templates/agent-conf.d/kubernetes.yaml.erb - puppet-datadog-agent - Git at Google

 init_config:
   # Initialization retries
   #
   # if the agent is expected to start before Kubelet,
   # use these settings to configure the retry policy.
   #
   # init_retry_interval defines how long (in seconds) the kubelet client
   # will wait before retrying initialization.
   # Defaults to 0.
   #
   # init_retry_interval: 20
   #
   # init_retries configures how many retries are made before failing permanently.
   # Defaults to 0.
   #
   # init_retries: 5

 # instances:
   # The kubernetes check retrieves metrics from cadvisor running under kubelet on each node.
   # It also queries kubelet for its health and the list of local-running pods, and (optionally)
   # the apiserver for services and events
   #
   # By default we assume we're running under docker and
   # that the kubelet read-only port with no auth is enabled.
   #
   # In this case we will use the address of the default router to reach the kubelet and cadvisor APIs
   # unless the environment variable KUBERNETES_KUBELET_HOST is found. You can set this variable to
   # spec.nodeName (If your node name can be resolved by pods) or status.hostIP (for Kubernetes 1.7+)
   # through the downward API. See
   # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
   #
   # To enable Kubernetes State Metrics, please refer to kubernetes_states integration.
   # For more information,
   # please consult http://docs.datadoghq.com/integrations/kubernetes/#kubernetes-state-metrics
   # and https://github.com/DataDog/integrations-core/ on the kubernetes_state directory.
   #
   # If the read-only endpoint is disabled, the check will query kubelet over HTTPS
   #
   # To override this behavior, e.g. in the case of a standalone cadvisor instance, use the following:
   #
   # host: localhost
   # port: 4194
   # method: http

   # cAdvisor port, set it to 0 if cAdvisor is unavailable
   # - port: 4194
   #
   # cAdvisor host
   # host: localhost
   #
   # kubelet port. It needs to be set if you are not using a default one (10250 or 10255)
   # kubelet_port: 10255
   #
   # apiserver url for cluster-level queries. If not configured here, the KUBERNETES_SERVICE_HOST
   # and KUBERNETES_SERVICE_PORT environment variables will be used
   #
   # example = "api_server_url: https://kubernetes:443"
   api_server_url: <%= @api_server_url %>

   # Client Authentication against the apiserver and kubelet
   #
   # By default the agent authenticates against the apiserver and kubelet with its service account
   # bearer token. If you want to specify its path, set the following option. If X509 client certificates
   # are set, either for the kubelet or apiserver, they will be used instead. The recommended way to expose
   # these files to the agent is by using Kubernetes Secrets.
   #
   # bearer_token_path: /var/run/secrets/kubernetes.io/serviceaccount/token
   apiserver_client_crt: <%= @apiserver_client_crt %>
   apiserver_client_key: <%= @apiserver_client_key %>
   #
   kubelet_client_crt: <%= @kubelet_client_crt %>
   kubelet_client_key: <%= @kubelet_client_key %>

   # Server Authentication for apiserver and kubelet
   #
   # Similarly we use the default CA cert of the agent's service account to verify the
   # apiserver's identity, but custom ones can be specified here.
   #
   # apiserver_ca_cert: /path/to/cacert.crt
   # kubelet_cert: /path/to/ca.pem
   #
   # The default for kubelet traffic is to try and use the read-only port that doesn't require TLS
   # and to fall back to the HTTPS API with simple TLS validation. Providing a cert forces TLS validation on.
   # Explicitly disabling tls_verify should be used with caution:
   # if an attacker sniffs the agent requests they will see the agent's service account bearer token.
   #
   # kubelet_tls_verify: True

   # collect_events controls whether the agent should fetch events from
   # the kubernetes API and ingest them in Datadog.
   # To avoid duplicates, only one agent at a time across the entire
   # cluster should have this feature enabled.
   # If this is difficult to achieve in your deployment, see the following
   # Leader election section.
   # To enable the feature, set the parameter to `true`.
   #
   # collect_events: false

   # Leader election
   #
   # Agents can perform leader election among themselves.
   # The leader agent will collect events from the apiserver
   # even if collect_events is false.
   # To perform the election it needs get, list, delete, create, and update
   # rights on ConfigMaps (this can be configured with a Cluster Role).
   # This makes sure we don't overload the apiserver with redundant
   # queries coming from every agent.
   # Default is false.
   #
   # leader_candidate: true
   #
   # lease duration is the duration for which a leader is elected.
   # It should be at least twice the check run period (15s by default)
   # When modifying this setting, keep in mind that the shorter
   # the lease duration, the more often agents will query the apiserver
   # Default is 5 minutes.
   #
   # leader_lease_duration: 600

   # Matching the pods to Kubernetes services requires to retrieve events regularly.
   # To reduce the traffic to the apiserver, we only query them every 5 minutes, adding a delay
   # in pod -> service matching. You can configure it below (in seconds) or disable kube_service
   # tagging completely
   #
   # collect_service_tags: true
   # service_tag_update_freq: 300
   #
   # The namespaces for which events should be collected.
   # If not modified, the 'default' namespace will be used.
   #
   # namespaces:
   #  - default

   # The regexp used to select namespaces for which events should be collected.
   # The matched namespaces will be added to the "namespaces" list.
   # If empty, regexp selection will be ignored.
   #
   # namespace_name_regexp:

   # Node labels that should be collected and their name in host tags. Off by default.
   # Some of these labels are redundant with metadata collected by
   # cloud provider crawlers (AWS, GCE, Azure)
   #
   # node_labels_to_host_tags:
   #   kubernetes.io/hostname: nodename
   #   beta.kubernetes.io/os: os

   # use_histogram controls whether we send detailed metrics, i.e. one per container.
   # When false, we send detailed metrics corresponding to individual containers, tagging by container id
   # to keep them unique.
   # When true, we aggregate data based on container image.
   #
   # use_histogram: false
   #
   # We can define a whitelist of patterns that permit publishing raw metrics.
   # enabled_rates:
   #   - cpu.*
   #   - network.*
   #
   # enabled_gauges:
   #   - filesystem.*
   #
   # Prefix to use when converting pod labels to metric tags, can be made empty with ""
   # label_to_tag_prefix: "kube_"
   #
   # Custom tags that should be applied to kubernetes metrics
 <% if @tags and ! @tags.empty? -%>
     tags:
   <%- Array(@tags).each do |tag| -%>
     <%- if tag != '' -%>
        - <%= tag %>
     <%- end -%>
   <%- end -%>
 <% end -%>
	init_config:
	# Initialization retries
	#
	# if the agent is expected to start before Kubelet,
	# use these settings to configure the retry policy.
	#
	# init_retry_interval defines how long (in seconds) the kubelet client
	# will wait before retrying initialization.
	# Defaults to 0.
	#
	# init_retry_interval: 20
	#
	# init_retries configures how many retries are made before failing permanently.
	# Defaults to 0.
	#
	# init_retries: 5

	# instances:
	# The kubernetes check retrieves metrics from cadvisor running under kubelet on each node.
	# It also queries kubelet for its health and the list of local-running pods, and (optionally)
	# the apiserver for services and events
	#
	# By default we assume we're running under docker and
	# that the kubelet read-only port with no auth is enabled.
	#
	# In this case we will use the address of the default router to reach the kubelet and cadvisor APIs
	# unless the environment variable KUBERNETES_KUBELET_HOST is found. You can set this variable to
	# spec.nodeName (If your node name can be resolved by pods) or status.hostIP (for Kubernetes 1.7+)
	# through the downward API. See
	# https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
	#
	# To enable Kubernetes State Metrics, please refer to kubernetes_states integration.
	# For more information,
	# please consult http://docs.datadoghq.com/integrations/kubernetes/#kubernetes-state-metrics
	# and https://github.com/DataDog/integrations-core/ on the kubernetes_state directory.
	#
	# If the read-only endpoint is disabled, the check will query kubelet over HTTPS
	#
	# To override this behavior, e.g. in the case of a standalone cadvisor instance, use the following:
	#
	# host: localhost
	# port: 4194
	# method: http

	# cAdvisor port, set it to 0 if cAdvisor is unavailable
	# - port: 4194
	#
	# cAdvisor host
	# host: localhost
	#
	# kubelet port. It needs to be set if you are not using a default one (10250 or 10255)
	# kubelet_port: 10255
	#
	# apiserver url for cluster-level queries. If not configured here, the KUBERNETES_SERVICE_HOST
	# and KUBERNETES_SERVICE_PORT environment variables will be used
	#
	# example = "api_server_url: https://kubernetes:443"
	api_server_url: <%= @api_server_url %>

	# Client Authentication against the apiserver and kubelet
	#
	# By default the agent authenticates against the apiserver and kubelet with its service account
	# bearer token. If you want to specify its path, set the following option. If X509 client certificates
	# are set, either for the kubelet or apiserver, they will be used instead. The recommended way to expose
	# these files to the agent is by using Kubernetes Secrets.
	#
	# bearer_token_path: /var/run/secrets/kubernetes.io/serviceaccount/token
	apiserver_client_crt: <%= @apiserver_client_crt %>
	apiserver_client_key: <%= @apiserver_client_key %>
	#
	kubelet_client_crt: <%= @kubelet_client_crt %>
	kubelet_client_key: <%= @kubelet_client_key %>

	# Server Authentication for apiserver and kubelet
	#
	# Similarly we use the default CA cert of the agent's service account to verify the
	# apiserver's identity, but custom ones can be specified here.
	#
	# apiserver_ca_cert: /path/to/cacert.crt
	# kubelet_cert: /path/to/ca.pem
	#
	# The default for kubelet traffic is to try and use the read-only port that doesn't require TLS
	# and to fall back to the HTTPS API with simple TLS validation. Providing a cert forces TLS validation on.
	# Explicitly disabling tls_verify should be used with caution:
	# if an attacker sniffs the agent requests they will see the agent's service account bearer token.
	#
	# kubelet_tls_verify: True

	# collect_events controls whether the agent should fetch events from
	# the kubernetes API and ingest them in Datadog.
	# To avoid duplicates, only one agent at a time across the entire
	# cluster should have this feature enabled.
	# If this is difficult to achieve in your deployment, see the following
	# Leader election section.
	# To enable the feature, set the parameter to `true`.
	#
	# collect_events: false

	# Leader election
	#
	# Agents can perform leader election among themselves.
	# The leader agent will collect events from the apiserver
	# even if collect_events is false.
	# To perform the election it needs get, list, delete, create, and update
	# rights on ConfigMaps (this can be configured with a Cluster Role).
	# This makes sure we don't overload the apiserver with redundant
	# queries coming from every agent.
	# Default is false.
	#
	# leader_candidate: true
	#
	# lease duration is the duration for which a leader is elected.
	# It should be at least twice the check run period (15s by default)
	# When modifying this setting, keep in mind that the shorter
	# the lease duration, the more often agents will query the apiserver
	# Default is 5 minutes.
	#
	# leader_lease_duration: 600

	# Matching the pods to Kubernetes services requires to retrieve events regularly.
	# To reduce the traffic to the apiserver, we only query them every 5 minutes, adding a delay
	# in pod -> service matching. You can configure it below (in seconds) or disable kube_service
	# tagging completely
	#
	# collect_service_tags: true
	# service_tag_update_freq: 300
	#
	# The namespaces for which events should be collected.
	# If not modified, the 'default' namespace will be used.
	#
	# namespaces:
	# - default

	# The regexp used to select namespaces for which events should be collected.
	# The matched namespaces will be added to the "namespaces" list.
	# If empty, regexp selection will be ignored.
	#
	# namespace_name_regexp:

	# Node labels that should be collected and their name in host tags. Off by default.
	# Some of these labels are redundant with metadata collected by
	# cloud provider crawlers (AWS, GCE, Azure)
	#
	# node_labels_to_host_tags:
	# kubernetes.io/hostname: nodename
	# beta.kubernetes.io/os: os

	# use_histogram controls whether we send detailed metrics, i.e. one per container.
	# When false, we send detailed metrics corresponding to individual containers, tagging by container id
	# to keep them unique.
	# When true, we aggregate data based on container image.
	#
	# use_histogram: false
	#
	# We can define a whitelist of patterns that permit publishing raw metrics.
	# enabled_rates:
	# - cpu.*
	# - network.*
	#
	# enabled_gauges:
	# - filesystem.*
	#
	# Prefix to use when converting pod labels to metric tags, can be made empty with ""
	# label_to_tag_prefix: "kube_"
	#
	# Custom tags that should be applied to kubernetes metrics
	<% if @tags and ! @tags.empty? -%>
	tags:
	<%- Array(@tags).each do \|tag\| -%>
	<%- if tag != '' -%>
	- <%= tag %>
	<%- end -%>
	<%- end -%>
	<% end -%>