From 16e1933684bf306d2c0f779039978a4f0125c854 Mon Sep 17 00:00:00 2001 From: Ahmed Mezghani Date: Mon, 14 Jun 2021 10:32:17 +0200 Subject: [PATCH 1/7] K8s control plane docs --- content/en/agent/kubernetes/_index.md | 5 +- content/en/agent/kubernetes/control_plane.md | 310 +++++++++++++++++++ 2 files changed, 314 insertions(+), 1 deletion(-) create mode 100644 content/en/agent/kubernetes/control_plane.md diff --git a/content/en/agent/kubernetes/_index.md b/content/en/agent/kubernetes/_index.md index c206c8429fef0..3b46de157be19 100644 --- a/content/en/agent/kubernetes/_index.md +++ b/content/en/agent/kubernetes/_index.md @@ -41,7 +41,9 @@ Run the Datadog Agent in your Kubernetes cluster as a DaemonSet in order to star ## Installation -**Note**: We have dedicated documentation and examples for [all major Kubernetes distributions][15] (GKE, EKS, AKS, OpenShift, Rancher, etc.) +**Notes**: +- We have dedicated documentation and examples for [all major Kubernetes distributions][15] (GKE, EKS, AKS, OpenShift, Rancher, etc.) +- We have dedicated documentation and examples for [Kubernetes Control Plane monitoring][16]. {{< tabs >}} {{% tab "Helm" %}} @@ -496,3 +498,4 @@ See the [Agent Commands guides][14] to discover all the Docker Agent commands. [13]: /agent/guide/autodiscovery-management/ [14]: /agent/guide/agent-commands/ [15]: /agent/kubernetes/distributions +[16]: /agent/kubernetes/control_plane diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md new file mode 100644 index 0000000000000..7950e517610cd --- /dev/null +++ b/content/en/agent/kubernetes/control_plane.md @@ -0,0 +1,310 @@ +--- +title: Kubernetes Control Plane Monitoring +kind: documentation +further_reading: + - link: 'agent/kubernetes/log' + tag: 'Documentation' + text: 'Collect your application logs' + - link: '/agent/kubernetes/apm' + tag: 'Documentation' + text: 'Collect your application traces' + - link: '/agent/kubernetes/prometheus' + tag: 'Documentation' + text: 'Collect your Prometheus metrics' + - link: '/agent/kubernetes/integrations' + tag: 'Documentation' + text: 'Collect automatically your applications metrics and logs' + - link: '/agent/guide/autodiscovery-management' + tag: 'Documentation' + text: 'Limit data collection to a subset of containers only' + - link: '/agent/kubernetes/tag' + tag: 'Documentation' + text: 'Assign tags to all data emitted by a container' +--- + +## Overview + +This section aims to document specificites and to provide good base configuration for monitoring the Kubernetes Control Plane. These configuration can then be customized to add any Datadog feature. + +With four Datadog integrations for the [API Server][1], [ETCD][2], [Controller Manager][3], and [Scheduler][4], you can collect key metrics from all four components of the Kubernetes Control Plane. + +* [Kubernetes with Kubeadm](#Kubeadm) + +## Kubernetes with Kubeadm {#Kubeadm} + +### API Server + +The API Server integration is auto-configured and will be auto-discovered by the Datadog Agent. + +### ETCD + +By providing read access to the ETCD certificates located on the host, the Datadog Agent check can communicate with ETCD and start collecting ETCD metrics. + +{{< tabs >}} +{{% tab "Helm" %}} + +Custom `values.yaml`: + +``` +datadog: + apiKey: + appKey: + clusterName: + kubelet: + tlsVerify: false + ignoreAutoConfig: + - etcd + confd: + etcd.yaml: |- + ad_identifiers: + - etcd + instances: + - prometheus_url: https://%%host%%:2379/metrics + tls_ca_cert: /host/etc/kubernetes/pki/etcd/ca.crt + tls_cert: /host/etc/kubernetes/pki/etcd/server.crt + tls_private_key: /host/etc/kubernetes/pki/etcd/server.key +agents: + volumes: + - hostPath: + path: /etc/kubernetes/pki/etcd + name: etcd-certs + volumeMounts: + - name: etcd-certs + mountPath: /host/etc/kubernetes/pki/etcd + readOnly: true + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +``` + +{{% /tab %}} +{{% tab "Operator" %}} + +DatadogAgent Kubernetes Resource: + +``` +apiVersion: datadoghq.com/v1alpha1 +kind: DatadogAgent +metadata: + name: datadog +spec: + credentials: + apiKey: + appKey: + clusterName: + agent: + image: + name: "gcr.io/datadoghq/agent:latest" + config: + confd: + configMapName: datadog-checks + kubelet: + tlsVerify: false + volumes: + - hostPath: + path: /etc/kubernetes/pki/etcd + name: etcd-certs + - name: disable-etcd-autoconf + emptyDir: {} + volumeMounts: + - name: etcd-certs + mountPath: /host/etc/kubernetes/pki/etcd + readOnly: true + - name: disable-etcd-autoconf + mountPath: /etc/datadog-agent/conf.d/etcd.d + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + clusterAgent: + image: + name: "gcr.io/datadoghq/cluster-agent:latest" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-checks +data: + etcd.yaml: |- + ad_identifiers: + - etcd + init_config: + instances: + - prometheus_url: https://%%host%%:2379/metrics + tls_ca_cert: /host/etc/kubernetes/pki/etcd/ca.crt + tls_cert: /host/etc/kubernetes/pki/etcd/server.crt + tls_private_key: /host/etc/kubernetes/pki/etcd/server.key +``` + +{{% /tab %}} +{{< /tabs >}} + +### Controller Manager and Scheduler + +#### Insecure ports + +If the insecure ports of your Controller Manager and Scheduler instances are enabled, the Datadog Agent will discover the integrations and starts collecting metrics without any additional configuration. + +#### Secure ports + +Secure ports allow authentication and authorization to protect your Control Plane components. The Datadog Agent can collect Controller Manager and Scheduler metrics by targetting their secure ports. + +{{< tabs >}} +{{% tab "Helm" %}} + +Custom `values.yaml`: + +``` +datadog: + apiKey: + appKey: + clusterName: + kubelet: + tlsVerify: false + ignoreAutoConfig: + - etcd + - kube_scheduler + - kube_controller_manager + confd: + etcd.yaml: |- + ad_identifiers: + - etcd + instances: + - prometheus_url: https://%%host%%:2379/metrics + tls_ca_cert: /host/etc/kubernetes/pki/etcd/ca.crt + tls_cert: /host/etc/kubernetes/pki/etcd/server.crt + tls_private_key: /host/etc/kubernetes/pki/etcd/server.key + kube_scheduler.yaml: |- + ad_identifiers: + - kube-scheduler + instances: + - prometheus_url: https://%%host%%:10259/metrics + ssl_verify: false + bearer_token_auth: true + kube_controller_manager.yaml: |- + ad_identifiers: + - kube-controller-manager + instances: + - prometheus_url: https://%%host%%:10257/metrics + ssl_verify: false + bearer_token_auth: true +agents: + volumes: + - hostPath: + path: /etc/kubernetes/pki/etcd + name: etcd-certs + volumeMounts: + - name: etcd-certs + mountPath: /host/etc/kubernetes/pki/etcd + readOnly: true + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +``` + +{{% /tab %}} +{{% tab "Operator" %}} + +DatadogAgent Kubernetes Resource: + +``` +apiVersion: datadoghq.com/v1alpha1 +kind: DatadogAgent +metadata: + name: datadog +spec: + credentials: + apiKey: + appKey: + clusterName: + agent: + image: + name: "gcr.io/datadoghq/agent:latest" + config: + confd: + configMapName: datadog-checks + kubelet: + tlsVerify: false + volumes: + - hostPath: + path: /etc/kubernetes/pki/etcd + name: etcd-certs + - name: disable-etcd-autoconf + emptyDir: {} + - name: disable-scheduler-autoconf + emptyDir: {} + - name: disable-controller-manager-autoconf + emptyDir: {} + volumeMounts: + - name: etcd-certs + mountPath: /host/etc/kubernetes/pki/etcd + readOnly: true + - name: disable-etcd-autoconf + mountPath: /etc/datadog-agent/conf.d/etcd.d + - name: disable-scheduler-autoconf + mountPath: /etc/datadog-agent/conf.d/kube_scheduler.d + - name: disable-controller-manager-autoconf + mountPath: /etc/datadog-agent/conf.d/kube_controller_manager.d + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + clusterAgent: + image: + name: "gcr.io/datadoghq/cluster-agent:latest" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-checks +data: + etcd.yaml: |- + ad_identifiers: + - etcd + init_config: + instances: + - prometheus_url: https://%%host%%:2379/metrics + tls_ca_cert: /host/etc/kubernetes/pki/etcd/ca.crt + tls_cert: /host/etc/kubernetes/pki/etcd/server.crt + tls_private_key: /host/etc/kubernetes/pki/etcd/server.key + kube_scheduler.yaml: |- + ad_identifiers: + - kube-scheduler + instances: + - prometheus_url: https://%%host%%:10259/metrics + ssl_verify: false + bearer_token_auth: true + kube_controller_manager.yaml: |- + ad_identifiers: + - kube-controller-manager + instances: + - prometheus_url: https://%%host%%:10257/metrics + ssl_verify: false + bearer_token_auth: true +``` + +{{% /tab %}} +{{< /tabs >}} + +**Notes:** + +- The `ssl_verify` field in the `kube_controller_manager` and `kube_scheduler` configuration needs to be set to `false` when using self-signed certificates. +- When targetting secure ports, the `bind-address` option in your Controller Manager and Scheduler configuration must be reachable by the Datadog Agent. Example: + +``` +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +controllerManager: + extraArgs: + bind-address: 0.0.0.0 +scheduler: + extraArgs: + bind-address: 0.0.0.0 +``` + +[1]: https://docs.datadoghq.com/integrations/kube_apiserver_metrics/ +[2]: https://docs.datadoghq.com/integrations/etcd/?tab=containerized +[3]: https://docs.datadoghq.com/integrations/kube_controller_manager/ +[4]: https://docs.datadoghq.com/integrations/kube_scheduler/ From 1460b939f5fe49c117c34122aff1c97a7378ede1 Mon Sep 17 00:00:00 2001 From: cswatt Date: Mon, 14 Jun 2021 15:09:02 -0400 Subject: [PATCH 2/7] Apply suggestions from code review --- content/en/agent/kubernetes/_index.md | 4 ++-- content/en/agent/kubernetes/control_plane.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/agent/kubernetes/_index.md b/content/en/agent/kubernetes/_index.md index 3b46de157be19..8bd3e6d2ff478 100644 --- a/content/en/agent/kubernetes/_index.md +++ b/content/en/agent/kubernetes/_index.md @@ -42,8 +42,8 @@ Run the Datadog Agent in your Kubernetes cluster as a DaemonSet in order to star ## Installation **Notes**: -- We have dedicated documentation and examples for [all major Kubernetes distributions][15] (GKE, EKS, AKS, OpenShift, Rancher, etc.) -- We have dedicated documentation and examples for [Kubernetes Control Plane monitoring][16]. +- Dedicated documentation and examples for [all major Kubernetes distributions][15] (GKE, EKS, AKS, OpenShift, Rancher, etc.) is available. +- Dedicated documentation and examples for [Kubernetes Control Plane monitoring][16] is also available.. {{< tabs >}} {{% tab "Helm" %}} diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md index 7950e517610cd..d443527a666ae 100644 --- a/content/en/agent/kubernetes/control_plane.md +++ b/content/en/agent/kubernetes/control_plane.md @@ -24,7 +24,7 @@ further_reading: ## Overview -This section aims to document specificites and to provide good base configuration for monitoring the Kubernetes Control Plane. These configuration can then be customized to add any Datadog feature. +This section aims to document specificities and to provide good base configurations for monitoring the Kubernetes Control Plane. You can then customize these configurations to add any Datadog feature. With four Datadog integrations for the [API Server][1], [ETCD][2], [Controller Manager][3], and [Scheduler][4], you can collect key metrics from all four components of the Kubernetes Control Plane. @@ -34,7 +34,7 @@ With four Datadog integrations for the [API Server][1], [ETCD][2], [Controller M ### API Server -The API Server integration is auto-configured and will be auto-discovered by the Datadog Agent. +The API Server integration is automatically configured. The Datadog Agent discovers it automatically. ### ETCD @@ -144,7 +144,7 @@ data: #### Insecure ports -If the insecure ports of your Controller Manager and Scheduler instances are enabled, the Datadog Agent will discover the integrations and starts collecting metrics without any additional configuration. +If the insecure ports of your Controller Manager and Scheduler instances are enabled, the Datadog Agent discovers the integrations and starts collecting metrics without any additional configuration. #### Secure ports From 02dce8693bd9ecad553fc09d997bf9170e2cc00b Mon Sep 17 00:00:00 2001 From: Ahmed Mezghani Date: Tue, 15 Jun 2021 09:43:34 +0200 Subject: [PATCH 3/7] add compatible version --- content/en/agent/kubernetes/control_plane.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md index d443527a666ae..b05bb056573f3 100644 --- a/content/en/agent/kubernetes/control_plane.md +++ b/content/en/agent/kubernetes/control_plane.md @@ -32,6 +32,8 @@ With four Datadog integrations for the [API Server][1], [ETCD][2], [Controller M ## Kubernetes with Kubeadm {#Kubeadm} +The following configurations are tested on Kubernetes `v1.18+`. + ### API Server The API Server integration is automatically configured. The Datadog Agent discovers it automatically. From fbd47c000a392e339bb86a15dd3d24ac24fb04a1 Mon Sep 17 00:00:00 2001 From: Ahmed Mezghani Date: Mon, 21 Jun 2021 13:59:24 +0200 Subject: [PATCH 4/7] address review comments --- content/en/agent/kubernetes/_index.md | 4 ++-- content/en/agent/kubernetes/control_plane.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/agent/kubernetes/_index.md b/content/en/agent/kubernetes/_index.md index 8bd3e6d2ff478..b564b936c66b5 100644 --- a/content/en/agent/kubernetes/_index.md +++ b/content/en/agent/kubernetes/_index.md @@ -42,8 +42,8 @@ Run the Datadog Agent in your Kubernetes cluster as a DaemonSet in order to star ## Installation **Notes**: -- Dedicated documentation and examples for [all major Kubernetes distributions][15] (GKE, EKS, AKS, OpenShift, Rancher, etc.) is available. -- Dedicated documentation and examples for [Kubernetes Control Plane monitoring][16] is also available.. +- Dedicated documentation and examples for [all major Kubernetes distributions][15] (GKE, EKS, AKS, OpenShift, Rancher, etc.) are available. +- Dedicated documentation and examples for [Kubernetes Control Plane monitoring][16] are also available. {{< tabs >}} {{% tab "Helm" %}} diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md index b05bb056573f3..d91cdc492bc9c 100644 --- a/content/en/agent/kubernetes/control_plane.md +++ b/content/en/agent/kubernetes/control_plane.md @@ -13,7 +13,7 @@ further_reading: text: 'Collect your Prometheus metrics' - link: '/agent/kubernetes/integrations' tag: 'Documentation' - text: 'Collect automatically your applications metrics and logs' + text: 'Collect automatically your application metrics and logs' - link: '/agent/guide/autodiscovery-management' tag: 'Documentation' text: 'Limit data collection to a subset of containers only' From b6fa2d56229ea538924ca9cb6a23848281e70e16 Mon Sep 17 00:00:00 2001 From: cswatt Date: Thu, 24 Jun 2021 14:17:57 -0700 Subject: [PATCH 5/7] Update control_plane.md --- content/en/agent/kubernetes/control_plane.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md index d91cdc492bc9c..a8d6316e8ea42 100644 --- a/content/en/agent/kubernetes/control_plane.md +++ b/content/en/agent/kubernetes/control_plane.md @@ -150,7 +150,7 @@ If the insecure ports of your Controller Manager and Scheduler instances are ena #### Secure ports -Secure ports allow authentication and authorization to protect your Control Plane components. The Datadog Agent can collect Controller Manager and Scheduler metrics by targetting their secure ports. +Secure ports allow authentication and authorization to protect your Control Plane components. The Datadog Agent can collect Controller Manager and Scheduler metrics by targeting their secure ports. {{< tabs >}} {{% tab "Helm" %}} From b9d5608c2d2874fb70873f57e03796edfc4dcbb1 Mon Sep 17 00:00:00 2001 From: Ahmed Mezghani <38987709+ahmed-mez@users.noreply.github.com> Date: Fri, 25 Jun 2021 15:43:09 +0200 Subject: [PATCH 6/7] Update content/en/agent/kubernetes/control_plane.md Co-authored-by: Celene --- content/en/agent/kubernetes/control_plane.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md index a8d6316e8ea42..9e515f4755496 100644 --- a/content/en/agent/kubernetes/control_plane.md +++ b/content/en/agent/kubernetes/control_plane.md @@ -293,7 +293,7 @@ data: **Notes:** - The `ssl_verify` field in the `kube_controller_manager` and `kube_scheduler` configuration needs to be set to `false` when using self-signed certificates. -- When targetting secure ports, the `bind-address` option in your Controller Manager and Scheduler configuration must be reachable by the Datadog Agent. Example: +- When targeting secure ports, the `bind-address` option in your Controller Manager and Scheduler configuration must be reachable by the Datadog Agent. Example: ``` apiVersion: kubeadm.k8s.io/v1beta2 From b2fe49f76c14fee37212112720821faaa9fdbd4a Mon Sep 17 00:00:00 2001 From: Ahmed Mezghani <38987709+ahmed-mez@users.noreply.github.com> Date: Fri, 25 Jun 2021 15:43:17 +0200 Subject: [PATCH 7/7] Update content/en/agent/kubernetes/control_plane.md Co-authored-by: Celene --- content/en/agent/kubernetes/control_plane.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/agent/kubernetes/control_plane.md b/content/en/agent/kubernetes/control_plane.md index 9e515f4755496..5215d6f8b5eb5 100644 --- a/content/en/agent/kubernetes/control_plane.md +++ b/content/en/agent/kubernetes/control_plane.md @@ -26,7 +26,7 @@ further_reading: This section aims to document specificities and to provide good base configurations for monitoring the Kubernetes Control Plane. You can then customize these configurations to add any Datadog feature. -With four Datadog integrations for the [API Server][1], [ETCD][2], [Controller Manager][3], and [Scheduler][4], you can collect key metrics from all four components of the Kubernetes Control Plane. +With Datadog integrations for the [API Server][1], [ETCD][2], [Controller Manager][3], and [Scheduler][4], you can collect key metrics from all four components of the Kubernetes Control Plane. * [Kubernetes with Kubeadm](#Kubeadm)