Fix AD KSM port choice #1308
Fix AD KSM port choice #1308
Conversation
b273067 to
132f3a3
Compare
| @@ -5,7 +5,7 @@ init_config: | |||
|
|
|||
| instances: | |||
| # To enable Kube State metrics you must specify the url exposing the API | |||
| - kube_state_url: http://%%host%%:%%port%%/metrics | |||
| - kube_state_url: http://%%host%%:8080/metrics | |||
There was a problem hiding this comment.
It would have probably been better to use %%port_0%% instead of a hard-coded value here.
There was a problem hiding this comment.
This was the initial approach but we decided to go with the hardcoded port because we would have a similar issue if one day KSM exposes a port < 8080
There was a problem hiding this comment.
Fair enough. Yet it will also break if someone customizes the value of the http-metrics port on the kube-state-metrics deployment.
It would be awesome if datadog auto discovery would allow specifying ports by their name.
There was a problem hiding this comment.
@pdecat indeed it would be great for kubernetes annotation to support this, adding it to the backlog.
There was a problem hiding this comment.
Yet it will also break if someone customizes the value of the http-metrics port on the kube-state-metrics deployment.
That's true, in this case your best bet for now would be to use explicit annotations to override the auto_conf, and hardcode the port you customized in the kube-state-metrics deployment.
There was a problem hiding this comment.
@hkaj I'm having a bit of trouble overriding the auto_conf. I have a second container, kube-rbac-proxy, (https://github.com/brancz/kube-rbac-proxy) in my kube-state-metrics deployment that listens on 8443. The container name is kube-rbac-proxy-main. Following the AD datadog docs I tried the below annotations and a few variations of it. The agent always tries to hit port 8080 though :(
ad.datadoghq.com/kube-rbac-proxy-main.check_names: '["kubernetes_state"]'
ad.datadoghq.com/kube-rbac-proxy-main.init_configs: '[{}]'
ad.datadoghq.com/kube-rbac-proxy-main.instances: '[{"kubernetes_state_url": "http://%%host%%:%%port%%/metrics"}]'There was a problem hiding this comment.
I believe it's because of your usage of kubernetes_state_url instead of kube_state_url.
There was a problem hiding this comment.
Still didn't work. I opted to mount a configmap and overwrite the config manually. I believe theres a bigger block here for me. Kube-rbac-proxy requires the client to authenticate via client TLS or rbac token. I can't find any documentation on how to send the rbac token as a header in the request within datadog. Going to open a new issue for this
There was a problem hiding this comment.
I'm having a problem w/ this as well - we're using the prometheus-operator which deploys kube-state-metrics service exposing ports 8443/9443 for https we defintely don't want two deployments of KSM running in our cluster. EDIT: looks like that's actually kube-rbac-proxy.
What does this PR do?
This fixes DataDog/datadog-agent#1523
Versioning
manifest.jsondatadog_checks/{integration}/__init__.pyCHANGELOG.md. Please useUnreleasedas the date in the titlefor the new section.
Additional Notes
Anything else we should know when reviewing?