All the yaml snippets below are expected to be propertly merged into the main values.yaml.
etcd - etcd.d/conf.yaml
Kubernetes etcd requires PKI certificates for authetication over TLS. The snippet below mounts the necessary certificate location and override the default config. It also assumes that the agent is being scheduled onto etcd nodes.
datadog:
ignoreAutoConfig:
- etcd
confd:
etcd.yaml: |-
ad_identifiers:
- etcd
init_config:
instances:
- prometheus_url: https://%%host%%:2379/metrics
ssl_ca_cert: /host/etc/kubernetes/pki/etcd/ca.crt
ssl_cert: /host/etc/kubernetes/pki/etcd/peer.crt
ssl_private_key: /host/etc/kubernetes/pki/etcd/peer.key
agents:
volumeMounts:
- mountPath: /host/etc/kubernetes/pki/etcd
name: etcd-certs
volumes:
- name: etcd-certs
hostPath:
path: /etc/kubernetes/pki/etcd
type: DirectoryOrCreatekubelet - kubelet.d/conf.yaml
If tlsVerify: false is not acceptable, you can specify the host and CA for the kubelet.
datadog:
kubelet:
host:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
hostCAPath: /var/lib/kubelet/pki/kubelet.crtKubeadm 1.22 deployment has kube-controller-manager and kube-scheduler listening only on 127.0.0.1. Although the agent can listen on the host network space, I would suggest updating the control plane to listen on 0.0.0.0.
sudo sed -i '/--bind-address=127.0.0.1/d' /etc/kubernetes/manifests/kube-scheduler.yaml
sudo sed -i '/--bind-address=127.0.0.1/d' /etc/kubernetes/manifests/kube-controller-manager.yaml