Describe what happened:
I tried to run the datadog-agent on GKE using cos_containerd but got the following error.
$ kubectl logs datadog-agent-l2ds5
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-check-apikey.sh: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/01-check-apikey.sh: Permission denied
foreground: fatal: unable to wait for /var/run/s6/etc/cont-init.d/01-check-apikey.sh: No child process
s6-svscan: warning: unable to exec finish script .s6-svscan/finish: Permission denied
s6-svscan: warning: executing into .s6-svscan/crash
s6-svscan: fatal: unable to exec .s6-svscan/crash: Permission denied
I believe this is because the yaml file I applied is from the document and it has
volumeMounts:
- name: dockersocket
mountPath: /var/run/docker.sock
Of course there's no docker.sock on the containerd node so here's my question.
Is there any way to run the agent on containerd?
Describe what you expected:
The agent works on Kubernetes w/ containerd
Steps to reproduce the issue:
Make a kubernetes node with containerd and run an agent pod on it
Additional environment details (Operating System, Cloud provider, etc):
The Helm chart supports it, so I'd say yes: https://github.com/helm/charts/tree/master/stable/datadog#cri-integration
You can found more information about how to deploy the datadog-agent using helm here: https://docs.datadoghq.com/agent/kubernetes/helm
Based on what the helm chart and datadog-agent source code are doing, it seems that adding the following params should work for it. Thank you so much @nickdgriffin !! I will try it out :)
containers:
env:
- name: DD_CRI_SOCKET_PATH
value: "/run/containerd/containerd.sock"
volumeMounts:
- name: runtimesocket
mountPath: /run/containerd/containerd.sock
volumes:
- hostPath:
path: /run/containerd/containerd.sock
name: runtimesocket
@clamoriniere I am not using Helm for my environment nor planning to do so either. But thanks!
@inductor not problem :)
What you proposed: DD_CRI_SOCKET_PATH + volumePath should be enough to activate the containerd support.
This is my yaml but still gets the same issue D:
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: datadog-agent
spec:
template:
metadata:
labels:
app: datadog-agent
name: datadog-agent
spec:
containers:
- image: datadog/agent:latest
imagePullPolicy: Always
name: datadog-agent
ports:
- containerPort: 8125
name: dogstatsdport
protocol: UDP
- containerPort: 8126
hostPort: 8126
name: traceport
protocol: TCP
env:
- name: DD_API_KEY
value: xxxxxxxxxxxxxxxxxxxxxxxxxxx
- name: KUBERNETES
value: "true"
- name: DD_KUBERNETES_KUBELET_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: DD_LOGS_ENABLED
value: "true"
- name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
value: "true"
- name: DD_APM_ENABLED
value: "true"
- name: DD_APM_ANALYZED_SPANS
value: "flask|flask.request=1"
- name: DD_TAGS
value: "<YOUR_DD_TAGS>"
# Disable sending to datadog Infrastructure
- name: DD_ENABLE_PAYLOADS_EVENTS
value: "false"
- name: DD_ENABLE_PAYLOADS_SERIES
value: "false"
- name: DD_ENABLE_PAYLOADS_SERVICE_CHECKS
value: "false"
- name: DD_ENABLE_PAYLOADS_SKETCHES
value: "false"
- name: DD_CRI_SOCKET_PATH
value: "/run/containerd/containerd.sock"
- name: DD_EXTRA_CONFIG_PROVIDERS
value: "clusterchecks"
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "256Mi"
cpu: "200m"
volumeMounts:
- name: runtimesocket
mountPath: /run/containerd/containerd.sock
readOnly: true
- name: procdir
mountPath: /host/proc
readOnly: true
- name: cgroups
mountPath: /host/sys/fs/cgroup
readOnly: true
livenessProbe:
exec:
command:
- ./probe.sh
initialDelaySeconds: 15
periodSeconds: 10
volumes:
- hostPath:
path: /run/containerd/containerd.sock
name: runtimesocket
- hostPath:
path: /proc
name: procdir
- hostPath:
path: /sys/fs/cgroup
name: cgroups
Hi @inductor
I had the same issue as you and I resolved it by mounting these to have the right permissions:
volumeMounts:
- mountPath: /var/run/s6
name: s6-run
- mountPath: /host/var/run
name: var-run
readOnly: true
volumes:
- hostPath:
path: /var/run
type: DirectoryOrCreate
name: var-run
- hostPath:
path: /var/run/s6
name: s6-run
Let me know if this works for you!
Simon
Thanks @Simwar , I'll try it out!
@inductor how did it go? All set?
@irabinovitch hi, everything works fine thanks l! I鈥檓 closing this issue
Most helpful comment
Hi @inductor
I had the same issue as you and I resolved it by mounting these to have the right permissions:
Let me know if this works for you!
Simon