Skip to content

DataDog

To aggregate and stream your Org's audit log data to DataDog using the web console or the command line (RCTL).

Use the web console to configure your audit logs.

Prerequisites

Helm Repository

Create a repository for Helm Charts to use when configuring a workload.

  1. In the web console, select a project to deploy this repository to.
  2. Select Integrations > Repositories. Repositories
  3. Click New Repository.
  4. Enter a name for the repository. Example: helm-repo.
  5. Select Helm for Type. New Repository
  6. Click Create.
  7. Copy and paste the following into the Endpoint field.
    https://rafaysystems.github.io/rafay-helm-charts/
    
  8. Click Save.

Helm Repository

Configure Workload

Note: Only one audit log workload is needed for an organization.

  1. In the web console, select a project to deploy this workload to.
  2. Select Applications > Workload, then click New Workload.
  3. In the New Workload window:
    • Enter a name for the workload. Example: audit-logs.
    • Make sure Helm 3 is selected under Package Type.
    • Select Pull files from repository for Artifact Sync.
    • Select Helm for Repository Type.
    • Click Continue. New Workload
  4. On the Repository tab:
    • Select the Helm repository you created from the Repository list.
    • Enter rafay-datadog for Helm Chart Name. Leave the Chart Version field blank to retrieve the latest version.
  5. For Values yaml:
  6. Click Save and Go to Placement.
  7. Update the following for Placements:
    • Select the appropriate Drift Action.
    • Select Specified Clusters for the Placement Policy.
    • Select the cluster from the cluster list.
    • Click Save and go to Publish.
  8. Click Publish.

Use the Command Line Interface (RCTL) to automate reproducible workflows without having to use the web console.

Prerequisites

Note: Set the correct project using RCTL.

Create a Repository

Create a repository.yaml file using the following example. Replace demo with the name of the project you are adding this repository to. Optionally, you can change helm-repo to another name; if you change the name, use that name for repository_ref in the workload.yaml file (see Create a Workload).

apiVersion: config.rafay.dev/v2
kind: Repository
metadata:
  name: helm-repo
  project: demo
spec:
  repositoryType: HelmRepository
  endpoint: https://rafaysystems.github.io/rafay-helm-charts/
  credentialType: CredentialTypeNotSet

Run the create repository command and include the repository.yaml file.

./rctl create repository -f repository.yaml

Create a Workload

Create a workload.yaml file using the following example. Replace the names used in clusters, namespace, and project to match your environment where you want to publish the workload.

name: audit-logs
namespace: ns-name
type: Helm
project: demo
clusters: demo-cluster
repository_ref: helm-repo
repo_artifact_meta:
  helm:
    chartName: rafay-datadog
values: ./values.yaml

Run the create workload command and include the workload.yaml file.

./rctl create workload workload.yaml

Publish a Workload

Run the publish workload command. Replace workload-name with the name used in the workload.yaml file. Example: audit-logs.

./rctl publish workload workload-name


Values YAML File

Create a values.yaml file that contains your DataDog information. Use the example below and change the following:

config:
  ## Rafay console URL
  url: https://console.rafay.dev
  ## Rafay API Key
  apikey: RAFAY_API_KEY
  ## Initial Logs
  filter: 14d
  ## Time Interval to send logs to datadog
  interval: 1m
  ## Datadog host
  host: http-intake.logs.datadoghq.com
  ## Datadog API KEY
  datadogkey: DATADOG_API_KEY
image:
  repository: registry.rafay-edge.net/rafay-logs/rafay-datadog
  pullPolicy: Always
  # Overrides the image tag whose default is the chart appVersion.
  tag: 0.2

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
rbac:
  create: true
replicaCount: 1
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
deploymentAnnotations: {}
podAnnotations: {}
resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

Creating a DataDog API Key

  1. In the DataDog console, select Settings > Organization Settings, then click API Keys under Access. Or select Integrations > APIs, then click API Keys have moved to the Organization Settings page.
  2. Click New Key. If an API key already exists, click the API key name, then Copy the key.
  3. Enter a name for the API key (example: Rafay-Logs), then click Create Key.
  4. Copy the API key and paste it for the datadogkey in the values.yaml file.