- Essentials
- In The App
- Infrastructure
- Application Performance
- Log Management
- Security Platform
- UX Monitoring
- Administration
The following table lists the configurable parameters for the DatadogAgent
resource. For example, if you wanted to set a value for agent.image.name
,
your DatadogAgent
resource would look like the following:
apiVersion: datadoghq.com/v1alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
agent:
image:
name: "gcr.io/datadoghq/agent:latest"
agent.additionalAnnotations
AdditionalAnnotations
provide annotations that will be added to the Agent Pods.agent.additionalLabels
AdditionalLabels
provide labels that are added to the cluster checks runner pods.agent.apm.enabled
agent.apm.env
agent.apm.hostPort
HostNetwork
is specified, this must match ContainerPort
. Most containers do not need this.agent.apm.resources.limits
agent.apm.resources.requests
Requests
describes the minimum amount of compute resources required. If requests
is omitted for a container, it defaults to limits
if that is explicitly specified. Otherwise, it defaults to an implementation-defined value. For more info, see the Kubernetes documentation.agent.config.checksd.configMapName
agent.config.collectEvents
agent.config.confd.configMapName
agent.config.criSocket.criSocketPath
agent.config.criSocket.dockerSocketPath
agent.config.ddUrl
site
.agent.config.dogstatsd.dogstatsdOriginDetection
agent.config.dogstatsd.useDogStatsDSocketVolume
agent.config.env
agent.config.hostPort
HostNetwork
is specified, this must match ContainerPort
. Most containers do not need this.agent.config.leaderElection
agent.config.logLevel
trace
, debug
, info
, warn
, error
, critical
, and off
.agent.config.podAnnotationsAsTags
<KUBERNETES_ANNOTATIONS>: <DATADOG_TAG_KEY>
agent.config.podLabelsAsTags
<KUBERNETES_LABEL>: <DATADOG_TAG_KEY>
agent.config.resources.limits
agent.config.resources.requests
requests
is omitted for a container, it defaults to limits
if that is explicitly specified. Otherwise, it defaults to an implementation-defined value. See the Kubernetes documentation.agent.config.securityContext.allowPrivilegeEscalation
no_new_privs
flag is set on the container process. AllowPrivilegeEscalation
is always true when the container is run as both Privileged
and has CAP_SYS_ADMIN
.agent.config.securityContext.capabilities.add
agent.config.securityContext.capabilities.drop
agent.config.securityContext.privileged
false
.agent.config.securityContext.procMount
procMount
denotes the type of proc mount to use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for read-only paths and masked paths. This requires the ProcMountType
feature flag to be enabled.agent.config.securityContext.readOnlyRootFilesystem
false
.agent.config.securityContext.runAsGroup
PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence.agent.config.securityContext.runAsNonRoot
PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence.agent.config.securityContext.runAsUser
PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence.agent.config.securityContext.seLinuxOptions.level
agent.config.securityContext.seLinuxOptions.role
agent.config.securityContext.seLinuxOptions.type
agent.config.securityContext.seLinuxOptions.user
agent.config.securityContext.windowsOptions.gmsaCredentialSpec
GMSACredentialSpec
is where the GMSA admission webhook inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.agent.config.securityContext.windowsOptions.gmsaCredentialSpecName
GMSACredentialSpecName
is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.agent.config.securityContext.windowsOptions.runAsUserName
UserName
in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence. This field is beta-level and may be disabled with the WindowsRunAsUserName
feature flag.agent.config.tags
agent.config.tolerations
agent.config.volumeMounts
agent.config.volumes
agent.customConfig.configData
agent.customConfig.configMap.fileKey
agent.customConfig.configMap.name
agent.daemonsetName
agent.deploymentStrategy.canary.duration
:
agent.deploymentStrategy.canary.paused
:
agent.deploymentStrategy.canary.replicas
:
agent.deploymentStrategy.reconcileFrequency
agent.deploymentStrategy.rollingUpdate.maxParallelPodCreation
agent.deploymentStrategy.rollingUpdate.maxPodSchedulerFailure
maxPodSchedulerFailure
is the maximum number of pods scheduled on its Node due to a scheduler failure: resource constraints. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute.agent.deploymentStrategy.rollingUpdate.maxUnavailable
agent.deploymentStrategy.rollingUpdate.slowStartAdditiveIncrease
agent.deploymentStrategy.rollingUpdate.slowStartIntervalDuration
agent.deploymentStrategy.updateStrategyType
agent.dnsConfig.nameservers
dnsPolicy
. Duplicated nameservers are removed.agent.dnsConfig.options
dnsPolicy
. Duplicated entries are removed. Resolution options given in options
override those that appear in the base dnsPolicy
.agent.dnsConfig.searches
dnsPolicy
. Duplicated search paths are removed.agent.dnsPolicy
ClusterFirst
. Valid values are ClusterFirstWithHostNet
, ClusterFirst
, Default
, or None
. DNS parameters given in dnsConfig
are merged with the policy selected with dnsPolicy
. To have DNS options set along with hostNetwork
, you have to specify dnsPolicy
explicitly to ClusterFirstWithHostNet
.agent.env
agent.hostNetwork
false
.agent.hostPID
false
.agent.image.name
gcr.io/datadoghq/agent:latest
for Datadog Agent 6. Use gcr.io/datadoghq/dogstatsd:latest
for stand-alone Datadog Agent DogStatsD. Use gcr.io/datadoghq/cluster-agent:latest
for Datadog Cluster Agent.agent.image.pullPolicy
Always
, Never
, or IfNotPresent
.agent.image.pullSecrets
agent.log.containerCollectUsingFiles
/var/log/pods
instead of using container runtime API. This is usually the most efficient way of collecting logs. See the Log Collection documentation. Default: true
.agent.log.containerLogsPath
/var/lib/docker/containers
.agent.log.enabled
agent.log.logsConfigContainerCollectAll
agent.log.openFilesLimit
agent.log.podLogsPath
/var/log/pods
.agent.log.tempStoragePath
/var/lib/datadog-agent/logs
.agent.priorityClassName
system-node-critical
and system-cluster-critical
are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass
object with that name. If not specified, the pod priority is set to default or zero if there is no default.agent.process.enabled
/etc/passwd
is automatically mounted to allow username resolution. See the Process documentation.agent.process.env
agent.process.resources.limits
agent.process.resources.requests
requests
is omitted for a container, it defaults to limits
if that is explicitly specified, otherwise to an implementation-defined value. See the Kubernetes documentation.agent.rbac.create
agent.rbac.serviceAccountName
Ignored
if the field Create
is true.agent.systemProbe.appArmorProfileName
agent.systemProbe.bpfDebugEnabled
agent.systemProbe.conntrackEnabled
agent.systemProbe.debugPort
agent.systemProbe.enabled
/etc/passwd
is automatically mounted to allow username resolution. See the Process documentation.agent.systemProbe.env
agent.systemProbe.resources.limits
agent.systemProbe.resources.requests
requests
is omitted for a container, it defaults to limits
if that is explicitly specified, otherwise to an implementation-defined value. See the Kubernetes documentation.agent.systemProbe.secCompCustomProfileConfigMap
agent.systemProbe.secCompProfileName
agent.systemProbe.secCompRootPath
agent.systemProbe.securityContext.allowPrivilegeEscalation
no_new_privs
flag is set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN
.agent.systemProbe.securityContext.capabilities.add
agent.systemProbe.securityContext.capabilities.drop
agent.systemProbe.securityContext.privileged
agent.systemProbe.securityContext.procMount
DefaultProcMount
which uses the container runtime defaults for read-only paths and masked paths. This requires the ProcMountType
feature flag to be enabled.agent.systemProbe.securityContext.readOnlyRootFilesystem
false
.agent.systemProbe.securityContext.runAsGroup
PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence.agent.systemProbe.securityContext.runAsNonRoot
PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence.agent.systemProbe.securityContext.runAsUser
PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence.agent.systemProbe.securityContext.seLinuxOptions.level
agent.systemProbe.securityContext.seLinuxOptions.role
agent.systemProbe.securityContext.seLinuxOptions.type
agent.systemProbe.securityContext.seLinuxOptions.user
agent.systemProbe.securityContext.windowsOptions.gmsaCredentialSpec
GMSACredentialSpec
is where the GMSA admission webhook inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName
field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.agent.systemProbe.securityContext.windowsOptions.gmsaCredentialSpecName
GMSACredentialSpecName
is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.agent.systemProbe.securityContext.windowsOptions.runAsUserName
UserName
in Windows to run the entry point of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext
. If set in both SecurityContext
and PodSecurityContext
, the value specified in SecurityContext
takes precedence. This field is beta-level and may be disabled with the WindowsRunAsUserName
feature flag.agent.useExtendedDaemonset
clusterAgent.additionalAnnotations
AdditionalAnnotations
provide annotations that are added to the Cluster Agent Pods.clusterAgent.additionalLabels
AdditionalLabels
provide labels that are added to the cluster checks runner Pods.clusterAgent.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
requiredDuringScheduling
affinity expressions), compute a sum by iterating through the elements of this field and adding “weight” to the sum if the node matches the corresponding matchExpressions
; the node(s) with the highest sum are the most preferred.clusterAgent.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
OR
ed.clusterAgent.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
requiredDuringScheduling
affinity expressions), compute a sum by iterating through the elements of this field and adding “weight” to the sum if the node has pods which matches the corresponding podAffinityTerm
. The node(s) with the highest sum are the most preferred.clusterAgent.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
podAffinityTerm
are intersected; all terms must be satisfied.clusterAgent.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
requiredDuringScheduling
anti-affinity expressions), compute a sum by iterating through the elements of this field and adding “weight” to the sum if the node has pods which matches the corresponding podAffinityTerm
; the node(s) with the highest sum are the most preferred.clusterAgent.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
clusterAgent.config.admissionController.enabled
clusterAgent.config.admissionController.mutateUnlabelled
admission.datadoghq.com/enabled="true"
clusterAgent.config.admissionController.serviceName
clusterAgent.config.clusterChecksEnabled
clusterAgent.config.confd.configMapName
clusterAgent.config.env
clusterAgent.config.externalMetrics.enabled
metricsProvider
to be able to scale based on metrics in Datadog.clusterAgent.config.externalMetrics.port
metricsProvider
external metrics service port.clusterAgent.config.externalMetrics.useDatadogMetrics
clusterAgent.config.logLevel
trace
, debug
, info
, warn
, error
, critical
, and off
.clusterAgent.config.resources.limits
clusterAgent.config.resources.requests
requests
is omitted for a container, it defaults to limits
if that is explicitly specified, otherwise to an implementation-defined value. See the Kubernetes documentation.clusterAgent.config.volumeMounts
clusterAgent.config.volumes
clusterAgent.customConfig.configData
clusterAgent.customConfig.configMap.fileKey
ConfigMap.Data
to store the configuration file content.clusterAgent.customConfig.configMap.name
clusterAgent.deploymentName
clusterAgent.image.name
gcr.io/datadoghq/agent:latest
for Datadog Agent 6. Use gcr.io/datadoghq/dogstatsd:latest
for stand-alone Datadog Agent DogStatsD. Use gcr.io/datadoghq/cluster-agent:latest
for Datadog Cluster Agent.clusterAgent.image.pullPolicy
Always
, Never
, or IfNotPresent
.clusterAgent.image.pullSecrets
clusterAgent.nodeSelector
clusterAgent.priorityClassName
system-node-critical
and system-cluster-critical
are two special keywords that indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass
object with that name. If not specified, the pod priority is set to default or zero if there is no default.clusterAgent.rbac.create
clusterAgent.rbac.serviceAccountName
Create
is true.clusterAgent.replicas
clusterAgent.tolerations
clusterChecksRunner.additionalAnnotations
clusterChecksRunner.additionalLabels
clusterChecksRunner.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution
requiredDuringScheduling
affinity expressions), compute a sum by iterating through the elements of this field and adding “weight” to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.clusterChecksRunner.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms
OR
ed.clusterChecksRunner.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
requiredDuringScheduling
affinity expressions), compute a sum by iterating through the elements of this field and adding “weight” to the sum if the node has pods which matches the corresponding podAffinityTerm
; the node(s) with the highest sum are the most preferred.clusterChecksRunner.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
podAffinityTerm
are intersected; all terms must be satisfied.clusterChecksRunner.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
requiredDuringScheduling
anti-affinity expressions), compute a sum by iterating through the elements of this field and adding “weight” to the sum if the node has pods which matches the corresponding podAffinityTerm
; the node(s) with the highest sum are the most preferred.clusterChecksRunner.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
clusterChecksRunner.config.env
clusterChecksRunner.config.logLevel
trace
, debug
, info
, warn
, error
, critical
, and off
.clusterChecksRunner.config.resources.limits
clusterChecksRunner.config.resources.requests
requests
is omitted for a container, it defaults to limits
if that is explicitly specified, otherwise to an implementation-defined value. See the Kubernetes documentation.clusterChecksRunner.config.volumeMounts
clusterChecksRunner.config.volumes
clusterChecksRunner.customConfig.configData
clusterChecksRunner.customConfig.configMap.fileKey
ConfigMap.Data
to store the configuration file content.clusterChecksRunner.customConfig.configMap.name
clusterChecksRunner.deploymentName
clusterChecksRunner.image.name
gcr.io/datadoghq/agent:latest
for Datadog Agent 6. Use gcr.io/datadoghq/dogstatsd:latest
for standalone Datadog Agent DogStatsD. Use gcr.io/datadoghq/cluster-agent:latest
for Datadog Cluster Agent.clusterChecksRunner.image.pullPolicy
Always
, Never
, or IfNotPresent
.clusterChecksRunner.image.pullSecrets
clusterChecksRunner.nodeSelector
clusterChecksRunner.priorityClassName
system-node-critical
and system-cluster-critical
are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass
object with that name. If not specified, the pod priority is set to default or zero if there is no default.clusterChecksRunner.rbac.create
clusterChecksRunner.rbac.serviceAccountName
Create
is true.clusterChecksRunner.replicas
clusterChecksRunner.tolerations
clusterName
credentials.apiKey
credentials.apiKeyExistingSecret
apiSecret
instead. If set, this parameter takes precedence over apiKey
.credentials.apiSecret.keyName
credentials.apiSecret.secretName
credentials.appKey
clusterAgent.metricsProvider.enabled = true
, you must set a Datadog application key for read access to your metrics.credentials.appKeyExistingSecret
appSecret
instead. If set, this parameter takes precedence over appKey
.credentials.appSecret.keyName
credentials.appSecret.secretName
credentials.token
credentials.useSecretBackend
useSecretBackend:true
, other credential parameters are ignored. Default value is false.site
. Defaults to datadoghq.com
.features.kubeStateMetricsCore.clusterCheck
features.kubeStateMetricsCore.enabled
features.kubeStateMetricsCore.conf.configData
features.kubeStateMetricsCore.conf.configMap.fileKey
features.kubeStateMetricsCore.conf.configMap.name
features.logCollection.containerCollectUsingFiles
/var/log/pods instead
of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. Default is true
. See the Kubernetes Log collectionfeatures.logCollection.containerLogsPath
/var/lib/docker/containers
.features.logCollection.containerSymlinksPath
/var/log/containers
.features.logCollection.enabled
features.logCollection.logsConfigContainerCollectAll
features.logCollection.openFilesLimit
features.logCollection.podLogsPath
/var/log/pods
.features.logCollection.tempStoragePath
/var/lib/datadog-agent/logs
.features.networkMonitoring.enabled
features.orchestratorExplorer.additionalEndpoints
{"https://process.agent.datadoghq.com": ["apikey1", ...], ...}'
.features.orchestratorExplorer.clusterCheck
features.orchestratorExplorer.conf.configData
features.orchestratorExplorer.conf.configMap.fileKey
features.orchestratorExplorer.conf.configMap.name
features.orchestratorExplorer.ddUrl
features.orchestratorExplorer.enabled
features.orchestratorExplorer.extraTags
a b c
. In contrast to DD_TAGS
, this is a Cluster Agent option that is used to define custom cluster tags.features.orchestratorExplorer.scrubbing.containers
features.prometheusScrape.additionalConfigs
features.prometheusScrape.enabled
features.prometheusScrape.serviceEndpoints