Follow the instructions below to install and configure this check for an Agent running on a Kubernetes cluster. See also the Autodiscovery Integration Templates for guidance on applying these instructions.
To install the open_policy_agent check on your Kubernetes cluster:
The default dashboard includes some graphs related to a metric around OPA decisions, called open_policy_agent.decisions. This metric is created based on the OPA “Decision Logs”. To generate this metric and populate this part of the dashboard, create a new log-generated metric in Datadog.
First, create a facet for the msg field of the OPA logs, as it only generates metrics for the “Decision Logs” type of log entry. For that, select any of the log entries coming from OPA, click on the engine log near the msg field and select “Create facet for @msg”:
Create two facets, one for the input.request.kind.kind field and one for the result.response.allowed field, both available in any of the log entries type “Decision Log”.
Once you have created the facets, generate the needed metric for the Dashboard to be complete. Click on the menu “Logs -> Generate Metrics”. Click on “Add a new metric” and fill in the form with the following data:
Edit the open_policy_agent/conf.yaml file, in the /confd folder that you added to the Agent pod to start collecting your OPA performance data. See the sample open_policy_agent/conf.yaml for all available configuration options.