This check collects metrics from OPA Gatekeeper.
Follow the instructions below to install and configure this check for an Agent running on a Kubernetes cluster. See also the Autodiscovery Integration Templates for guidance on applying these instructions.
To use an integration from integrations-extra with the Docker Agent, Datadog recommends building the Agent with the integration installed. Use the following Dockerfile to build an updated version of the Agent that includes the gatekeeper integration from integrations-extras:
FROM gcr.io/datadoghq/agent:latest
RUN agent integration install -r -t datadog-gatekeeper==<INTEGRATION_VERSION>
To install the gatekeeper check on your Kubernetes cluster:
-
Install the developer toolkit.
-
Clone the
integrations-extrasrepository:git clone https://github.com/DataDog/integrations-extras.git.
-
Update your
ddevconfig with theintegrations-extras/path:ddev config set extras ./integrations-extras -
To build the
gatekeeperpackage, run:ddev -e release build gatekeeper
-
Download the Agent manifest to install the Datadog Agent as a DaemonSet.
-
Create two
PersistentVolumeClaims, one for the checks code, and one for the configuration. -
Add them as volumes to your Agent pod template and use them for your checks and configuration:
env: - name: DD_CONFD_PATH value: "/confd" - name: DD_ADDITIONAL_CHECKSD value: "/checksd" [...] volumeMounts: - name: agent-code-storage mountPath: /checksd - name: agent-conf-storage mountPath: /confd [...] volumes: - name: agent-code-storage persistentVolumeClaim: claimName: agent-code-claim - name: agent-conf-storage persistentVolumeClaim: claimName: agent-conf-claim
-
Deploy the Datadog Agent in your Kubernetes cluster:
kubectl apply -f agent.yaml
-
Copy the integration artifact .whl file to your Kubernetes nodes or upload it to a public URL
-
Run the following command to install the integrations wheel with the Agent:
kubectl exec ds/datadog -- agent integration install -w <PATH_OF_GATEKEEPER_ARTIFACT_>/<GATEKEEPER_ARTIFACT_NAME>.whl
-
Run the following commands to copy the checks and configuration to the corresponding PVCs:
kubectl exec ds/datadog -- sh # cp -R /opt/datadog-agent/embedded/lib/python3.8/site-packages/datadog_checks/* /checksd # cp -R /etc/datadog-agent/conf.d/* /confd
-
Restart the Datadog Agent pods.
-
Edit the
gatekeeper/conf.yamlfile, in the/confdfolder that you added to the Agent pod to start collecting your gatekeeper performance data. See the sample gatekeeper/conf.yaml for all available configuration options.
Run the Agent's status subcommand and look for gatekeeper under the Checks section.
See metadata.csv for a list of metrics provided by this check.
Gatekeeper does not include any events.
See service_checks.json for a list of service checks provided by this integration.
Need help? Contact Datadog support.