Install the Datadog Agent on Kubernetes
Overview
This page provides instructions on installing the Datadog Agent in a Kubernetes environment.
For dedicated documentation and examples for major Kubernetes distributions including AWS Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Red Hat OpenShift, Rancher, and Oracle Container Engine for Kubernetes (OKE), see Kubernetes distributions.
For dedicated documentation and examples for monitoring the Kubernetes control plane, see Kubernetes control plane monitoring.
Minimum Kubernetes and Datadog Agent versions
Some features related to later Kubernetes versions require a minimum Datadog Agent version.
Kubernetes version | Agent version | Reason |
---|
1.16.0+ | 7.19.0+ | Kubelet metrics deprecation |
1.21.0+ | 7.36.0+ | Kubernetes resource deprecation |
1.22.0+ | 7.37.0+ | Support dynamic service account token |
See also: Minimum Kubernetes and Cluster Agent versions.
Installation
Use the Installing on Kubernetes page in Datadog to guide you through the installation process.
Select installation method
Choose one of the following installation methods:
Install the Datadog Operator
To install the Datadog Operator in your current namespace, run:
helm repo add datadog https://helm.datadoghq.com
helm install datadog-operator datadog/datadog-operator
kubectl create secret generic datadog-secret --from-literal api-key=<DATADOG_API_KEY>
Configure datadog-agent.yaml
Create a file, datadog-agent.yaml
, that contains:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
global:
clusterName: <CLUSTER_NAME>
site: <DATADOG_SITE>
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
- Replace
<CLUSTER_NAME>
with a name for your cluster. - Replace
<DATADOG_SITE>
with your Datadog site. Your site is
. (Ensure the correct SITE is selected on the right).
Deploy Agent with the above configuration file
Run:
kubectl apply -f datadog-agent.yaml
Add the Datadog Helm repository
Run:
helm repo add datadog https://helm.datadoghq.com
helm repo update
kubectl create secret generic datadog-secret --from-literal api-key=<DATADOG_API_KEY>
Configure datadog-values.yaml
Create a file, datadog-values.yaml
, that contains:
datadog:
apiKeyExistingSecret: datadog-secret
site: <DATADOG_SITE>
- Replace
<DATADOG_SITE>
with your Datadog site. Your site is
. (Ensure the correct SITE is selected on the right).
Deploy Agent with the above configuration file
Run:
helm install datadog-agent -f datadog-values.yaml datadog/datadog
For Windows, append --set targetSystem=windows
to the helm install
command.
Confirm Agent installation
Verify that Agent pods (tagged with app.kubernetes.io/component:agent
) appear on the Containers page in Datadog. Agent pods are detected within a few minutes of deployment.
<CLUSTER_NAME>
allows you to scope hosts and Cluster Checks. This unique name must be dot-separated tokens and abide by the following restrictions:
- Must only contain lowercase letters, numbers, and hyphens
- Must start with a letter
- Must end with a number or a letter
- Must be less than or equal to 80 characters
Unprivileged installation
To run an unprivileged installation, add the following to datadog-agent.yaml
:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
global:
clusterName: <CLUSTER_NAME>
site: <DATADOG_SITE>
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
agent:
config:
securityContext:
runAsUser: <USER_ID>
supplementalGroups:
- <GROUP_ID>
- Replace
<USER_ID>
with the UID to run the Datadog Agent. - Replace
<GROUP_ID>
with the group ID that owns the Docker or containerd socket.
Then, deploy the Agent:
kubectl apply -f datadog-agent.yaml
To run an unprivileged installation, add the following to your datadog-values.yaml
file:
datadog:
apiKeyExistingSecret: datadog-secret
site: <DATADOG_SITE>
securityContext:
runAsUser: <USER_ID>
supplementalGroups:
- <GROUP_ID>
- Replace
<USER_ID>
with the UID to run the Datadog Agent. - Replace
<GROUP_ID>
with the group ID that owns the Docker or containerd socket.
Then, deploy the Agent:
helm install datadog-agent -f datadog-values.yaml datadog/datadog
Container registries
Datadog publishes container images to Google Artifact Registry, Amazon ECR, Azure ACR, and Docker Hub:
Google Artifact Registry | Amazon ECR | Azure ACR | Docker Hub |
---|
gcr.io/datadoghq | public.ecr.aws/datadog | datadoghq.azurecr.io | docker.io/datadog |
By default, the Agent image is pulled from Google Artifact Registry (gcr.io/datadoghq
). If Artifact Registry is not accessible in your deployment region, use another registry.
If you are deploying the Agent in an AWS environment, Datadog recommend that you use Amazon ECR.
Docker Hub is subject to image pull rate limits. If you are not a Docker Hub customer, Datadog recommends that you update your Datadog Agent and Cluster Agent configuration to pull from Google Artifact Registry or Amazon ECR. For instructions, see
Changing your container registry.
To use a different container registry, modify global.registry
in datadog-agent.yaml
.
For example, to use Amazon ECR:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
global:
clusterName: <CLUSTER_NAME>
registry: public.ecr.aws/datadog
site: <DATADOG_SITE>
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
To use a different container registry, modify registry
in datadog-values.yaml
.
For example, to use Amazon ECR:
registry: public.ecr.aws/datadog
datadog:
apiKeyExistingSecret: datadog-secret
site: <DATADOG_SITE>
For more information, see Changing your container registry.
Uninstall
kubectl delete datadogagent datadog
helm delete datadog-operator
This command deletes all Kubernetes resources created by installing Datadog Operator and deploying the Datadog Agent.
helm uninstall datadog-agent
Next steps
Monitor your infrastructure in Datadog
Use the Containers page for visibility into your container infrastructure, with resource metrics and faceted search. For information on how to use the Containers page, see Containers View.
Use the Container Images page for insights into every image used in your environment. This page also displays vulnerabilities found in your container images from Cloud Security Management (CSM). For information on how to use the Container Images page, see the Containers Images View.
The Kubernetes section features an overview of all your Kubernetes resources. Orchestrator Explorer allows you to monitor the state of pods, deployments, and other Kubernetes concepts in a specific namespace or availability zone, view resource specifications for failed pods within a deployment, correlate node activity with related logs, and more. The Resource Utilization page provides insights into how your Kubernetes workloads are using your computing resources across your infrastructure. For information on how to use these pages, see Orchestrator Explorer and Kubernetes Resource Utilization.
Enable features
Additional helpful documentation, links, and articles:
Further Reading
Additional helpful documentation, links, and articles: