calico

calico

Agent Check Agent Check

Supported OS Linux Mac OS Windows

Integrationv0.0.1

Overview

This check monitors Calico through the Datadog Agent.

The Calico check sends metrics concerning network and security in a Kubernetes cluster set up with Calico.

Setup

Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the Autodiscovery Integration Templates for guidance on applying these instructions. A setup using Autodiscovery Integration is also below.

Installation with a Kubernetes cluster-based Agent

Using annotations:

  1. Set up Calico on your cluster if you have not already.

  2. Enable Prometheus metrics using the instructions in Calico’s Monitor Calico Component Metrics documentation. Once enabled, you should have a felix-metrics-svc service running in your cluster, as well as a prometheus-pod.

  3. To use Autodiscovery, modify prometheus-pod. Add the following snippet to your Prometheus YAML configuration file:

metadata:
  [...]
  annotations:
   ad.datadoghq.com/prometheus-pod.check_names: |
   ["openmetrics"]
   ad.datadoghq.com/prometheus-pod.init_configs: |
   [{}]
   ad.datadoghq.com/prometheus-pod.instances: |
     [
        {
           "prometheus_url": "http://<FELIX-SERVICE-IP>:<FELIX-SERVICE-PORT>/metrics",
           "namespace": "calico",
           "metrics": ["*"]
        }
     ]
  spec:
    [....]

You can find values for <FELIX-SERVICE-IP> and <FELIX-SERVICE-PORT> by running kubectl get all —all-namespaces.

Installation with an OS-based Agent

To install the Calico check on your host:

  1. Install Datadog’s developer toolkit on your machine.

  2. Run ddev release build calico to build the package.

  3. Download the Datadog Agent.

  4. Upload the build artifact to any host with an Agent and run datadog-agent integration install -w path/to/calico/dist/<ARTIFACT_NAME>.whl.

  5. Follow Calico’s Monitor Calico Component Metrics documentation until you have a felix-metrics-svc service running using kubectl get all --all-namespaces.

  6. If you are using minikube, you must forward port 9091 to felix-metrics-svc. Run kubectl port-forward service/felix-metrics-svc 9091:9091 -n kube-system.

    If you are not using minikube, check that felix-metrics-svc has an external IP. If the service does not have an external IP, use kubectl edit svc to change its type from ClusterIP to LoadBalancer.

Once installation is complete, you can continue to configuration (see below).

Configuration for host based setup

  1. Edit the calico.d/conf.yaml file, in the conf.d/ folder at the root of your Agent’s configuration directory to start collecting your Calico performance data. The only required parameter is the openmetrics_endpoint URL. See the sample calico.d/conf.yaml for all available configuration options.

  2. If you are using minikube, use ‘http://localhost:9091/metrics’ as your openmetrics_endpoint URL. If you are not using minikube, use http://<FELIX-METRICS-SVC-EXTERNAL-IP>:<PORT>/metrics as your openmetrics_endpoint URL.

  3. Restart the Agent.

Validation

Run the Agent’s status subcommand and look for calico under the Checks section.

Metrics

calico.felix.active.local_endpoints
(gauge)
Number of active endpoints on this host
calico.felix.active.local_policies
(gauge)
Number of policies on this host
calico.felix.active.local_selectors
(gauge)
Number of active selectors on this host
calico.felix.active.local_tags
(gauge)
Number of active tags on this host
calico.felix.cluster.num_host_endpoints
(gauge)
Total number of host endpoints cluster-wide
calico.felix.cluster.num_hosts
(gauge)
Total number of Calico hosts in the cluster
calico.felix.cluster.num_workload_endpoints
(gauge)
Total number of workload endpoints cluster-wide
calico.felix.ipset.calls.count
(count)
Number of ipset commands executed
calico.felix.ipset.errors.count
(count)
Number of ipset command failures
calico.felix.ipsets.calico
(gauge)
Number of active Calico IP sets.
calico.felix.ipsets.total
(gauge)
Total number of active IP sets.
calico.felix.iptables.chains
(gauge)
Number of active iptables chains.
calico.felix.iptables.rules
(gauge)
Number of active iptables rules.
calico.felix.iptables.restore_calls.count
(count)
Number of iptables-restore calls.
calico.felix.iptables.restore_errors.count
(count)
Number of iptables-restore errors.
calico.felix.iptables.save_calls.count
(count)
Number of iptables-save calls.
calico.felix.iptables.save_errors.count
(count)
Number of iptables-save errors.
calico.felix.int_dataplane_failures.count
(count)
Number of dataplane failures.

Events

The Calico integration does not include any events.

Service Checks

Concerning logs

Since Calico structure is setup in a kubernetes cluster, it is built with deployments, pods, service. Kubernetes integration makes a great job at fetching logs from containers Therefore, when Kubernetes integration is setup, calico logs are automatically available in datadoghq Log section. You should proceed this way.

Troubleshooting

Need help? Contact Datadog support.