Getting Started with the Datadog Operator
The Datadog Operator is an open source Kubernetes Operator that enables you to deploy and configure the Datadog Agent in a Kubernetes environment. This guide describes how to use the Operator to deploy the Datadog Agent.
Prerequisites
- Kubernetes v1.20.X+
- Helm for deploying the Datadog Operator
- The Kubernetes command-line tool, kubectl, for installing the Datadog Agent
Installation and deployment
Install the Datadog Operator with Helm:
helm repo add datadog https://helm.datadoghq.com helm install my-datadog-operator datadog/datadog-operator
Create a Kubernetes secret with your API key:
kubectl create secret generic datadog-secret --from-literal api-key=<DATADOG_API_KEY>
Replace <DATADOG_API_KEY> with your Datadog API key.
Note: Add an application key for autoscaling using the external metrics server by adding --from-literal app-key=<DATADOG_APP_KEY>
Create a datadog-agent.yaml file with the spec of your DatadogAgent deployment configuration. The following sample configuration enables metrics, logs, and APM:
apiVersion: datadoghq.com/v2alpha1 kind: DatadogAgent metadata: name: datadog spec: global: site: datadoghq.com credentials: apiSecret: secretName: datadog-secret keyName: api-key features: apm: enabled: true logCollection: enabled: true
Note: Make sure to set site to the Datadog site you are using (for instance, datadoghq.eu).
For all configuration options, see the Operator configuration spec.
Deploy the Datadog Agent:
kubectl apply -f /path/to/your/datadog-agent.yaml
Running Agents in a single container
Available in Operator v1.4.0 or later
By default, the Datadog Operator creates an Agent DaemonSet with pods running multiple Agent containers. Datadog Operator v1.4.0 introduces a configuration which allows users to run Agents in a single container. In order to avoid elevating privileges for all Agents in the single container, this feature is only applicable when system-probe or security-agent is not required. For more details, see Running as an unprivileged user on the Agent Data Security page.
To enable this feature add global.containerStrategy: single to the DatadogAgent manifest:
apiVersion: datadoghq.com/v2alpha1 kind: DatadogAgent metadata: name: datadog spec: global: containerStrategy: single credentials: apiSecret: secretName: datadog-secret keyName: api-key features: apm: enabled: true logCollection: enabled: true
With the above configuration, Agent pods run as single containers with three Agent processes. The default for
global.containerStrategy is
optimized and runs each Agent process in a separate container.
Note: Running multiple Agent processes in a single container is discouraged in orchestrated environments such as Kubernetes. Pods running multiple processes need their lifecycles to be managed by a process manager, which is not directly controllable by Kubernetes and potentially leads to inconsistencies or conflicts in the container lifecycle management.
Validation
Use kubectl get daemonset and kubectl get pod -owide to validate your installation.
In a cluster with two worker Nodes, you should see Agent Pods created on each Node:
$ kubectl get daemonset NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE datadog-agent 2 2 2 2 2 <none> 5m30s $ kubectl get pod -owide NAME READY STATUS RESTARTS AGE IP NODE agent-datadog-operator-d897fc9b-7wbsf 1/1 Running 0 1h 10.244.2.11 kind-worker datadog-agent-k26tp 1/1 Running 0 5m59s 10.244.2.13 kind-worker datadog-agent-zcxx7 1/1 Running 0 5m59s 10.244.1.7 kind-worker2
Cleanup
The following commands delete all Kubernetes resources created in this guide:
kubectl delete datadogagent datadog helm delete my-datadog-operator
Further Reading
Additional helpful documentation, links, and articles:
