-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix AD KSM port choice #1308
Merged
Merged
Fix AD KSM port choice #1308
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would have probably been better to use
%%port_0%%instead of a hard-coded value here.DataDog/datadog-agent#1523 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was the initial approach but we decided to go with the hardcoded port because we would have a similar issue if one day KSM exposes a port < 8080
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough. Yet it will also break if someone customizes the value of the
http-metricsport on thekube-state-metricsdeployment.It would be awesome if datadog auto discovery would allow specifying ports by their name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pdecat indeed it would be great for kubernetes annotation to support this, adding it to the backlog.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's true, in this case your best bet for now would be to use explicit annotations to override the auto_conf, and hardcode the port you customized in the kube-state-metrics deployment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hkaj I'm having a bit of trouble overriding the auto_conf. I have a second container, kube-rbac-proxy, (https://github.com/brancz/kube-rbac-proxy) in my kube-state-metrics deployment that listens on 8443. The container name is kube-rbac-proxy-main. Following the AD datadog docs I tried the below annotations and a few variations of it. The agent always tries to hit port 8080 though :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it's because of your usage of
kubernetes_state_urlinstead ofkube_state_url.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still didn't work. I opted to mount a configmap and overwrite the config manually. I believe theres a bigger block here for me. Kube-rbac-proxy requires the client to authenticate via client TLS or rbac token. I can't find any documentation on how to send the rbac token as a header in the request within datadog. Going to open a new issue for this
#3113
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm having a problem w/ this as well - we're using the prometheus-operator which deploys
kube-state-metricsservice exposing ports8443/9443forhttpswe defintely don't want two deployments of KSM running in our cluster. EDIT: looks like that's actually kube-rbac-proxy.