This check collects metrics from Open Policy Agent.
Follow the instructions below to install and configure this check for an Agent running on a Kubernetes cluster. See also the Autodiscovery Integration Templates for guidance on applying these instructions.
To install the open_policy_agent check on your Kubernetes cluster:
-
Install the developer toolkit.
-
Clone the
integrations-extrasrepository:git clone https://github.com/DataDog/integrations-extras.git.
-
Update your
ddevconfig with theintegrations-extras/path:ddev config set extras ./integrations-extras -
To build the
open_policy_agentpackage, run:ddev -e release build open_policy_agent
-
Download the Agent manifest to install the Datadog Agent as a DaemonSet.
-
Create two
PersistentVolumeClaims, one for the checks code, and one for the configuration. -
Add them as volumes to your Agent pod template and use them for your checks and configuration:
env: - name: DD_CONFD_PATH value: "/confd" - name: DD_ADDITIONAL_CHECKSD value: "/checksd" [...] volumeMounts: - name: agent-code-storage mountPath: /checksd - name: agent-conf-storage mountPath: /confd [...] volumes: - name: agent-code-storage persistentVolumeClaim: claimName: agent-code-claim - name: agent-conf-storage persistentVolumeClaim: claimName: agent-conf-claim
-
Deploy the Datadog Agent in your Kubernetes cluster:
kubectl apply -f agent.yaml
-
Copy the integration artifact .whl file to your Kubernetes nodes or upload it to a public URL.
-
Run the following command to install the integrations wheel with the Agent:
kubectl exec ds/datadog -- agent integration install -w <PATH_OF_OPEN_POLICY_AGENT_ARTIFACT_>/<OPEN_POLICY_AGENT_ARTIFACT_NAME>.whl
-
Run the following commands to copy the checks and configuration to the corresponding PVCs:
kubectl exec ds/datadog -- sh # cp -R /opt/datadog-agent/embedded/lib/python2.7/site-packages/datadog_checks/* /checksd # cp -R /etc/datadog-agent/conf.d/* /confd
-
Restart the Datadog Agent pods.
The default dashboard includes some graphs related to a metric around OPA decisions, called open_policy_agent.decisions. This metric is created based on the OPA "Decision Logs". To generate this metric and populate this part of the dashboard, create a new log-generated metric in Datadog.
First, create a facet for the msg field of the OPA logs, as it only generates metrics for the "Decision Logs" type of log entry. For that, select any of the log entries coming from OPA, click on the engine log near the msg field and select "Create facet for @msg":
Create two facets, one for the input.request.kind.kind field and one for the result.response.allowed field, both available in any of the log entries type "Decision Log".
Once you have created the facets, generate the needed metric for the Dashboard to be complete. Click on the menu "Logs -> Generate Metrics". Click on "Add a new metric" and fill in the form with the following data:
-
Edit the
open_policy_agent/conf.yamlfile, in the/confdfolder that you added to the Agent pod to start collecting your OPA performance data. See the sample open_policy_agent/conf.yaml for all available configuration options.
Run the Agent's status subcommand and look for open_policy_agent under the Checks section.
See metadata.csv for a list of metrics provided by this check.
open_policy_agent does not include any events.
See service_checks.json for a list of service checks provided by this integration.
Need help? Contact Datadog support.