The Datadog Admission Controller is a component of the Datadog Cluster Agent. The main benefit of the Admission Controller is to simplify your application Pod configuration. For that, it has two main functionalities:
Inject environment variables (DD_AGENT_HOST, DD_TRACE_AGENT_URL and DD_ENTITY_ID) to configure DogStatsD and APM tracer libraries into the user’s application containers.
Inject Datadog standard tags (env, service, version) from application labels into the container environment variables.
Starting from Helm chart v2.35.0, Datadog Admission controller is activated by default. No extra configuration is needed to enable the Admission Controller.
To enable the Admission Controller for Helm chart v2.34.6 and earlier, set the parameter clusterAgent.admissionController.enabled to true:
[...]clusterAgent:[...]## @param admissionController - object - required## Enable the admissionController to automatically inject APM and## DogStatsD config and standard tags (env, service, version) into## your pods#admissionController:enabled:true## @param mutateUnlabelled - boolean - optional## Enable injecting config without having the pod label:## admission.datadoghq.com/enabled="true"#mutateUnlabelled:false[...]
To enable the Admission Controller without using Helm or the Datadog operator, add the following to your configuration:
In a private cluster, you need to add a Firewall Rule for the control plane. The webhook handling incoming connections receives the request on port 443 and directs it to a service implemented on port 8000. By default, in the Network for the cluster there should be a Firewall Rule named like gke-<CLUSTER_NAME>-master. The “Source filters” of the rule match the “Control plane address range” of the cluster. Edit this Firewall Rule to allow ingress to the TCP port 8000.
Additional helpful documentation, links, and articles: