DataDog Integration with Kubernetes Cluster
Stage 1: Retrieve Credentials from DataDog
Obtain the following credentials from the DataDog platform:
APP Key
API Key
DataDog Site (e.g.,
us3.datadoghq.com)
These credentials are required to authenticate and configure the DataDog agent within the cluster.
Stage 2: Update the datadog-agent.yaml Configuration
Modify the datadog-agent.yaml file either manually or through an automated process, depending on your deployment approach.
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
namespace: datadog
spec:
global:
site: us3.datadoghq.com
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
features:
apm:
enabled: true
logCollection:
enabled: true
containerCollectAll: true
# Disables Kubernetes events
eventCollection:
collectKubernetesEvents: false
# Disable Datadog Admission Controller in this installation
admissionController:
enabled: false
override:
nodeAgent:
env:
- name: DD_CONTAINER_EXCLUDE_LOGS
value: |-
kube_namespace:^kube-system$
kube_namespace:^datadog\( kube_container_name:^cluster-agent\)
kube_namespace:^datadog\( kube_container_name:^cluster-checks-runner\)
kube_namespace:^datadog\( kube_container_name:^agent\)
image:.*datadog/cluster-agent.*
image:.*datadog/cluster-checks-runner.*
image:.*datadog/agent.*
# Optional : Exclude container logs
clusterAgent:
env:
- name: DD_CONTAINER_EXCLUDE_LOGS
value: |-
kube_namespace:^kube-system$
kube_namespace:^datadog\( kube_container_name:^cluster-agent\)
During this step, you can:
Define which logs and metrics should be collected
Configure specific integrations
Exclude unnecessary logs to optimize performance and reduce noise
Stage 3: Execute the Deployment Script
Run the provided script to perform the following actions:
export DD_API_KEY=xxxx
export DD_APP_KEY=xxxx
echo "Cloning datadog"
helm repo add datadog https://helm.datadoghq.com
echo "installing datadog"
helm upgrade --install datadog-operator datadog/datadog-operator --namespace datadog --create-namespace
echo "creating datadog secret"
kubectl create secret generic datadog-secret --from-literal api-key=\(DD_API_KEY --from-literal app-key=\)DD_APP_KEY --namespace datadog
echo "creating datadog deployment"
kubectl apply -f datadog-agent.yaml --namespace datadog
Clone the DataDog repository
Install the DataDog agent
Create the required Kubernetes secret
Deploy the DataDog components to the AKS cluster
Optional โ Stage 4: Automate with Azure DevOps Pipelines
To streamline and standardize the deployment process, you can automate the entire setup using Azure DevOps (ADO) Pipelines. This ensures consistency across environments and supports repeatable deployments.
ADO Pipeline Task
Variables
$(subscription_id)
$(aks_rg_name)
$(kubernetes_name)
- task: AzureCLI@2
displayName: AKS CLI login
inputs:
azureSubscription: 'Hanger-AKS-DEV'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
echo "login succesful"
echo "setting subscription"
az account set --subscription $(subscription_id)
echo "Getting AKS Credentials"
az aks get-credentials --resource-group \((aks_rg_name) --name \)(kubernetes_name) --overwrite-existing
echo "Installing kubelogin"
curl -LO https://github.com/Azure/kubelogin/releases/latest/download/kubelogin-linux-amd64.zip
unzip kubelogin-linux-amd64.zip
sudo mv bin/linux_amd64/kubelogin /usr/local/bin/
echo "Converting kubeconfig to use non-interactive login"
kubelogin convert-kubeconfig -l azurecli
cd into your folder
cat DataDog-deployment-script.sh
./DataDog-deployment-script.sh
+----------------------+
| DataDog |
| (us3.datadoghq.com)|
+----------+-----------+
^
| HTTPS (443)
|
+---------------------------------------------------------------+
| Azure Subscription |
| |
| +------------------+ |
| | AKS Cluster | |
| |------------------| |
| | | |
| | +------------+ | |
| | | Node 1 | | |
| | |------------| | |
| | | App Pods | | |
| | | Datadog |--+-----> Sends Logs & Metrics |
| | | Agent | | |
| | +------------+ | |
| | | |
| | +------------+ | |
| | | Node 2 | | |
| | |------------| | |
| | | App Pods | | |
| | | Datadog |--+-----> Sends Logs & Metrics |
| | | Agent | | |
| | +------------+ | |
| | | |
| +------------------+ |
| |
+---------------------------------------------------------------+
Flow Explanation
Application pods generate logs and metrics.
The Datadog Agent (DaemonSet) runs on every AKS node.
The agent collects:
Container logs
Kubernetes metrics
Node metrics
4. Data is securely transmitted via HTTPS (port 443) to DataDog SaaS.
๐ Troubleshooting Commands โ DataDog (AKS)
The following commands can be added as a Confluence footnote for quick troubleshooting reference when validating a DataDog deployment in AKS.
๐ Validate DataDog Resources
kubectl get all -n datadog
kubectl get pods -n datadog -l agent.datadoghq.com/component=cluster-agent
kubectl get ds -A | grep datadog
kubectl get deployment -n datadog
โ Required Components Check
Ensure the following components are running:
Datadog Agent (DaemonSet)
Datadog Cluster Agent (Deployment)
Datadog Operator
๐ฆ Helm Verification
helm list -A | grep datadog
Uninstall Operator (if required):
helm uninstall datadog-operator -n datadog
๐ Reapply Configuration
kubectl apply -f datadog-agent-full.yaml -n datadog
๐ Cluster Agent Logs (Webhook Troubleshooting)
kubectl logs -n datadog deploy/datadog-cluster-agent --since=10m | grep -i webhook
๐ก Tip:
If agents are not sending metrics/logs, verify:
API & APP keys are correctly configured in the Kubernetes Secret
Pods are in
RunningstateNo outbound firewall restrictions blocking HTTPS (443) traffic to DataDog
