From b341f0fdcc518211543915ca654887e33f0dca0c Mon Sep 17 00:00:00 2001 From: Jon Rosario Date: Thu, 4 Dec 2025 16:24:17 +0100 Subject: [PATCH 1/2] Easier control plane monitoring with Helm on EKS/OpenShift --- .../en/containers/kubernetes/control_plane.md | 82 +++++++++++++++++-- 1 file changed, 73 insertions(+), 9 deletions(-) diff --git a/content/en/containers/kubernetes/control_plane.md b/content/en/containers/kubernetes/control_plane.md index b9f267201c3..67a1e641947 100644 --- a/content/en/containers/kubernetes/control_plane.md +++ b/content/en/containers/kubernetes/control_plane.md @@ -319,15 +319,19 @@ scheduler: ## Kubernetes on Amazon EKS {#EKS} -### Using the Operator (v1.18.0+) +### Recommended Method +
This feature is in Preview.
-The Datadog Operator can automatically configure monitoring for Kubernetes control plane components including the API Server, etcd, Controller Manager, and Scheduler. +Datadog supports monitoring Kubernetes Control Plane components, including the API Server, Controller Manager, and Scheduler. + +{{< tabs >}} +{{% tab "Datadog Operator" %}} #### Prerequisites -1. Datadog Operator v1.18.0+ -1. Datadog Agent v7.69+ +1. Datadog Operator >= `v1.18.0` +1. Datadog Agent >= `v7.69` #### General setup @@ -347,6 +351,32 @@ helm install datadog-operator datadog/datadog-operator --set introspection.enabl Since this feature is enabled by default, you can deploy a minimal DatadogAgent spec. +{{% /tab %}} + +{{% tab "Helm" %}} + +#### Prerequisites + +1. Helm chart version >= `3.150.0` +1. Datadog Agent >= `v7.69` + +#### General setup + +Enable control plane monitoring using the `providers.eks.controlPlaneMonitoring` option: + +{{< code-block lang="yaml" filename="datadog-values.yaml" >}} +datadog: + apiKey: + appKey: + clusterName: +providers: + eks: + controlPlaneMonitoring: true +{{< /code-block >}} + +{{% /tab %}} +{{< /tabs >}} + #### Validation Verify that checks are running: ```shell @@ -423,16 +453,17 @@ annotations: ## Kubernetes on OpenShift 4 {#OpenShift4} -### Using the Operator (v1.18.0+)
This feature is in Preview.
-The Datadog Operator can automatically configure monitoring for Kubernetes control plane components including the API Server, etcd, Controller Manager, and Scheduler. +Datadog supports monitoring Kubernetes Control Plane components, including the API Server, etcd, Controller Manager, and Scheduler. -#### Prerequisites +{{< tabs >}} +{{% tab "Datadog Operator" %}} -1. Datadog Operator v1.18.0+ -1. Datadog Agent v7.69+ +#### Prerequisites +1. Datadog Operator >= `v1.18.0` +1. Datadog Agent >= `v7.69` **Note**: `etcd` is not supported on versions 4.0-4.13. @@ -472,6 +503,39 @@ oc get secret etcd-metric-client -n openshift-etcd-operator -o yaml | \ oc apply -f - ``` +{{% /tab %}} +{{% tab "Helm" %}} + +#### Prerequisites + +1. Helm chart version >= `3.150.0` +1. Datadog Agent >= `v7.69` + +**Note**: `etcd` is not supported on versions 4.0-4.13. + +#### General setup + +Enable control plane monitoring using the `providers.openshift.controlPlaneMonitoring` option: + +{{< code-block lang="yaml" filename="datadog-values.yaml" >}} +datadog: + apiKey: + appKey: + clusterName: +providers: + openshift: + controlPlaneMonitoring: true +{{< /code-block >}} + +For OpenShift 4.14 and higher, etcd monitoring requires copying certificates. To copy them into the same namespace the Datadog Agent is running in: + +```shell +oc get secret etcd-metric-client -n openshift-etcd-operator -o yaml | sed 's/namespace: openshift-etcd-operator/namespace: /' | oc create -f - +``` + +{{% /tab %}} +{{< /tabs >}} + #### Validation Verify that checks are running: ```shell From deb9ddafd547d8bea0db14a7a5a7fffd1dc02f08 Mon Sep 17 00:00:00 2001 From: Jon Rosario Date: Mon, 8 Dec 2025 11:12:03 -0500 Subject: [PATCH 2/2] Address PR feedback --- content/en/containers/kubernetes/control_plane.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/content/en/containers/kubernetes/control_plane.md b/content/en/containers/kubernetes/control_plane.md index 67a1e641947..5a01f9d0f29 100644 --- a/content/en/containers/kubernetes/control_plane.md +++ b/content/en/containers/kubernetes/control_plane.md @@ -319,7 +319,7 @@ scheduler: ## Kubernetes on Amazon EKS {#EKS} -### Recommended Method +### Recommended method
This feature is in Preview.
@@ -495,7 +495,7 @@ Since this feature is enabled by default, you can deploy a minimal DatadogAgent Enable `features.clusterChecks.useClusterChecksRunners` to schedule checks there; otherwise, control plane checks run on the Node Agent. -For OpenShift 4.14 and higher, etcd monitoring requires copying certificates. Check the operator logs for the exact command. See the following example (adjust namespace as needed): +For OpenShift 4.14 and later, etcd monitoring requires you to copy the etcd certificates. Check the operator logs for the exact command. See the following example (adjust namespace as needed): ```shell oc get secret etcd-metric-client -n openshift-etcd-operator -o yaml | \ @@ -503,6 +503,8 @@ oc get secret etcd-metric-client -n openshift-etcd-operator -o yaml | \ oc apply -f - ``` +[12]: https://github.com/DataDog/helm-charts/tree/main/charts/datadog-operator + {{% /tab %}} {{% tab "Helm" %}} @@ -527,7 +529,7 @@ providers: controlPlaneMonitoring: true {{< /code-block >}} -For OpenShift 4.14 and higher, etcd monitoring requires copying certificates. To copy them into the same namespace the Datadog Agent is running in: +For OpenShift 4.14 and later, etcd monitoring requires you to copy the etcd certificates. To copy them into the same namespace as the Datadog Agent: ```shell oc get secret etcd-metric-client -n openshift-etcd-operator -o yaml | sed 's/namespace: openshift-etcd-operator/namespace: /' | oc create -f - @@ -665,9 +667,9 @@ The Datadog Cluster Agent schedules the checks as endpoint checks and dispatches {{% /collapse-content %}} -{{% collapse-content title="Etcd OpenShift 4.14 and higher" level="h4" %}} +{{% collapse-content title="Etcd OpenShift 4.14 and later" level="h4" %}} -Certificates are needed to communicate with the Etcd service, which can be found in the secret `etcd-metric-client` in the `openshift-etcd-operator` namespace. To give the Datadog Agent access to these certificates, first copy them into the same namespace the Datadog Agent is running in: +Certificates are needed to communicate with the Etcd service, which can be found in the secret `etcd-metric-client` in the `openshift-etcd-operator` namespace. To give the Datadog Agent access to these certificates, copy them into the same namespace as the Datadog Agent: ```shell oc get secret etcd-metric-client -n openshift-etcd-operator -o yaml | sed 's/namespace: openshift-etcd-operator/namespace: /' | oc create -f - @@ -1389,4 +1391,3 @@ On other managed services, such as Azure Kubernetes Service (AKS) and Google Kub [9]: https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools [10]: https://github.com/DataDog/helm-charts/blob/main/examples/datadog/agent_on_rancher_values.yaml [11]: https://docs.aws.amazon.com/eks/latest/userguide/view-raw-metrics.html -[12]: https://github.com/DataDog/helm-charts/tree/main/charts/datadog-operator