feat: Add Datadog operator to Kubernetes addons (#882)

Co-authored-by: Bryant Biggs <[email protected]>

docs/add-ons/datadog-operator.md

@@ -0,0 +1,11 @@
+# Datadog Operator
+The [Datadog Operator](https://github.com/DataDog/datadog-operator) is a Kubernetes add-on that can automate the deployment of a best-practice Datadog monitoring agent on a Kubernetes cluster.
+
+## Usage
+The Datadog Operator can be deployed by enabling the add-on via the following.
+
+```hcl
+enable_datadog_operator = true
+```
+
+Once the operator is provisioned, the Datadog Agent can be deployed by creating a `DatadogAgent` resource and supplying an API key.

examples/karpenter/main.tf

@@ -143,8 +143,9 @@ module "eks_blueprints_kubernetes_addons" {
   enable_aws_node_termination_handler = true
   enable_kubecost                     = true
 
-  tags = local.tags
+  enable_datadog_operator = true
 
+  tags = local.tags
 }
 
 # Creates Launch templates for Karpenter
@@ -206,6 +207,44 @@ resource "kubectl_manifest" "karpenter_provisioner" {
   depends_on = [module.eks_blueprints_kubernetes_addons]
 }
 
+#---------------------------------------------------------------
+# Datadog Operator
+#---------------------------------------------------------------
+
+resource "kubernetes_secret_v1" "datadog_api_key" {
+  metadata {
+    name      = "datadog-secret"
+    namespace = "datadog-operator"
+  }
+
+  data = {
+    # This will reveal a secret in the Terraform state
+    api-key = var.datadog_api_key
+  }
+
+  # Ensure the operator is deployed first
+  depends_on = [module.eks_blueprints_kubernetes_addons]
+}
+
+resource "kubectl_manifest" "datadog_agent" {
+  yaml_body = <<-YAML
+    apiVersion: datadoghq.com/v1alpha1
+    kind: DatadogAgent
+    metadata:
+      name: datadog
+      namespace: datadog-operator
+    spec:
+      clusterName: ${module.eks_blueprints.eks_cluster_id}
+      credentials:
+        apiSecret:
+          secretName: ${kubernetes_secret_v1.datadog_api_key.metadata[0].name}
+          keyName: api-key
+      features:
+        kubeStateMetricsCore:
+          enabled: true
+  YAML
+}
+
 #---------------------------------------------------------------
 # Supporting Resources
 #---------------------------------------------------------------

examples/karpenter/variables.tf

@@ -0,0 +1,5 @@
+variable "datadog_api_key" {
+  description = "Datadog API key"
+  type        = string
+  default     = ""
+}

modules/kubernetes-addons/README.md

@@ -49,6 +49,7 @@
 | <a name="module_coredns_autoscaler"></a> [coredns\_autoscaler](#module\_coredns\_autoscaler) | ./cluster-proportional-autoscaler | n/a |
 | <a name="module_crossplane"></a> [crossplane](#module\_crossplane) | ./crossplane | n/a |
 | <a name="module_csi_secrets_store_provider_aws"></a> [csi\_secrets\_store\_provider\_aws](#module\_csi\_secrets\_store\_provider\_aws) | ./csi-secrets-store-provider-aws | n/a |
+| <a name="module_datadog_operator"></a> [datadog\_operator](#module\_datadog\_operator) | ./datadog-operator | n/a |
 | <a name="module_external_dns"></a> [external\_dns](#module\_external\_dns) | ./external-dns | n/a |
 | <a name="module_external_secrets"></a> [external\_secrets](#module\_external\_secrets) | ./external-secrets | n/a |
 | <a name="module_fargate_fluentbit"></a> [fargate\_fluentbit](#module\_fargate\_fluentbit) | ./fargate-fluentbit | n/a |
@@ -152,6 +153,7 @@
 | <a name="input_csi_secrets_store_provider_aws_helm_config"></a> [csi\_secrets\_store\_provider\_aws\_helm\_config](#input\_csi\_secrets\_store\_provider\_aws\_helm\_config) | CSI Secrets Store Provider AWS Helm Configurations | `any` | `null` | no |
 | <a name="input_custom_image_registry_uri"></a> [custom\_image\_registry\_uri](#input\_custom\_image\_registry\_uri) | Custom image registry URI map of `{region = dkr.endpoint }` | `map(string)` | `{}` | no |
 | <a name="input_data_plane_wait_arn"></a> [data\_plane\_wait\_arn](#input\_data\_plane\_wait\_arn) | Addon deployment will not proceed until this value is known. Set to node group/Fargate profile ARN to wait for data plane to be ready before provisioning addons | `string` | `""` | no |
+| <a name="input_datadog_operator_helm_config"></a> [datadog\_operator\_helm\_config](#input\_datadog\_operator\_helm\_config) | Datadog Operator Helm Chart config | `any` | `{}` | no |
 | <a name="input_eks_cluster_domain"></a> [eks\_cluster\_domain](#input\_eks\_cluster\_domain) | The domain for the EKS cluster | `string` | `""` | no |
 | <a name="input_eks_cluster_endpoint"></a> [eks\_cluster\_endpoint](#input\_eks\_cluster\_endpoint) | Endpoint for your Kubernetes API server | `string` | `null` | no |
 | <a name="input_eks_cluster_id"></a> [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster Id | `string` | n/a | yes |
@@ -189,6 +191,7 @@
 | <a name="input_enable_coredns_autoscaler"></a> [enable\_coredns\_autoscaler](#input\_enable\_coredns\_autoscaler) | Enable CoreDNS autoscaler add-on | `bool` | `false` | no |
 | <a name="input_enable_coredns_cluster_proportional_autoscaler"></a> [enable\_coredns\_cluster\_proportional\_autoscaler](#input\_enable\_coredns\_cluster\_proportional\_autoscaler) | Enable cluster-proportional-autoscaler for CoreDNS | `bool` | `true` | no |
 | <a name="input_enable_crossplane"></a> [enable\_crossplane](#input\_enable\_crossplane) | Enable Crossplane add-on | `bool` | `false` | no |
+| <a name="input_enable_datadog_operator"></a> [enable\_datadog\_operator](#input\_enable\_datadog\_operator) | Enable Datadog Operator add-on | `bool` | `false` | no |
 | <a name="input_enable_external_dns"></a> [enable\_external\_dns](#input\_enable\_external\_dns) | External DNS add-on | `bool` | `false` | no |
 | <a name="input_enable_external_secrets"></a> [enable\_external\_secrets](#input\_enable\_external\_secrets) | Enable External Secrets operator add-on | `bool` | `false` | no |
 | <a name="input_enable_fargate_fluentbit"></a> [enable\_fargate\_fluentbit](#input\_enable\_fargate\_fluentbit) | Enable Fargate FluentBit add-on | `bool` | `false` | no |

modules/kubernetes-addons/datadog-operator/README.md

@@ -0,0 +1,43 @@
+# Datadog Operator
+
+## Datadog Operator vs. Helm chart
+
+The official Datadog Helm chart is still the recommended way to setup Datadog in a Kubernetes cluster, as it has most supported configuration options readily accessible. It also makes using more advanced features easier than rolling your own deployments.
+
+The **Datadog Operator** aims to improve the user experience around deploying Datadog. It does this by reporting deployment status, health, and errors in its Custom Resource status, and by limiting the risk of misconfiguration thanks to higher-level configuration options.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helm_addon"></a> [helm\_addon](#module\_helm\_addon) | ../helm-addon | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_addon_context"></a> [addon\_context](#input\_addon\_context) | Input configuration for the addon | <pre>object({<br>    aws_caller_identity_account_id = string<br>    aws_caller_identity_arn        = string<br>    aws_eks_cluster_endpoint       = string<br>    aws_partition_id               = string<br>    aws_region_name                = string<br>    eks_cluster_id                 = string<br>    eks_oidc_issuer_url            = string<br>    eks_oidc_provider_arn          = string<br>    tags                           = map(string)<br>  })</pre> | n/a | yes |
+| <a name="input_helm_config"></a> [helm\_config](#input\_helm\_config) | Helm Config for calico | `any` | `{}` | no |
+| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_argocd_gitops_config"></a> [argocd\_gitops\_config](#output\_argocd\_gitops\_config) | Configuration used for managing the add-on with ArgoCD |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/kubernetes-addons/datadog-operator/main.tf

@@ -0,0 +1,23 @@
+locals {
+  name = "datadog-operator"
+}
+
+module "helm_addon" {
+  source = "../helm-addon"
+
+  helm_config = merge(
+    {
+      name             = local.name
+      chart            = local.name
+      repository       = "https://helm.datadoghq.com"
+      version          = "0.8.8"
+      namespace        = local.name
+      create_namespace = true
+      description      = "Datadog Operator"
+    },
+    var.helm_config
+  )
+  manage_via_gitops = var.manage_via_gitops
+
+  addon_context = var.addon_context
+}

modules/kubernetes-addons/datadog-operator/outputs.tf

@@ -0,0 +1,4 @@
+output "argocd_gitops_config" {
+  description = "Configuration used for managing the add-on with ArgoCD"
+  value       = var.manage_via_gitops ? { enable = true } : null
+}

modules/kubernetes-addons/datadog-operator/variables.tf

@@ -0,0 +1,26 @@
+variable "helm_config" {
+  description = "Helm Config for calico"
+  type        = any
+  default     = {}
+}
+
+variable "manage_via_gitops" {
+  description = "Determines if the add-on should be managed via GitOps."
+  type        = bool
+  default     = false
+}
+
+variable "addon_context" {
+  description = "Input configuration for the addon"
+  type = object({
+    aws_caller_identity_account_id = string
+    aws_caller_identity_arn        = string
+    aws_eks_cluster_endpoint       = string
+    aws_partition_id               = string
+    aws_region_name                = string
+    eks_cluster_id                 = string
+    eks_oidc_issuer_url            = string
+    eks_oidc_provider_arn          = string
+    tags                           = map(string)
+  })
+}

modules/kubernetes-addons/datadog-operator/versions.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 1.0.0"
+}

modules/kubernetes-addons/main.tf

@@ -237,6 +237,16 @@ module "crossplane" {
   addon_context    = local.addon_context
 }
 
+module "datadog_operator" {
+  source = "./datadog-operator"
+
+  count = var.enable_datadog_operator ? 1 : 0
+
+  helm_config       = var.datadog_operator_helm_config
+  manage_via_gitops = var.argocd_manage_add_ons
+  addon_context     = local.addon_context
+}
+
 module "external_dns" {
   source = "./external-dns"
 
@@ -689,8 +699,10 @@ module "local_volume_provisioner" {
 }
 
 module "nvidia_device_plugin" {
-  count             = var.enable_nvidia_device_plugin ? 1 : 0
-  source            = "./nvidia-device-plugin"
+  source = "./nvidia-device-plugin"
+
+  count = var.enable_nvidia_device_plugin ? 1 : 0
+
   helm_config       = var.nvidia_device_plugin_helm_config
   manage_via_gitops = var.argocd_manage_add_ons
   addon_context     = local.addon_context

modules/kubernetes-addons/variables.tf

@@ -1114,6 +1114,19 @@ variable "airflow_helm_config" {
   default     = {}
 }
 
+#-----------Datadog Operator-------------
+variable "enable_datadog_operator" {
+  description = "Enable Datadog Operator add-on"
+  type        = bool
+  default     = false
+}
+
+variable "datadog_operator_helm_config" {
+  description = "Datadog Operator Helm Chart config"
+  type        = any
+  default     = {}
+}
+
 #-----------Promtail ADDON-------------
 variable "enable_promtail" {
   description = "Enable Promtail add-on"
@@ -1245,8 +1258,6 @@ variable "gatekeeper_helm_config" {
   default     = {}
 }
 
-
-
 #-----------Kubernetes Portworx ADDON-------------
 variable "enable_portworx" {
   description = "Enable Kubernetes Dashboard add-on"