have an external IP, use kubectl edit svc to change its type from ClusterIP to LoadBalancer.

Configuration

Follow the instructions to configure this check for an Agent running on a host. For containerized environments, see the Containerized section.

Host

To configure this check for an Agent running on a host:

  1. Edit the calico.d/conf.yaml file in the conf.d/ folder at the root of your Agent’s configuration directory to start collecting your Calico performance data. The only required parameter is the openmetrics_endpoint URL. See the sample calico.d/conf.yaml for all available configuration options.

  2. If you are using minikube, use ‘http://localhost:9091/metrics’ as your openmetrics_endpoint URL. If you are not using minikube, use http://<FELIX-METRICS-SVC-EXTERNAL-IP>:<PORT>/metrics as your openmetrics_endpoint URL.

  3. Restart the Agent.

Metric collection
  1. The default configuration of your calico.d/conf.yaml file activate the collection of your Calico metrics. See the sample calico.d/conf.yaml for all available configuration options.

  2. Restart the Agent.

Log collection

Since Calico structure is set up in a Kubernetes cluster, it is built with deployments, pods, and services. The Kubernetes integration fetches logs from containers.

After setting up the Kubernetes integration, Calico logs become available in the Datadog Log Explorer.

Collecting logs is disabled by default in the Datadog Agent. Enable it in your datadog.yaml file:

logs_enabled: true

Containerized

For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.

Metric collection
ParameterValue
<INTEGRATION_NAME>calico
<INIT_CONFIG>blank or {}
<INSTANCE_CONFIG>{openmetrics_endpoint: <OPENMETRICS_ENDPOINT>}
Log collection

Collecting logs is disabled by default in the Datadog Agent. To enable it, see Kubernetes Log Collection.

ParameterValue
<LOG_CONFIG>{"source": "calico", "service": "<SERVICE_NAME>"}

Validation

Run the Agent’s status subcommand and look for calico under the Checks section.

Metrics

calico.felix.active.local_endpoints
(gauge)
Number of active endpoints on this host
calico.felix.active.local_policies
(gauge)
Number of policies on this host
calico.felix.active.local_selectors
(gauge)
Number of active selectors on this host
calico.felix.active.local_tags
(gauge)
Number of active tags on this host [versions < Calico v3.23]
calico.felix.cluster.num_host_endpoints
(gauge)
Total number of host endpoints cluster-wide
calico.felix.cluster.num_hosts
(gauge)
Total number of Calico hosts in the cluster
calico.felix.cluster.num_workload_endpoints
(gauge)
Total number of workload endpoints cluster-wide
calico.felix.int_dataplane_failures.count
(count)
Number of dataplane failures.
calico.felix.ipset.calls.count
(count)
Number of ipset commands executed
calico.felix.ipset.errors.count
(count)
Number of ipset command failures
calico.felix.ipsets.calico
(gauge)
Number of active Calico IP sets.
calico.felix.ipsets.total
(gauge)
Total number of active IP sets.
calico.felix.iptables.chains
(gauge)
Number of active iptables chains.
calico.felix.iptables.restore_calls.count
(count)
Number of iptables-restore calls.
calico.felix.iptables.restore_errors.count
(count)
Number of iptables-restore errors.
calico.felix.iptables.rules
(gauge)
Number of active iptables rules.
calico.felix.iptables.save_calls.count
(count)
Number of iptables-save calls.
calico.felix.iptables.save_errors.count
(count)
Number of iptables-save errors.

Events

The Calico integration does not include any events.

Service Checks

Troubleshooting

Need help? Contact Datadog support.

Further Reading

Additional helpful documentation, links, and articles:

PREVIEWING: rtrieu/product-analytics-ui-changes