Warning: This tool is not production-ready. Carefully review the generated output.
The datadog-agent-ecs-task-patcher is a tool that patches existing task definitions to integrate the Datadog Agent as a sidecar and apply Cloud Workload Security (CWS) instrumentation to your application.
To build the Docker image, run:
docker build . -t datadog/datadog-agent-ecs-task-patcher:latest
To use datadog-agent-ecs-task-patcher, run:
docker run -i datadog/datadog-agent-ecs-task-patcher:latest datadog-agent-ecs-task-patcher [OPTIONS]
| Option | Default | Description |
|---|---|---|
--help |
Show help | |
--version |
Show version number | |
-a, --apiKey |
(Required) Datadog API key | |
-s, --site |
datadoghq.com |
Datadog site |
-i, --input |
Path to the input file | |
-o, --output |
Path to the output file | |
-v, --verbose |
Enable verbose mode | |
-n, --service |
Service name | |
-p, --containers |
Container names to patch | |
-e, --entryPoint |
/init.sh |
Entry point arguments |
-d, --agentImage |
datadog/agent:latest |
Datadog Agent image |
-c, --cwsInstImage |
datadog/cws-instrumentation:latest |
CWS instrumentation image |
-k, --eks |
Enable EKS deployment mode |
The datadog-agent-ecs-task-patcher makes the following modifications to the task definition or deployment:
- Adds the Datadog Agent as a sidecar container.
- Adds the CWS instrumentation init container.
- Adds a volume to share the
cws-instrumentationbinary. - Patches the original workload container to:
- Add the
cws-instrumentationvolume. - Wrap the application's entry point with the
cws-instrumentationbinary.
- Add the
To apply the instrumentation to all containers:
cat examples/nginx-ecs-td.json | docker run -i datadog/datadog-agent-ecs-task-patcher:latest datadog-agent-ecs-task-patcher -a <API-KEY> \
-e '["/docker-entrypoint.sh", "nginx", "-g", "daemon off;"]'
The -e flag specifies the workload container's original entry point.
To apply the instrumentation to a specific container:
cat examples/nginx-ecs-td.json | docker run -i datadog/datadog-agent-ecs-task-patcher:latest datadog-agent-ecs-task-patcher -a <API-KEY> -p nginx \
-e '["/docker-entrypoint.sh", "nginx", "-g", "daemon off;"]'
Warning: Use the following Agent RBAC deployment instruction before deploying the Agent as a sidecar.
To apply the instrumentation to all containers:
cat examples/nginx-eks.yaml | docker run -i datadog/datadog-agent-ecs-task-patcher:latest datadog-agent-ecs-task-patcher -k -a <API-KEY> \
-e '["/docker-entrypoint.sh", "nginx", "-g", "daemon off;"]'