feat: add Velero datadog integration on EKS

matihost · matihost · commit e94deff12e05 · 2026-01-26T23:02:04.000+01:00
diff --git a/terraform/aws/aws-eks/README.md b/terraform/aws/aws-eks/README.md
@@ -131,3 +131,26 @@ velero backup delete learning-backup1 --confirm
 # delete all backups
 velero backup delete --all --confirm
 ```
+
+### Datadog
+
+```bash
+# SSH to the Datadog Agent pod on the same node where target pod is located.
+NODE_NAME="..."
+kubectl exec -n datadog -it $(kubectl get pods -n datadog --field-selector spec.nodeName=$NODE_NAME -o jsonpath="{.items[0].metadata.name}") -c agent -- bash
+
+## get status
+agent status
+
+# get collectors status
+agent status collector
+
+# check particular integrations/check (for example: velero, nginx, mongo, nginx_ingress_controller)
+agent check velero
+
+# run twice to get rate metrics from particular check
+agent check mongo --check-rate
+
+# show agent runtime configuration
+agent config
+```
diff --git a/terraform/aws/aws-eks/module/backup.tf b/terraform/aws/aws-eks/module/backup.tf
@@ -1,7 +1,7 @@
 resource "aws_s3_bucket" "backup" {
   bucket              = "${local.account_id}-${local.prefix}-velero-backups"
   force_destroy       = "true"
-  object_lock_enabled = "false"
+  object_lock_enabled = "false" # when versioning is disabled, this must be false
 }
 
 
@@ -55,7 +55,7 @@ resource "aws_iam_role_policy_attachment" "backup_irsa" {
 
 
 resource "aws_iam_policy" "velero-policy" {
-  description = "Allow pass ReadOnlyAccess role to Tools"
+  description = "Allow Velero to manage backups in S3 and EBS"
   name        = "${local.prefix}-velero-irsa"
 
   policy = <<EOF
diff --git a/terraform/aws/aws-eks/module/eks.tf b/terraform/aws/aws-eks/module/eks.tf
@@ -235,5 +235,8 @@ resource "null_resource" "cluster-config" {
     aws_eks_access_policy_association.admin,
     aws_eks_pod_identity_association.externaldns,
     aws_iam_role_policy_attachment.backup_irsa,
+    aws_eks_addon.snapshot-controller,
+    aws_eks_addon.efs,
+    aws_eks_addon.kube-state-metrics
   ]
 }
diff --git a/terraform/aws/aws-eks/module/velero.yaml b/terraform/aws/aws-eks/module/velero.yaml
@@ -5,6 +5,21 @@ image:
   tag: latest
   pullPolicy: Always
 
+podAnnotations:
+  ad.datadoghq.com/velero.checks: |
+    {
+      "velero": {
+        "init_config": {},
+        "instances": [{"openmetrics_endpoint": "http://%%host%%:8085/metrics"}]
+      }
+    }
+  ad.datadoghq.com/node-agent.checks: |
+    {
+      "velero": {
+        "init_config": {},
+        "instances": [{"openmetrics_endpoint": "http://%%host%%:8085/metrics"}]
+      }
+    }
 
 nodeSelector:
   karpenter.sh/nodepool: "system"

Original file line number	Diff line number	Diff line change
`@@ -235,5 +235,8 @@ resource "null_resource" "cluster-config" {`
`235`	`235`	`aws_eks_access_policy_association.admin,`
`236`	`236`	`aws_eks_pod_identity_association.externaldns,`
`237`	`237`	`aws_iam_role_policy_attachment.backup_irsa,`
	`238`	`+ aws_eks_addon.snapshot-controller,`
	`239`	`+ aws_eks_addon.efs,`
	`240`	`+ aws_eks_addon.kube-state-metrics`
`238`	`241`	`]`
`239`	`242`	`}`