Disable the Datadog Admission Controller with the Cluster Agent

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Overview

The Datadog Cluster Agent manages the Datadog Admission Controller by creating, updating, and deleting Admission Controllers as needed. To disable the Admission Controller or remove the Cluster Agent, you must first disable the Admission Controller features in the Cluster Agent configuration and redeploy the Cluster Agent. Once the Admission Controllers are removed, the Cluster Agent can be safely removed if necessary.

Prerequisites

Datadog Cluster Agent v7.63+

Steps

    To disable the Admission Controllers with your Cluster Agent managed by the Datadog Operator:

    1. Set features.admissionController.enabled to true in your DatadogAgent configuration.
    2. Set features.admissionController.validation.enabled to false in your DatadogAgent configuration.
    3. Set features.admissionController.mutation.enabled to false in your DatadogAgent configuration.
      apiVersion: datadoghq.com/v2alpha1
  kind: DatadogAgent
  metadata:
    name: datadog
  spec:
    features:
      admissionController:
        enabled: true
        validation:
          enabled: false
        mutation:
          enabled: false

    Note: The the features.admissionController.enabled parameter is set to true to allow the Cluster Agent to manage the Kubernetes Admission Controllers.

    After redeploying the Cluster Agent with the updated configuration, the Admission Controllers are removed.

    To disable the Admission Controllers with your Cluster Agent managed by the Datadog Helm Chart:

    1. Set clusterAgent.admissionController.enabled to true.
    2. Set clusterAgent.admissionController.validation.enabled to false.
    3. Set clusterAgent.admissionController.mutation.enabled to false.
    clusterAgent:
  enabled: true
  admissionController:
    enabled: true
    validation:
      enabled: false
    mutation:
      enabled: false

    You can confirm the Admission Controllers are removed by checking ValidatingWebhookConfiguration and MutatingWebhookConfiguration resources in your cluster.

    kubectl get validatingwebhookconfigurations.admissionregistration.k8s.io

    kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io

    Further Reading

    お役に立つドキュメント、リンクや記事:

    Introducing the Datadog Cluster AgentBLOG more more Datadog Admission ControllerDOCUMENTATION more more Troubleshooting the Datadog Cluster AgentDOCUMENTATION more more