Datadog-agent: Does datadog-agent support Kubernetes on containerd?

Created on 14 Jun 2019  路  10Comments  路  Source: DataDog/datadog-agent

Describe what happened:

I tried to run the datadog-agent on GKE using cos_containerd but got the following error.

$ kubectl logs datadog-agent-l2ds5
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-check-apikey.sh: executing...
foreground: warning: unable to spawn /var/run/s6/etc/cont-init.d/01-check-apikey.sh: Permission denied
foreground: fatal: unable to wait for /var/run/s6/etc/cont-init.d/01-check-apikey.sh: No child process
s6-svscan: warning: unable to exec finish script .s6-svscan/finish: Permission denied
s6-svscan: warning: executing into .s6-svscan/crash
s6-svscan: fatal: unable to exec .s6-svscan/crash: Permission denied

I believe this is because the yaml file I applied is from the document and it has

        volumeMounts:
          - name: dockersocket
            mountPath: /var/run/docker.sock

Of course there's no docker.sock on the containerd node so here's my question.

Is there any way to run the agent on containerd?

Describe what you expected:
The agent works on Kubernetes w/ containerd

Steps to reproduce the issue:

Make a kubernetes node with containerd and run an agent pod on it

Additional environment details (Operating System, Cloud provider, etc):

  • GKE

    • v1.13.5

    • COS with containerd

teacontainers

Most helpful comment

Hi @inductor

I had the same issue as you and I resolved it by mounting these to have the right permissions:

volumeMounts:
          - mountPath: /var/run/s6
            name: s6-run
          - mountPath: /host/var/run
            name: var-run
            readOnly: true
volumes:
        - hostPath:
            path: /var/run
            type: DirectoryOrCreate
          name: var-run
        - hostPath:
            path: /var/run/s6
          name: s6-run

Let me know if this works for you!

Simon

All 10 comments

The Helm chart supports it, so I'd say yes: https://github.com/helm/charts/tree/master/stable/datadog#cri-integration

You can found more information about how to deploy the datadog-agent using helm here: https://docs.datadoghq.com/agent/kubernetes/helm

Based on what the helm chart and datadog-agent source code are doing, it seems that adding the following params should work for it. Thank you so much @nickdgriffin !! I will try it out :)

      containers:
        env:
        - name: DD_CRI_SOCKET_PATH
          value: "/run/containerd/containerd.sock"
        volumeMounts:
        - name: runtimesocket
          mountPath: /run/containerd/containerd.sock
      volumes:
      - hostPath:
          path: /run/containerd/containerd.sock
        name: runtimesocket

@clamoriniere I am not using Helm for my environment nor planning to do so either. But thanks!

@inductor not problem :)
What you proposed: DD_CRI_SOCKET_PATH + volumePath should be enough to activate the containerd support.

This is my yaml but still gets the same issue D:

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: datadog-agent
spec:
  template:
    metadata:
      labels:
        app: datadog-agent
      name: datadog-agent
    spec:
      containers:
      - image: datadog/agent:latest
        imagePullPolicy: Always
        name: datadog-agent
        ports:
        - containerPort: 8125
          name: dogstatsdport
          protocol: UDP
        - containerPort: 8126
          hostPort: 8126
          name: traceport
          protocol: TCP
        env:
        - name: DD_API_KEY
          value: xxxxxxxxxxxxxxxxxxxxxxxxxxx
        - name: KUBERNETES
          value: "true"
        - name: DD_KUBERNETES_KUBELET_HOST
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
        - name: DD_LOGS_ENABLED
          value: "true"
        - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
          value: "true"
        - name: DD_APM_ENABLED
          value: "true"
        - name: DD_APM_ANALYZED_SPANS
          value: "flask|flask.request=1"
        - name: DD_TAGS
          value: "<YOUR_DD_TAGS>"
        # Disable sending to datadog Infrastructure
        - name: DD_ENABLE_PAYLOADS_EVENTS
          value: "false"
        - name: DD_ENABLE_PAYLOADS_SERIES
          value: "false"
        - name: DD_ENABLE_PAYLOADS_SERVICE_CHECKS
          value: "false"
        - name: DD_ENABLE_PAYLOADS_SKETCHES
          value: "false"
        - name: DD_CRI_SOCKET_PATH
          value: "/run/containerd/containerd.sock"
        - name: DD_EXTRA_CONFIG_PROVIDERS
          value: "clusterchecks"
        resources:
          requests:
            memory: "256Mi"
            cpu: "200m"
          limits:
            memory: "256Mi"
            cpu: "200m"
        volumeMounts:
        - name: runtimesocket
          mountPath: /run/containerd/containerd.sock
          readOnly: true
        - name: procdir
          mountPath: /host/proc
          readOnly: true
        - name: cgroups
          mountPath: /host/sys/fs/cgroup
          readOnly: true
        livenessProbe:
          exec:
            command:
            - ./probe.sh
          initialDelaySeconds: 15
          periodSeconds: 10
      volumes:
      - hostPath:
          path: /run/containerd/containerd.sock
        name: runtimesocket
      - hostPath:
          path: /proc
        name: procdir
      - hostPath:
          path: /sys/fs/cgroup
        name: cgroups

Hi @inductor

I had the same issue as you and I resolved it by mounting these to have the right permissions:

volumeMounts:
          - mountPath: /var/run/s6
            name: s6-run
          - mountPath: /host/var/run
            name: var-run
            readOnly: true
volumes:
        - hostPath:
            path: /var/run
            type: DirectoryOrCreate
          name: var-run
        - hostPath:
            path: /var/run/s6
          name: s6-run

Let me know if this works for you!

Simon

Thanks @Simwar , I'll try it out!

@inductor how did it go? All set?

@irabinovitch hi, everything works fine thanks l! I鈥檓 closing this issue

Was this page helpful?
0 / 5 - 0 ratings