- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
By default the Agent authenticates against the API server and kubelet with its service account bearer token. If you want to specify its path, set the options below. If X509 client certificates are set, either for the kubelet or API server, they are used instead. The recommended way to expose these files to the Agent is by using Kubernetes Secrets.
bearer_token_path: /var/run/secrets/kubernetes.io/serviceaccount/token
apiserver_client_crt: /path/to/client.crt
apiserver_client_key: /path/to/client.key
kubelet_client_crt: /path/to/client.crt
kubelet_client_key: /path/to/client.key
Datadog uses the default CA certificate of the Agent’s service account to verify the API server’s identity. To use custom certificates, specify the path in your configuration file.
apiserver_ca_cert: /path/to/cacert.crt
kubelet_client_ca: /path/to/ca.pem
The default for kubelet traffic is to first try to use the read-only port that doesn’t require TLS and then to fall back to the HTTPS API with simple TLS validation. Providing a cert forces TLS validation on. Explicitly disabling tls_verify should be used with caution: if an attacker sniffs the Agent requests they will see the Agent’s service account bearer token.
kubelet_tls_verify: True
Alternately, you can use kubeconfig for API server authentication. Use the DD_KUBERNETES_KUBECONFIG_PATH
environment variable to specify the path, or the equivalent option in datadog.yaml.
kubernetes_kubeconfig_path: /path/to/file