The default configuration targets Kubernetes 1.7.6 and later, as the Agent relies on features and endpoints introduced in this version. More installation steps are required for older versions:
RBAC objects (
ClusterRoleBindings) are available since Kubernetes 1.6 and OpenShift 3.3, but are available under different
rbac.authorization.k8s.io/v1in Kubernetes 1.8+ (and OpenShift 3.9+), the default apiVersion we target
rbac.authorization.k8s.io/v1beta1in Kubernetes 1.5 to 1.7 (and OpenShift 3.7)
v1in Openshift 3.3 to 3.6
Apply the Datadog Agent yaml manifests with the following
sed "s%authorization.k8s.io/v1%authorization.k8s.io/v1beta1%" clusterrole.yaml | kubectl apply -f - sed "s%authorization.k8s.io/v1%authorization.k8s.io/v1beta1%" clusterrolebinding.yaml | kubectl apply -f -
or for Openshift 3.3 to 3.6:
sed "s%rbac.authorization.k8s.io/v1%v1%" clusterrole.yaml | oc apply -f - sed "s%rbac.authorization.k8s.io/v1%v1%" clusterrolebinding.yaml | oc apply -f -
kubelet check retrieves metrics from the Kubernetes 1.7.6+ (OpenShift 3.7.0+) prometheus endpoint. Enable cAdvisor port mode for older versions.
The default DaemonSet makes use of the downward API to pass the kubelet’s IP to the agent. This only works on versions 1.7 and up. For older versions, here are other ways to enable kubelet connectivity:
fieldPath: spec.nodeNameand verify your node name is resolvable and reachable from the pod.
DD_KUBERNETES_KUBELET_HOSTis unset, the Agent retrieves the node hostname from docker and tries to connect there. See
docker info | grep "Name:"and verify the name is resolvable and reachable.
DD_KUBERNETES_KUBELET_HOSTenvvar. You can retrieve the IP with the
ip addr show | grep docker0command.
The default configuration relies on bearer token authentication to the API server and kubelet. On 1.3, the kubelet does not support bearer token auth, setup client certificates for the
datadog-agent serviceaccount and pass them to the agent.