From fc4c8f72bdf1b85e07404fafc2bbb6d56d6c5b92 Mon Sep 17 00:00:00 2001 From: natemollica-dev Date: Mon, 19 Feb 2024 17:32:18 -0800 Subject: [PATCH] Updated OpenMetrics and Datadog Checks with example annotations being set and Note on assumption for Consul RPC TLS certificate mounts --- .../k8s/deployment-configurations/datadog.mdx | 62 ++++++++++++++++--- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/website/content/docs/k8s/deployment-configurations/datadog.mdx b/website/content/docs/k8s/deployment-configurations/datadog.mdx index 2436cfcdce36..cc627cb59b61 100644 --- a/website/content/docs/k8s/deployment-configurations/datadog.mdx +++ b/website/content/docs/k8s/deployment-configurations/datadog.mdx @@ -292,20 +292,62 @@ during normal operation beyond that of Consul's available metrics. See the below [table](#additional-integration-checks-performed) for an outline of the features added by the official integration. + + Currently, the annotations configured by the Helm overrides with Consul RPC TLS enabled + assume server and ca certificate secrets are shared with the Datadog agent release namespace and mount the valid tls.crt, tls.key, + and ca.crt secret volumes at the /etc/datadog-agent/conf.d/consul.d/certs path on the Datadog Agent, agent container. + + ### Helm Chart Configuration - + + + + Consul Helm Chart Overrides ```yaml - metrics: - enabled: true - enableAgentMetrics: true - datadog: + global: + tls: enabled: true - namespace: "datadog" + enableAutoEncrypt: true + acls: + manageSystemACLs: true + metrics: + enabled: true + enableAgentMetrics: true + datadog: + enabled: true + namespace: "datadog" ``` - + + Consul `server-statefulset.yaml` annotations + + ```yaml + "ad.datadoghq.com/consul.checks": | + { + "consul": { + "init_config": {}, + "instances": [ + { + "url": "https://consul-server.consul.svc:8501", + "tls_cert": "/etc/datadog-agent/conf.d/consul.d/certs/tls.crt", + "tls_private_key": "/etc/datadog-agent/conf.d/consul.d/certs/tls.key", + "tls_ca_cert": "/etc/datadog-agent/conf.d/consul.d/ca/tls.crt", + "use_prometheus_endpoint": true, + "acl_token": "ENC[k8s_secret@consul/consul-datadog-agent-metrics-acl-token/token]", + "new_leader_checks": true, + "network_latency_checks": true, + "catalog_checks": true, + "auth_type": "basic" + } + ] + } + } + ``` + + + ### Additional Integration Checks Performed @@ -342,6 +384,12 @@ This method implements the collection via Openmetrics as that is fully supported to scrape the agent's metrics API endpoint using either RPC TLS and Consul ACLs as necessary. + + Currently, the annotations configured by the Helm overrides with Consul RPC TLS enabled + assume server and ca certificate secrets are shared with the Datadog agent release namespace and mount the valid tls.crt, tls.key, + and ca.crt secret volumes at the /etc/datadog-agent/conf.d/consul.d/certs path on the Datadog Agent, agent container. + + ### Helm Chart Configuration