The Datadog Operator is an open source Kubernetes Operator that enables you to deploy and configure the Datadog Agent in a Kubernetes environment. This guide describes how to use the Operator to deploy the Datadog Agent.

Prerequisites

  • Kubernetes v1.20.X+
  • Helm for deploying the Datadog Operator
  • The Kubernetes command-line tool, kubectl, for installing the Datadog Agent

Installation and deployment

  1. Install the Datadog Operator with Helm:
helm repo add datadog https://helm.datadoghq.com
helm install my-datadog-operator datadog/datadog-operator
  1. Create a Kubernetes secret with your API key:
kubectl create secret generic datadog-secret --from-literal api-key=<DATADOG_API_KEY>

Replace <DATADOG_API_KEY> with your Datadog API key.

Note: add the application key for autoscaling using the external metrics server.

  1. Create a datadog-agent.yaml file with the spec of your DatadogAgent deployment configuration. The following sample configuration enables metrics, logs, and APM:
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  global:
    credentials:
      apiSecret:
        secretName: datadog-secret
        keyName: api-key
  features:
    apm:
      enabled: true
    logCollection:
      enabled: true

For all configuration options, see the Operator configuration spec.

  1. Deploy the Datadog Agent:
kubectl apply -f /path/to/your/datadog-agent.yaml

Running Agents in a single container

Available in Operator v1.4.0 or later

By default, the Datadog Operator creates an Agent DaemonSet with pods running multiple Agent containers. Datadog Operator v1.4.0 introduces a configuration which allows users to run Agents in a single container. In order to avoid elevating privileges for all Agents in the single container, this feature is only applicable when system-probe or security-agent is not required. For more details, see Running as an unprivileged user on the Agent Data Security page.

To enable this feature add global.containerStrategy: single to the DatadogAgent manifest:

  apiVersion: datadoghq.com/v2alpha1
  kind: DatadogAgent
  metadata:
    name: datadog
  spec:
    global:
      containerStrategy: single
      credentials:
        apiSecret:
          secretName: datadog-secret
          keyName: api-key
    features:
      apm:
        enabled: true
      logCollection:
        enabled: true
With the above configuration, Agent pods run as single containers with three Agent processes. The default for global.containerStrategy is optimized and runs each Agent process in a separate container.

Note: Running multiple Agent processes in a single container is discouraged in orchestrated environments such as Kubernetes. Pods running multiple processes need their lifecycles to be managed by a process manager, which is not directly controllable by Kubernetes and potentially leads to inconsistencies or conflicts in the container lifecycle management.

Validation

Use kubectl get daemonset and kubectl get pod -owide to validate your installation.

In a cluster with two worker Nodes, you should see Agent Pods created on each Node:

$ kubectl get daemonset
NAME            DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
datadog-agent   2         2         2       2            2           <none>          5m30s

$ kubectl get pod -owide
NAME                                         READY   STATUS    RESTARTS   AGE     IP            NODE
agent-datadog-operator-d897fc9b-7wbsf        1/1     Running   0          1h      10.244.2.11   kind-worker
datadog-agent-k26tp                          1/1     Running   0          5m59s   10.244.2.13   kind-worker
datadog-agent-zcxx7                          1/1     Running   0          5m59s   10.244.1.7    kind-worker2

Cleanup

The following commands delete all Kubernetes resources created in this guide:

kubectl delete datadogagent datadog
helm delete my-datadog-operator

Further Reading