Skip to content

[CECO-2145] Use datadog.kubelet.useApiServer for GKE Autopilot #29199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[CECO-2145] Use datadog.kubelet.useApiServer for GKE Autopilot #29199

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8a34d68
use datadog.kubelet.useapiserver for GKE Autopilot
tbavelier May 7, 2025
b8ee080
change wording a bit
tbavelier May 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions content/en/containers/kubernetes/distributions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@
fieldRef:
fieldPath: spec.nodeName
hostCAPath: /etc/kubernetes/certs/kubeletserver.crt

providers:
aks:
enabled: true
Expand All @@ -146,7 +146,7 @@
In some clusters, DNS resolution for `spec.nodeName` inside Pods does not work in AKS. This affects:
- Windows nodes
- Linux nodes, when the cluster is set up in a virtual network using custom DNS

In this case, use the AKS configuration provided below to set `tlsVerify: false` and remove any settings for the Kubelet host path (which defaults to `status.hostIP`). **Do not set the Kubelet host path and `tlsVerify: false` in the same configuration**.

{{< tabs >}}
Expand Down Expand Up @@ -217,9 +217,11 @@

GKE Autopilot requires some configuration, shown below.

Datadog recommends that you specify resource limits for the Agent container. Autopilot sets a relatively low default limit (50m CPU, 100Mi memory) that may lead the Agent container to quickly OOMKill depending on your environment. If applicable, also specify resource limits for the Trace Agent and Process Agent containers. Additionally, you may wish to create a priority class for the Agent to ensure it is scheduled.
Datadog recommends that you specify resource limits for the Agent container. Autopilot sets a relatively low default limit (50m CPU, 100Mi memory) that may lead the Agent container to quickly OOMKill depending on your environment. If applicable, also specify resource limits for the Trace Agent, Process Agent and System-Probe containers. Additionally, you may wish to create a priority class for the Agent to ensure it is scheduled.

Check warning on line 220 in content/en/containers/kubernetes/distributions.md

View workflow job for this annotation

GitHub Actions / vale

Datadog.words 

Use '' instead of 'quickly'.

Starting with Agent `7.65.0+` and version `3.113.0+` of the Helm chart, we also recommend using `datadog.kubelet.useApiServer` for the Agent to query the pod list from the API server instead of the [deprecated read-only kubelet port][12].

Check notice on line 222 in content/en/containers/kubernetes/distributions.md

View workflow job for this annotation

GitHub Actions / vale

Datadog.sentencelength 

Suggestion: Try to keep your sentence length to 25 words or fewer.

Check warning on line 222 in content/en/containers/kubernetes/distributions.md

View workflow job for this annotation

GitHub Actions / vale

Datadog.pronouns 

Avoid first-person pronouns such as 'we'.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Starting with Agent `7.65.0+` and version `3.113.0+` of the Helm chart, we also recommend using `datadog.kubelet.useApiServer` for the Agent to query the pod list from the API server instead of the [deprecated read-only kubelet port][12].
Starting with Agent `7.65.0+` and version `3.113.0+` of the Helm chart, Datadog recommends using `datadog.kubelet.useApiServer` for the Agent to query the pod list from the API server. Avoid using the [deprecated read-only kubelet port][12].


**Note**: Cloud Network Monitoring is supported from version 3.100.0 of the Helm chart and with GKE version 1.32.1-gke.1729000 or later
**Note**: Cloud Network Monitoring is supported from version `3.100.0` of the Helm chart and with GKE version `1.32.1-gke.1729000` or later.

{{< tabs >}}
{{% tab "Helm" %}}
Expand All @@ -237,6 +239,12 @@
# Documentation: https://docs.datadoghq.com/getting_started/site/
site: <DATADOG_SITE>

# This option uses the API server to retrieve the node-level pod list from the API server.
# This is necessary to migrate away from the deprecated read-only kubelet port.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# This is necessary to migrate away from the deprecated read-only kubelet port.
# This setting is necessary to migrate away from the deprecated read-only kubelet port.

# Requires Agent 7.65.0+ and Datadog Helm chart version 3.113.0+.
kubelet:
useApiServer: true

agents:
containers:
agent:
Expand Down Expand Up @@ -598,3 +606,4 @@
[9]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
[10]: https://cloud.google.com/kubernetes-engine/docs/how-to/autopilot-spot-pods
[11]: https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-compute-classes
[12]: https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port
Loading