Is it possible to deploy Datadog agents on AWS EKS cluster using terraform

Solution 1:

The Helm Provider for Terraform can be used to deploy packages to Kubernetes. This GitHub issue contains an example how to use it to deploy the Datadog agent:

resource "helm_release" "datadog" {
  name          = "datadog"
  version       = "1.38.2"
  chart         = "stable/datadog"
  namespace     = kubernetes_namespace.datadog.metadata.0.name
  recreate_pods = true
  force_update  = true

  values = [<<YAML
image:
  repository: datadog/agent
  tag: 6.14.1-jmx
  pullPolicy: IfNotPresent
clusterAgent:
  containerName: cluster-agent
  image:
    repository: datadog/cluster-agent
    tag: 1.3.1
    pullPolicy: IfNotPresent
  enabled: true
  metricsProvider:
    enabled: true
  replicas: 1
  resources:
    requests:
      cpu: 200m
      memory: 256Mi
    limits:
      cpu: 400m
      memory: 512Mi
datadog:
  apiKeyExistingSecret: datadog-api-key
  apmEnabled: true
  appKeyExistingSecret: datadog-app-key
  collectEvents: true
  env:
    - name: DD_APM_IGNORE_RESOURCES
      value: "GET /webjars/.*, GET /v2/api-docs, GET /swagger-resources, GET /actuator/health, GET /_health, GET /manifest"
    - name: DD_KUBELET_TLS_VERIFY
      value: "false"
    - name: DD_COLLECT_EC2_TAGS
      value: "true"
    - name: DD_CUSTOM_SENSITIVE_WORDS
      value: "authorization"
    - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE
      value: "true"
  leaderElection: true
  logsConfigContainerCollectAll: true
  logsEnabled: true
  logLevel: INFO
  name: datadog
  nonLocalTraffic: true
  processAgentEnabled: true
  resources:
    requests:
      cpu: 500m
      memory: 512Mi
    limits:
      cpu: 2000m
      memory: 2Gi
  tags:
    - env:${var.environment}
    - cluster:<my_cluster>
  confd:
    disk.yaml: |-
        init_config:
        instances:
          - use_mount: true
            mount_point_whitelist:
              - /$
    vault.yaml: |-
        init_config:
        instances:
          - api_url: https://<some_vault_url>/v1
    istio.yaml: |-
        init_config:
        instances:
          - istio_mesh_endpoint: http://istio-telemetry.istio-system:42422/metrics
            mixer_endpoint: http://istio-telemetry.istio-system:15014/metrics
            galley_endpoint: http://istio-galley.istio-system:15014/metrics
            pilot_endpoint: http://istio-pilot.istio-system:15014/metrics
            citadel_endpoint: http://istio-citadel.istio-system:15014/metrics
            send_histograms_buckets: true
            send_monotonic_counter: true
  useCriSocketVolume: true
daemonset:
  enabled: true
  tolerations:
    - key: "node-role.kubernetes.io/controlplane"
      operator: "Exists"
      effect: "NoSchedule"
    - key: "node-role.kubernetes.io/controlplane"
      operator: "Exists"
      effect: "NoExecute"
    - key: "node-role.kubernetes.io/etcd"
      operator: "Exists"
      effect: "NoExecute"
    - key: "node-role.kubernetes.io/<node_taint>"
      operator: "Exists"
      effect: "NoSchedule"
  useConfigMap: true
  customAgentConfig:
    listeners:
      - name: kubelet
    config_providers:
      - name: kubelet
        polling: true
    apm_config:
      enabled: false
      apm_non_local_traffic: true
    jmx_use_cgroup_memory_limit: true
    logs_config:
      open_files_limit: 500
  updateStrategy:
     type: RollingUpdate
  useHostPort: true
kubeStateMetrics:
  enabled: true
kube-state-metrics:
  rbac:
    create: false
  serviceAccount:
    create: false
    name: "${kubernetes_service_account.kube-state-metrics.metadata.0.name}"
rbac:
  create: false
  serviceAccountName: "${kubernetes_service_account.datadog-cluster-agent.metadata.0.name}"
YAML
  ]

  lifecycle {
    ignore_changes = [
      keyring,
    ]
  }
}