Datadog operates dozens of Kubernetes clusters, tens of thousands of hosts, and millions of containers across a multi-cloud environment, spanning AWS, Azure, and Google Cloud. With over 2,000 engineers, we needed to ensure that every developer and application could securely and efficiently access resources across these various cloud providers.

In this episode, we will showcase the solution we developed: a zero-configuration, injected sidecar container that emulates cloud provider Instance Metadata Service (IMDS) APIs. This enables applications running in Kubernetes pods to transparently access cloud provider resources, regardless of the underlying platform, without requiring additional code complexity.

We will demonstrate how integrating identity and security-focused automation into our runtime platforms resulted in a solution that optimizes user experience, enhances operator efficiency, and strengthens security. Finally, we will present the open-source version of our cloud provider IMDS API emulation layer and demonstrate it in action.