From 83d10ab1244bed320a7d9133752f6c3645f753f2 Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 5 Dec 2024 10:11:58 +0000 Subject: [PATCH 01/36] NR-346357: Sync up nr-ebpf-agent charts in helm-charts from newrelic-ebpf-agent --- charts/nr-ebpf-agent/templates/_naming.tpl | 12 +++++ charts/nr-ebpf-agent/templates/_tls.tpl | 36 ++++++++++++++ .../templates/nr-ebpf-agent-daemonset.yaml | 48 ++++++++++++++++++- .../templates/nr-ebpf-agent-service.yaml | 20 ++++++++ .../templates/otel-collector-config.yaml | 5 ++ .../templates/otel-collector-daemonset.yaml | 12 +++++ ...ector.yaml => otel-collector-service.yaml} | 3 +- charts/nr-ebpf-agent/templates/secrets.yaml | 20 ++++++++ charts/nr-ebpf-agent/values.yaml | 30 ++++++++++++ 9 files changed, 183 insertions(+), 3 deletions(-) create mode 100644 charts/nr-ebpf-agent/templates/_naming.tpl create mode 100644 charts/nr-ebpf-agent/templates/_tls.tpl create mode 100644 charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml rename charts/nr-ebpf-agent/templates/{otel-collector.yaml => otel-collector-service.yaml} (89%) diff --git a/charts/nr-ebpf-agent/templates/_naming.tpl b/charts/nr-ebpf-agent/templates/_naming.tpl new file mode 100644 index 000000000..134ee8b9a --- /dev/null +++ b/charts/nr-ebpf-agent/templates/_naming.tpl @@ -0,0 +1,12 @@ +{{/* Controller manager service certificate's secret. */}} +{{- define "nr-ebpf-agent-certificates.certificateSecret.name" -}} +{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "controller-manager-service-cert") -}} +{{- end }} + +{{- define "nr-ebpf-agent.service.name" -}} +{{- include "newrelic.common.naming.truncateToDNS" (include "newrelic.common.naming.fullname" .) }} +{{- end }} + +{{- define "otel-collector.service.name" -}} +{{- include "newrelic.common.naming.truncateToDNS" "otel-collector" }} +{{- end }} diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl new file mode 100644 index 000000000..624d23b12 --- /dev/null +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -0,0 +1,36 @@ +{{/* +Return certificate and CA for ebpf. +It handles variants when a cert has to be generated by Helm, +a cert is loaded from an existing secret or is provided via `.Values` +*/}} +{{- define "nr-ebpf-agent-certificates.ebpfCert" -}} +{{- $caCert := "" }} +{{- $clientCert := "" }} +{{- $clientKey := "" }} +{{- if .Values.tls.autoGenerateCert.enabled }} + {{- $prevSecret := (lookup "v1" "Secret" "" (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} + {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} + {{- $clientCert = index $prevSecret "data" "tls.crt" }} + {{- $clientKey = index $prevSecret "data" "tls.key" }} + {{- $caCert = index $prevSecret "data" "ca.crt" }} + {{- else }} + {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }} + {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }} + {{- $domain1 := printf "%s.%s.svc" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }} + {{- $domain2 := printf "%s.%s.svc.%s" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} + {{- $domain3 := printf "%s.%s.svc" (include "otel-collector.service.name" .) $.Release.Namespace }} + {{- $domain4 := printf "%s.%s.svc.%s" (include "otel-collector.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} + {{- $domains := list $domain1 $domain2 $domain3 $domain4 }} + {{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }} + {{- $clientCert = b64enc $cert.Cert }} + {{- $clientKey = b64enc $cert.Key }} + {{- $caCert = b64enc $ca.Cert }} + {{- end }} +{{- else }} + {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }} + {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }} + {{- $caCert = .Files.Get .Values.tls.caFile | b64enc }} +{{- end }} +{{- $result := dict "clientCert" $clientCert "clientKey" $clientKey "caCert" $caCert }} +{{- $result | toYaml }} +{{- end }} diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 33924e752..3e9053ce3 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -1,16 +1,23 @@ +--- apiVersion: apps/v1 kind: DaemonSet metadata: name: nr-ebpf-agent labels: + app: nr-ebpf-agent + component: agent {{- include "newrelic.common.labels" . | nindent 4 }} spec: selector: matchLabels: + app: nr-ebpf-agent + component: agent {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} template: metadata: labels: + app: nr-ebpf-agent + component: agent {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} spec: containers: @@ -35,6 +42,16 @@ spec: value: "cluster.local" - name: PL_TABLE_STORE_DATA_LIMIT_MB value: "{{ .Values.tableStoreDataLimitMB }}" + - name: PX_DISABLE_TLS + {{- if eq .Values.tls.enabled true }} + value: "0" + {{- else }} + value: "1" + {{- end }} + {{- if eq .Values.tls.enabled true }} + - name: CERT_PATH + value: "{{ .Values.tls.autoGenerateCert.certPath }}" + {{- end }} securityContext: privileged: true volumeMounts: @@ -44,6 +61,11 @@ spec: - name: sys-volume mountPath: /sys readOnly: true + {{- if eq .Values.tls.enabled true }} + - name: cert + mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" + readOnly: true + {{- end }} - name: nr-ebpf-client image: {{ .Values.ebpfClient.image.repository }}:{{ .Values.ebpfClient.image.tag }} imagePullPolicy: {{ .Values.ebpfClient.image.pullPolicy }} @@ -58,7 +80,7 @@ spec: fieldRef: fieldPath: status.hostIP - name: ENDPOINT - value: "$(HOST_IP):4317" + value: {{ include "nr-otel-collector-receiver.endpoint" .}} - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" {{- if .Values.protocols }} @@ -76,8 +98,24 @@ spec: # TODO(kpattaswamy): Once we implement TLS, we should make this configurable again - name: IS_INSECURE value: "True" + - name: PX_DISABLE_TLS + {{- if eq .Values.tls.enabled true }} + value: "0" + {{- else }} + value: "1" + {{- end }} - name: KUBERNETES_CLUSTER_DOMAIN - value: "cluster.local" + value: "{{ .Values.kubernetesClusterDomain }}" + {{- if eq .Values.tls.enabled true }} + - name: CERT_PATH + value: "{{ .Values.tls.autoGenerateCert.certPath }}" + - name: NAMESPACE + value: {{ .Release.Namespace }} + volumeMounts: + - name: cert + mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" + readOnly: true + {{- end }} envFrom: - secretRef: name: nr-ebpf-agent-secrets @@ -106,3 +144,9 @@ spec: tolerations: {{- . | nindent 8 -}} {{- end }} + {{- if eq .Values.tls.enabled true }} + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} + {{- end }} diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml new file mode 100644 index 000000000..84bfb262c --- /dev/null +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nr-ebpf-agent.service.name" . }} + labels: + app: nr-ebpf-agent + component: agent + {{- include "newrelic.common.labels" . | nindent 4 }} +spec: + # The Agent pod will use a service containing a clusterIP and port 12345 to interface via. + type: ClusterIP + selector: + {{- include "newrelic.common.labels.selectorLabels" . | nindent 4 }} + component: agent + ports: + - name: agent-grpc + port: 12345 + protocol: TCP + targetPort: 12345 diff --git a/charts/nr-ebpf-agent/templates/otel-collector-config.yaml b/charts/nr-ebpf-agent/templates/otel-collector-config.yaml index f132eb7a0..8a3bd1e4f 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-config.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-config.yaml @@ -12,6 +12,11 @@ data: protocols: grpc: endpoint: $RECEIVER_ENDPOINT:4317 + {{- if eq .Values.tls.enabled true }} + tls: + cert_file: "{{ .Values.tls.autoGenerateCert.certPath }}tls.crt" + key_file: "{{ .Values.tls.autoGenerateCert.certPath }}tls.key" + {{- end}} processors: k8sattributes/local_k8s_md: auth_type: 'serviceAccount' diff --git a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml index 44460c625..54ad6c15b 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: DaemonSet metadata: @@ -67,6 +68,11 @@ spec: mountPath: /etc/otel/config.yaml subPath: config.yaml readOnly: true + {{- if eq .Values.tls.enabled true }} + - name: cert + mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" + readOnly: true + {{- end }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true serviceAccountName: {{ include "nr-ebpf-agent.fullname" . }}-collector @@ -87,3 +93,9 @@ spec: tolerations: {{- . | nindent 8 -}} {{- end }} + {{- if eq .Values.tls.enabled true }} + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} + {{- end }} diff --git a/charts/nr-ebpf-agent/templates/otel-collector.yaml b/charts/nr-ebpf-agent/templates/otel-collector-service.yaml similarity index 89% rename from charts/nr-ebpf-agent/templates/otel-collector.yaml rename to charts/nr-ebpf-agent/templates/otel-collector-service.yaml index 6a58cf44c..80f5a2a7b 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-service.yaml @@ -1,7 +1,8 @@ +--- apiVersion: v1 kind: Service metadata: - name: otel-collector + name: {{ include "otel-collector.service.name" . }} labels: app: opentelemetry component: otel-collector diff --git a/charts/nr-ebpf-agent/templates/secrets.yaml b/charts/nr-ebpf-agent/templates/secrets.yaml index 3379ec4d9..df587bc1f 100644 --- a/charts/nr-ebpf-agent/templates/secrets.yaml +++ b/charts/nr-ebpf-agent/templates/secrets.yaml @@ -1,3 +1,4 @@ +--- {{- $licenseKey := include "nr-ebpf-agent.licenseKey" . -}} {{- $customSecretLicenseKey := include "nr-ebpf-agent.customSecretKey" . -}} apiVersion: v1 @@ -15,3 +16,22 @@ data: {{- else }} NR_LICENSE_KEY: {{ required "secrets.licenseKey is required" .Values.licenseKey | b64enc | quote }} {{ end }} +--- +{{- $tls := fromYaml (include "nr-ebpf-agent-certificates.ebpfCert" .) }} +{{- if .Values.tls.autoGenerateCert.enabled }} +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} + annotations: + "helm.sh/hook": "pre-install,pre-upgrade" + "helm.sh/hook-delete-policy": "before-hook-creation" + labels: + {{- include "newrelic.common.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +data: + tls.crt: {{ $tls.clientCert }} + tls.key: {{ $tls.clientKey }} + ca.crt: {{ $tls.caCert }} +{{- end }} diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index 3a6f6da9b..4d19efcbf 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -131,3 +131,33 @@ nodeSelector: {} tolerations: [] # -- Sets all pods' affinities. Can be configured also with `global.affinity` affinity: {} +# -- Kubernetes cluster domain +kubernetesClusterDomain: cluster.local + +# -- tls make sure only requests with correctly formatted rules will get into the Operator +tls: + enabled: true + + ## TLS Certificate Option 1: Use Helm to automatically generate self-signed certificate. + ## autoGenerateCert must be enabled. + autoGenerateCert: + # -- If true, Helm will automatically create a self-signed cert and secret for you. + enabled: true + # -- If set to true, new key/certificate is generated on helm upgrade. + recreate: true + # -- Cert validity period time in days. + certPeriodDays: 365 + # -- Certificates path + certPath: "/tmp/ebpf/certs/" + + ## TLS Certificate Option 2: Use your own self-signed certificate. + ## autoGenerateCert must be disabled and certFile, keyFile, and caFile must be set. + ## The chart reads the contents of the file paths with the helm .Files.Get function. + ## Refer to this doc https://helm.sh/docs/chart_template_guide/accessing_files/ to understand + ## limitations of file paths accessible to the chart. + # -- Path to your own PEM-encoded certificate. + certFile: "" + # -- Path to your own PEM-encoded private key. + keyFile: "" + # -- Path to the CA cert. + caFile: "" From 4f2e421444a49b8c4b3df744a723b1000541f5c2 Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 5 Dec 2024 10:46:01 +0000 Subject: [PATCH 02/36] NR-346357: fix to the lint and test charts, version updated --- charts/nr-ebpf-agent/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/Chart.yaml b/charts/nr-ebpf-agent/Chart.yaml index 0277c99a2..f28edd63d 100644 --- a/charts/nr-ebpf-agent/Chart.yaml +++ b/charts/nr-ebpf-agent/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 dependencies: - name: common-library version: 1.3.0 From dd0285762926e0930e792f5b23959fb083937e88 Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 5 Dec 2024 11:46:56 +0000 Subject: [PATCH 03/36] NR-346357: fix for the lint and test charts, lookup issue --- charts/nr-ebpf-agent/templates/_tls.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl index 624d23b12..b87129788 100644 --- a/charts/nr-ebpf-agent/templates/_tls.tpl +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -8,7 +8,7 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $clientCert := "" }} {{- $clientKey := "" }} {{- if .Values.tls.autoGenerateCert.enabled }} - {{- $prevSecret := (lookup "v1" "Secret" "" (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} + {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} {{- $clientCert = index $prevSecret "data" "tls.crt" }} {{- $clientKey = index $prevSecret "data" "tls.key" }} From 8ddf5df97833ba951b056c4d58e1148218b3d7b4 Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 5 Dec 2024 13:13:25 +0000 Subject: [PATCH 04/36] NR-346357: fix for the lint and test charts, lookup fn issue --- .github/workflows/lint_test_charts.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint_test_charts.yaml b/.github/workflows/lint_test_charts.yaml index 76ff8accb..7a97f6d44 100644 --- a/.github/workflows/lint_test_charts.yaml +++ b/.github/workflows/lint_test_charts.yaml @@ -32,7 +32,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Set up helm-unittest run: helm plugin install https://github.com/helm-unittest/helm-unittest @@ -76,7 +76,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Install Minikube uses: manusa/actions-setup-minikube@v2.11.0 @@ -109,7 +109,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Add helm repositories run: | @@ -157,7 +157,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Add helm repositories run: | From 6fc7257402c6c03911ba9b02a63ede6b572b8d4e Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 5 Dec 2024 13:29:11 +0000 Subject: [PATCH 05/36] NR-346357: fix for the lint and test charts, gotpl issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index e0e45b52b..93b535310 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -90,3 +90,10 @@ Return the customSecretLicenseKey {{- "" -}} {{- end -}} {{- end -}} + +{{/* +Create otel collector receiver endpoint +*/}} +{{- define "nr-otel-collector-receiver.endpoint" -}} +{{- printf "dns:///%s.%s.svc.%s:4317" (include "otel-collector.service.name" .) .Release.Namespace .Values.kubernetesClusterDomain }} +{{- end }} From 11989574ce81769de1f1f99c028b395fd8bbfef4 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 30 Dec 2024 15:58:44 +0000 Subject: [PATCH 06/36] NR-346357: chart version updated --- charts/nr-ebpf-agent/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/Chart.yaml b/charts/nr-ebpf-agent/Chart.yaml index f28edd63d..e32eb0687 100644 --- a/charts/nr-ebpf-agent/Chart.yaml +++ b/charts/nr-ebpf-agent/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.1.14 dependencies: - name: common-library version: 1.3.0 From 8e6d8793c630afdfb21c6464fe93a3b79db86b23 Mon Sep 17 00:00:00 2001 From: nravada Date: Fri, 17 Jan 2025 17:46:46 +0000 Subject: [PATCH 07/36] NR-346357: added latest changes from eBPF repo to helm repo --- charts/nr-ebpf-agent/templates/_affinity.tpl | 21 +++ charts/nr-ebpf-agent/templates/_helpers.tpl | 81 ++++++---- charts/nr-ebpf-agent/templates/_naming.tpl | 12 ++ .../templates/_security-context.tpl | 43 +++++ .../nr-ebpf-agent/templates/_tolerations.tpl | 21 +++ .../templates/nr-ebpf-agent-daemonset.yaml | 39 ++++- .../templates/otel-collector-config.yaml | 19 ++- .../templates/otel-collector-daemonset.yaml | 52 ++++-- .../templates/otel-collector-rbac.yaml | 8 +- .../otel-collector-service-account.yaml | 4 +- charts/nr-ebpf-agent/templates/secrets.yaml | 6 +- charts/nr-ebpf-agent/values.yaml | 150 +++++++++++++----- 12 files changed, 355 insertions(+), 101 deletions(-) create mode 100644 charts/nr-ebpf-agent/templates/_affinity.tpl create mode 100644 charts/nr-ebpf-agent/templates/_security-context.tpl create mode 100644 charts/nr-ebpf-agent/templates/_tolerations.tpl diff --git a/charts/nr-ebpf-agent/templates/_affinity.tpl b/charts/nr-ebpf-agent/templates/_affinity.tpl new file mode 100644 index 000000000..2fbbddc9e --- /dev/null +++ b/charts/nr-ebpf-agent/templates/_affinity.tpl @@ -0,0 +1,21 @@ +{{- /* +A helper to return the affinity to apply to the ebpf daemonset. +*/ -}} +{{- define "nrEbpfAgent.ebpfAgent.affinity" -}} +{{- if .Values.ebpfAgent.affinity -}} + {{- toYaml .Values.ebpfAgent.affinity -}} +{{- else if include "newrelic.common.affinity" . -}} + {{- include "newrelic.common.affinity" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the affinity to apply to the Otel daemonset. +*/ -}} +{{- define "nrEbpfAgent.otelCollector.affinity" -}} +{{- if .Values.otelCollector.affinity -}} + {{- toYaml .Values.otelCollector.affinity -}} +{{- else if include "newrelic.common.affinity" . -}} + {{- include "newrelic.common.affinity" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 93b535310..80d5f2e94 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -52,48 +52,73 @@ Return the cluster name {{- end -}} {{- end -}} + + + {{/* -Return the licenseKey +Create otel collector receiver endpoint */}} -{{- define "nr-ebpf-agent.licenseKey" -}} -{{- if .Values.global }} - {{- if .Values.global.licenseKey }} - {{- .Values.global.licenseKey -}} - {{ else if .Values.global.insightsKey }} - {{- .Values.global.insightsKey -}} - {{ else }} - {{- .Values.licenseKey | default "" -}} - {{ end }} -{{- else -}} - {{- .Values.licenseKey | default "" -}} +{{- define "nr-otel-collector-receiver.endpoint" -}} +{{- printf "dns:///%s.%s.svc.%s:4317" (include "otel-collector.service.name" .) .Release.Namespace .Values.kubernetesClusterDomain }} +{{- end }} + +{{/* +Validate the user inputted quantile when sampling by latency. +*/}} +{{- define "validate.samplingLatency" -}} +{{- $validOptions := list "" "p1" "p10" "p50" "p90" "p99" -}} +{{- $protocol := .protocol -}} +{{- $latency := .latency -}} +{{- if not (has $latency $validOptions) -}} +{{- fail (printf "Invalid samplingLatency '%s' for protocol '%s'. Valid options are: %v" $latency $protocol $validOptions) -}} {{- end -}} {{- end -}} {{/* -Return the customSecretName +Validate the user inputted value when sampling by error rate. */}} -{{- define "nr-ebpf-agent.customSecretName" -}} -{{- if .Values.global }} - {{- .Values.global.customSecretName | default "" -}} -{{- else -}} - {{- "" -}} +{{- define "validate.samplingErrorRate" -}} +{{- $protocol := .protocol -}} +{{- $errorRateString := .errorRate -}} +{{- $errorRate := .errorRate | int -}} +{{- if or (lt $errorRate 1) (gt $errorRate 100) -}} +{{- fail (printf "Invalid samplingErrorRate '%s' for protocol '%s'. Valid range is between 1 and 100" $errorRateString $protocol) -}} {{- end -}} {{- end -}} {{/* -Return the customSecretLicenseKey +Pass environment variables to the agent container if tracing a specific protocol is to be disabled. */}} -{{- define "nr-ebpf-agent.customSecretKey" -}} -{{- if .Values.global }} - {{- .Values.customSecretLicenseKey | default "" -}} -{{- else -}} - {{- "" -}} -{{- end -}} +{{- define "generateTracingEnvVars" -}} +{{- range $protocol, $config := .Values.protocols }} + {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} + {{- $spansEnabled := and (hasKey $config "spans") (eq $config.spans.enabled true) }} + {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }} +- name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING + value: "0" + {{- end }} +{{- end }} {{- end -}} {{/* -Create otel collector receiver endpoint +Generate environment variables for disabling protocols and setting sampling latency. */}} -{{- define "nr-otel-collector-receiver.endpoint" -}} -{{- printf "dns:///%s.%s.svc.%s:4317" (include "otel-collector.service.name" .) .Release.Namespace .Values.kubernetesClusterDomain }} +{{- define "generateClientScriptEnvVars" -}} +{{- if .Values.protocols }} +{{- range $protocol, $config := .Values.protocols }} + {{- if and (hasKey $config "metrics") (eq $config.metrics.enabled false) }} +- name: NR_EBPF_ENABLE_{{ upper $protocol }}_METRICS + value: "0" + {{- end }} + {{- if (eq $config.spans.enabled false) }} +- name: NR_EBPF_ENABLE_{{ upper $protocol }}_SPANS + value: "0" + {{- end }} + {{- if (eq $config.spans.enabled true) }} + {{- include "validate.samplingLatency" (dict "protocol" $protocol "latency" $config.spans.samplingLatency) }} +- name: SAMPLE_{{ upper $protocol }}_LATENCY + value: "{{ $config.spans.samplingLatency | regexMatch "p1|p10|p50|p90|p99" | ternary $config.spans.samplingLatency "" }}" + {{- end }} +{{- end }} +{{- end }} {{- end }} diff --git a/charts/nr-ebpf-agent/templates/_naming.tpl b/charts/nr-ebpf-agent/templates/_naming.tpl index 134ee8b9a..d678800cc 100644 --- a/charts/nr-ebpf-agent/templates/_naming.tpl +++ b/charts/nr-ebpf-agent/templates/_naming.tpl @@ -10,3 +10,15 @@ {{- define "otel-collector.service.name" -}} {{- include "newrelic.common.naming.truncateToDNS" "otel-collector" }} {{- end }} + +{{- define "nr-ebpf-agent.otelconfig.name" -}} +{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config") -}} +{{- end -}} + +{{- define "nr-ebpf-agent.otelcollecter.name" -}} +{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "otel-collector") -}} +{{- end -}} + +{{- define "nr-ebpf-agent.collecter.name" -}} +{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "collector") -}} +{{- end -}} diff --git a/charts/nr-ebpf-agent/templates/_security-context.tpl b/charts/nr-ebpf-agent/templates/_security-context.tpl new file mode 100644 index 000000000..613aa877f --- /dev/null +++ b/charts/nr-ebpf-agent/templates/_security-context.tpl @@ -0,0 +1,43 @@ +{{- /* +A helper to return the pod security context apply to the ebpf daemonset. +*/ -}} +{{- define "nrEbpfAgent.ebpfAgent.securityContext.pod" -}} +{{- if .Values.ebpfAgent.podSecurityContext -}} + {{- toYaml .Values.ebpfAgent.podSecurityContext -}} +{{- else if include "newrelic.common.securityContext.pod" . -}} + {{- include "newrelic.common.securityContext.pod" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the pod security context apply to the Otel daemonset. +*/ -}} +{{- define "nrEbpfAgent.otelCollector.securityContext.pod" -}} +{{- if .Values.otelCollector.podSecurityContext -}} + {{- toYaml .Values.otelCollector.podSecurityContext -}} +{{- else if include "newrelic.common.securityContext.pod" . -}} + {{- include "newrelic.common.securityContext.pod" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the container security context apply to the ebpf daemonset. +*/ -}} +{{- define "nrEbpfAgent.ebpfAgent.securityContext.container" -}} +{{- if .Values.ebpfAgent.containerSecurityContext -}} + {{- toYaml .Values.ebpfAgent.containerSecurityContext -}} +{{- else if include "newrelic.common.securityContext.container" . -}} + {{- include "newrelic.common.securityContext.container" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the container security context apply to the Otel daemonset. +*/ -}} +{{- define "nrEbpfAgent.otelCollector.securityContext.container" -}} +{{- if .Values.otelCollector.containerSecurityContext -}} + {{- toYaml .Values.otelCollector.containerSecurityContext -}} +{{- else if include "newrelic.common.securityContext.container" . -}} + {{- include "newrelic.common.securityContext.container" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-ebpf-agent/templates/_tolerations.tpl b/charts/nr-ebpf-agent/templates/_tolerations.tpl new file mode 100644 index 000000000..f29efba98 --- /dev/null +++ b/charts/nr-ebpf-agent/templates/_tolerations.tpl @@ -0,0 +1,21 @@ +{{- /* +A helper to return the tolerations to apply to the ebpf daemonset. +*/ -}} +{{- define "nrEbpfAgent.ebpfAgent.tolerations" -}} +{{- if .Values.ebpfAgent.tolerations -}} + {{- toYaml .Values.ebpfAgent.tolerations -}} +{{- else if include "newrelic.common.tolerations" . -}} + {{- include "newrelic.common.tolerations" . -}} +{{- end -}} +{{- end -}} + +{{- /* +A helper to return the tolerations to apply to the Otel daemonset. +*/ -}} +{{- define "nrEbpfAgent.otelCollector.tolerations" -}} +{{- if .Values.otelCollector.tolerations -}} + {{- toYaml .Values.otelCollector.tolerations -}} +{{- else if include "newrelic.common.tolerations" . -}} + {{- include "newrelic.common.tolerations" . -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 3e9053ce3..8f910c961 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -19,7 +19,23 @@ spec: app: nr-ebpf-agent component: agent {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} + annotations: + checksum/config: "" + {{- with .Values.ebpfAgent.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: + {{- with include "nrEbpfAgent.ebpfAgent.securityContext.pod" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + {{- with include "newrelic.common.priorityClassName" . }} + priorityClassName: {{ . }} + {{- end }} + {{- with include "newrelic.common.dnsConfig" . }} + dnsConfig: + {{- . | nindent 8 }} + {{- end }} containers: - name: nr-ebpf-agent image: {{ .Values.ebpfAgent.image.repository }}:{{ .Values.ebpfAgent.image.tag }} @@ -30,6 +46,7 @@ spec: value: "/host" - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" + {{- include "generateTracingEnvVars" . | indent 10 }} {{- if .Values.protocols }} {{- range $protocol, $config := .Values.protocols }} {{- if (eq $config.enabled false) }} @@ -83,6 +100,12 @@ spec: value: {{ include "nr-otel-collector-receiver.endpoint" .}} - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" + {{- include "generateClientScriptEnvVars" . | nindent 10 }} + {{- if .Values.protocols.http.spans.samplingErrorRate}} + {{- include "validate.samplingErrorRate" (dict "protocol" "http" "errorRate" .Values.protocols.http.spans.samplingErrorRate) }} + - name: SAMPLE_HTTP_ERROR_RATE + value: "{{ .Values.protocols.http.spans.samplingErrorRate | default "0"}}" + {{- end }} {{- if .Values.protocols }} {{- range $protocol, $config := .Values.protocols }} {{- if (eq $config.enabled false) }} @@ -136,17 +159,17 @@ spec: nodeSelector: {{- . | nindent 8 -}} {{- end }} - {{- with include "newrelic.common.affinity" . }} - affinity: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 -}} - {{- end }} {{- if eq .Values.tls.enabled true }} - name: cert secret: defaultMode: 420 secretName: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} {{- end }} + {{- with include "nrEbpfAgent.ebpfAgent.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + {{- with include "nrEbpfAgent.ebpfAgent.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/nr-ebpf-agent/templates/otel-collector-config.yaml b/charts/nr-ebpf-agent/templates/otel-collector-config.yaml index 8a3bd1e4f..60caf6ea4 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-config.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "nr-ebpf-agent.fullname" . }}-config + name: {{ include "nr-ebpf-agent.otelconfig.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} data: @@ -133,10 +133,18 @@ data: error_mode: ignore # If for some reason this throws an exception we'll log it and not drop data. traces: span: + {{- if .Values.allowServiceNameRegex }} + - 'not IsMatch(resource.attributes["k8s.service.name"], "${ALLOW_SERVICE_NAME_REGEX}") and IsMatch(resource.attributes["k8s.service.name"], "${DROP_SERVICE_NAME_REGEX}")' + {{- else }} - 'IsMatch(resource.attributes["k8s.service.name"], "${DROP_SERVICE_NAME_REGEX}")' + {{- end }} metrics: metric: + {{- if .Values.allowServiceNameRegex }} + - 'not IsMatch(resource.attributes["k8s.service.name"], "${ALLOW_SERVICE_NAME_REGEX}") and IsMatch(resource.attributes["k8s.service.name"], "${DROP_SERVICE_NAME_REGEX}")' + {{- else }} - 'IsMatch(resource.attributes["k8s.service.name"], "${DROP_SERVICE_NAME_REGEX}")' + {{- end }} resource/setup_for_export: # Setup the resource attr. to export to the endpoint. @@ -174,6 +182,11 @@ data: headers: "api-key": "$NR_LICENSE_KEY" service: + {{- if include "newrelic.common.verboseLog" . }} + telemetry: + logs: + level: "debug" + {{- end }} pipelines: traces: receivers: @@ -182,7 +195,9 @@ data: - resource/setup_for_local_k8s_md - k8sattributes/local_k8s_md - filter/nill_service_names + {{- if .Values.dropAPMEnabledPods}} - filter/apm_instrumented_pods + {{- end}} {{- if .Values.dropDataKubeSystem}} - filter/kube_system {{- end}} @@ -207,7 +222,9 @@ data: - resource/setup_for_local_k8s_md - k8sattributes/local_k8s_md - filter/nill_service_names + {{- if .Values.dropAPMEnabledPods}} - filter/apm_instrumented_pods + {{- end}} {{- if .Values.dropDataKubeSystem}} - filter/kube_system {{- end}} diff --git a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml index 27ae5a73a..9ed498d7c 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml @@ -19,9 +19,29 @@ spec: app: opentelemetry component: otel-collector {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} + annotations: + checksum/config: "" + {{- with .Values.otelCollector.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: + {{- with include "nrEbpfAgent.otelCollector.securityContext.pod" . }} + securityContext: + {{- . | nindent 8 }} + {{- end }} + {{- with include "newrelic.common.priorityClassName" . }} + priorityClassName: {{ . }} + {{- end }} + {{- with include "newrelic.common.dnsConfig" . }} + dnsConfig: + {{- . | nindent 8 }} + {{- end }} containers: - name: otel-collector + {{- with include "nrEbpfAgent.otelCollector.securityContext.container" . }} + securityContext: + {{- . | nindent 12 }} + {{- end }} image: {{ .Values.otelCollector.image.repository }}:{{ .Values.otelCollector.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.otelCollector.image.pullPolicy }} resources: {{- toYaml .Values.otelCollector.resources | nindent 10}} @@ -39,15 +59,15 @@ spec: - name: NR_LICENSE_KEY valueFrom: secretKeyRef: - {{- if (include "nr-ebpf-agent.licenseKey" .) }} + {{- if (include "newrelic.common.license._licenseKey" .) }} key: NR_LICENSE_KEY name: nr-ebpf-agent-secrets {{- else }} - name: {{ include "nr-ebpf-agent.customSecretName" . }} - key: {{ include "nr-ebpf-agent.customSecretLicenseKey" . }} + name: {{ include "newrelic.common.license._customSecretName" . }} + key: {{ include "newrelic.common.license._customSecretKey" . }} {{- end }} - name: NR_OTLP_ENDPOINT - {{- if .Values.nrStaging }} + {{- if (include "newrelic.common.nrStaging" .) }} value: "staging-otlp.nr-data.net:4317" {{- else }} value: "otlp.nr-data.net:4317" @@ -61,10 +81,12 @@ spec: - name: CLUSTER_NAME valueFrom: configMapKeyRef: - name: {{ include "nr-ebpf-agent.fullname" . }}-config + name: {{ include "nr-ebpf-agent.otelconfig.name" . }} key: clusterName - name: DROP_SERVICE_NAME_REGEX value: "{{- .Values.dropDataServiceNameRegex }}" + - name: ALLOW_SERVICE_NAME_REGEX + value: "{{- .Values.allowServiceNameRegex }}" ports: - containerPort: 4317 volumeMounts: @@ -79,27 +101,27 @@ spec: {{- end }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true - serviceAccountName: {{ include "nr-ebpf-agent.fullname" . }}-collector + serviceAccountName: {{ include "nr-ebpf-agent.collecter.name" . }} terminationGracePeriodSeconds: 30 volumes: - name: data configMap: - name: {{ include "nr-ebpf-agent.fullname" . }}-config + name: {{ include "nr-ebpf-agent.otelconfig.name" . }} {{- with include "newrelic.common.nodeSelector" . }} nodeSelector: {{- . | nindent 8 -}} {{- end }} - {{- with include "newrelic.common.affinity" . }} - affinity: - {{- . | nindent 8 -}} - {{- end }} - {{- with include "newrelic.common.tolerations" . }} - tolerations: - {{- . | nindent 8 -}} - {{- end }} {{- if eq .Values.tls.enabled true }} - name: cert secret: defaultMode: 420 secretName: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} {{- end }} + {{- with include "nrEbpfAgent.otelCollector.affinity" . }} + affinity: + {{- . | nindent 8 }} + {{- end }} + {{- with include "nrEbpfAgent.otelCollector.tolerations" . }} + tolerations: + {{- . | nindent 8 }} + {{- end }} diff --git a/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml b/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml index 161f04c89..e71841dca 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "nr-ebpf-agent.fullname" . }}-otel-collector + name: {{ include "nr-ebpf-agent.otelcollecter.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} rules: @@ -29,14 +29,14 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "nr-ebpf-agent.fullname" . }}-otel-collector + name: {{ include "nr-ebpf-agent.otelcollecter.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: '{{ include "nr-ebpf-agent.fullname" . }}-otel-collector' + name: {{ include "nr-ebpf-agent.otelcollecter.name" . }} subjects: - kind: ServiceAccount - name: '{{ include "nr-ebpf-agent.fullname" . }}-collector' + name: {{ include "nr-ebpf-agent.collecter.name" . }} namespace: '{{ .Release.Namespace }}' diff --git a/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml b/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml index b86016be3..6ce437848 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml @@ -1,8 +1,10 @@ +{{- if include "newrelic.common.serviceAccount.create" . }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "nr-ebpf-agent.fullname" . }}-collector + name: {{ include "nr-ebpf-agent.collecter.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} annotations: {{- toYaml .Values.otelCollector.collector.serviceAccount.annotations | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/nr-ebpf-agent/templates/secrets.yaml b/charts/nr-ebpf-agent/templates/secrets.yaml index df587bc1f..6a73c50a7 100644 --- a/charts/nr-ebpf-agent/templates/secrets.yaml +++ b/charts/nr-ebpf-agent/templates/secrets.yaml @@ -1,6 +1,6 @@ --- -{{- $licenseKey := include "nr-ebpf-agent.licenseKey" . -}} -{{- $customSecretLicenseKey := include "nr-ebpf-agent.customSecretKey" . -}} +{{- $licenseKey := include "newrelic.common.license._licenseKey" . -}} +{{- $customSecretLicenseKey := include "newrelic.common.license._customSecretKey" . -}} apiVersion: v1 kind: Secret metadata: @@ -15,7 +15,7 @@ data: NR_LICENSE_KEY: "" {{- else }} NR_LICENSE_KEY: {{ required "secrets.licenseKey is required" .Values.licenseKey | b64enc | quote }} - {{ end }} + {{- end }} --- {{- $tls := fromYaml (include "nr-ebpf-agent-certificates.ebpfCert" .) }} {{- if .Values.tls.autoGenerateCert.enabled }} diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index 4d19efcbf..c68adc0db 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -1,58 +1,95 @@ +--- # -- Name of the Kubernetes cluster to be monitored. Mandatory. Can be configured with `global.cluster` cluster: "" # -- The license key to use. Can be configured with `global.licenseKey` licenseKey: "" -# -- Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. Staging (staging-otlp.nr-data.net:4317) otherwise. Requires a valid staging license key. Can also be configured with global.nrStaging. +# -- In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` +customSecretName: "" +# -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` +customSecretLicenseKey: "" +# Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. +# Staging (staging-otlp.nr-data.net:4317) otherwise. nrStaging: false -# -- Configures the agent to send all data through the proxy specified via the otel collector. +# Configures the agent to send all data through the proxy specified via the otel collector. proxy: "" -# -- Drop data when service names map to an IP address. +# Drop data where to service names mapps to an IP address dropDataIpServiceNames: true -# -- Drop data from the kube-system namespace. +# Drop data from to the kube-system namespace dropDataKubeSystem: true -# -- Drop data from the newrelic namespace. +# Drop data from the newrelic namespace dropDataNewRelic: true -# -- Define a regex to mach service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax -dropDataServiceNameRegex: "gmp-.*" -# -- The primary lever to control RAM use of the eBPF agent. Specified in MiB. +# Drop data from pods that are monitored by New Relic APM via auto attach. +dropAPMEnabledPods: true +# Define a regex to mach service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" +# see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax +dropDataServiceNameRegex: "" +# This config acts as a bypass for the dropDataServiceNameRegex config. +# Service names that match this regex will not have their data dropped by the dropDataServiceNameRegex. +# If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. +allowServiceNameRegex: "" +# The primary lever to control RAM use of the eBPF agent. Specified in MiB. tableStoreDataLimitMB: "250" -# -- The source connectors (and data export scripts) to enable. +# The source connectors (and data export scripts) to enable. # Note that socket_tracer tracks http, mysql, redis, mongodb, amqp, cassandra, dns, and postgresql -# while tcp_stats tracks TCP metrics. -stirlingSources: "socket_tracer,tcp_stats" -# -- The protocols to enable for tracing in the socket_tracer. +# while tcp_stats tracks TCP metrics and jvm_stats tracks JVM metrics. +stirlingSources: "socket_tracer,tcp_stats,jvm_stats" +# The protocols to enable for tracing in the socket_tracer. # samplingLatency represents the sampling latency threshold for the spans to export. # Options: p1, p10, p50, p90, p99. protocols: http: - enabled: true - samplingLatency: "" - kafka: - enabled: true - samplingLatency: "" + metrics: + enabled: true + spans: + enabled: true + samplingLatency: "" + # samplingErrorRate represents the error rate threshold for an HTTP route where surpassing it would mean the corresponds spans of the route are exported. + # Options: 1-100 + samplingErrorRate: "" mysql: - enabled: true - samplingLatency: "" + metrics: + enabled: true + spans: + enabled: false + samplingLatency: "" + pgsql: + metrics: + enabled: true + spans: + enabled: false + samplingLatency: "" + cass: + metrics: + enabled: true + spans: + enabled: false + samplingLatency: "" redis: - enabled: true - samplingLatency: "" + metrics: + enabled: true + spans: + enabled: false + samplingLatency: "" mongodb: - enabled: true - samplingLatency: "" + metrics: + enabled: true + spans: + enabled: false + samplingLatency: "" + kafka: + spans: + enabled: false + samplingLatency: "" amqp: - enabled: true - samplingLatency: "" - cass: - enabled: true - samplingLatency: "" + spans: + enabled: false + samplingLatency: "" dns: - enabled: true - samplingLatency: "" - pgsql: - enabled: true - samplingLatency: "" + spans: + enabled: false + samplingLatency: "" -# -- The periodicity in seconds at which the eBPF agent pushes data to the OTel collector for export to NR. +# The periodicity in seconds at which the eBPF client pushes data to the OTel collector for export to NR. # The eBPF agent applies a request path clustering algorithm to reduce cardinality in exported HTTP data. # The algorithm only looks for similar request paths within data of the same push period. # To increase the window under consideration for cardinality reduction, increase this value. Accepted range: 15-60. @@ -62,11 +99,11 @@ pushPeriod: "15" ebpfAgent: image: # -- eBPF agent image to be deployed. - repository: us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/ebpf-agent + repository: docker.io/newrelic/newrelic-ebpf-agent # -- The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. pullPolicy: IfNotPresent # -- The tag of the eBPF agent image to be deployed. - tag: 0.0.5 + tag: nr-ebpf-agent_0.0.5 resources: limits: # -- Max memory allocated to the container. @@ -76,16 +113,27 @@ ebpfAgent: cpu: 100m # -- Min memory allocated to the container. memory: 250Mi + # -- Sets ebpfAgent pod tolerations. Overrides `tolerations` and `global.tolerations` + tolerations: [] + # -- Sets ebpfAgent pod affinities. Overrides `affinity` and `global.affinity` + affinity: {} + # -- Sets ebpfAgent pod Annotations. Overrides `podAnnotations` and `global.podAnnotations` + podAnnotations: {} + # -- Sets ebpfAgent pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` + podSecurityContext: {} + # -- Sets ebpfAgent pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` + containerSecurityContext: + privileged: true # Configuration to apply on the eBPF client daemonset. ebpfClient: image: # -- eBPF client image to be deployed. - repository: us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/ebpf-client + repository: docker.io/newrelic/newrelic-ebpf-agent # -- The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. pullPolicy: IfNotPresent # -- The tag of the eBPF client image to be deployed. - tag: 0.0.7 + tag: nr-ebpf-client_0.0.7 resources: limits: # -- Max memory allocated to the container. @@ -100,11 +148,11 @@ ebpfClient: otelCollector: image: # -- OpenTelemetry collector image to be deployed. - repository: us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/nr-ebpf-otel-collector + repository: docker.io/newrelic/newrelic-ebpf-agent # -- The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. pullPolicy: IfNotPresent # -- The tag of the OpenTelemetry collector image to be deployed. - tag: 0.0.1 + tag: nr-ebpf-otel-collector_0.0.1 resources: limits: # -- Max CPU allocated to the container. @@ -116,6 +164,16 @@ otelCollector: cpu: 100m # -- Min memory allocated to the container. memory: 200Mi + # -- Sets otelCollector pod tolerations. Overrides `tolerations` and `global.tolerations` + tolerations: [] + # -- Sets otelCollector pod affinities. Overrides `affinity` and `global.affinity` + affinity: {} + # -- Sets otelCollector pod Annotations. Overrides `podAnnotations` and `global.podAnnotations` + podAnnotations: {} + # -- Sets otelCollector pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` + podSecurityContext: {} + # -- Sets otelCollector pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` + containerSecurityContext: {} collector: serviceAccount: # -- Annotations for the OTel collector service account. @@ -125,15 +183,25 @@ otelCollector: podLabels: {} # -- Additional labels for chart objects labels: {} +# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` +priorityClassName: "" +# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` +dnsConfig: {} # -- Sets all pods' node selector. Can be configured also with `global.nodeSelector` nodeSelector: {} # -- Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` tolerations: [] # -- Sets all pods' affinities. Can be configured also with `global.affinity` affinity: {} +# -- Sets all pods' podSecurityContext. Can be configured also with `global.securityContext.pod` +podSecurityContext: {} +# -- Sets all pods' containerSecurityContext. Can be configured also with `global.securityContext.container` +containerSecurityContext: {} # -- Kubernetes cluster domain kubernetesClusterDomain: cluster.local - +# -- (bool) Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` +# @default -- `false` +verboseLog: # -- tls make sure only requests with correctly formatted rules will get into the Operator tls: enabled: true From e3f8bd8e3c1a5e408ffe69c5e682b1e4c5a7aa8a Mon Sep 17 00:00:00 2001 From: nravada Date: Fri, 17 Jan 2025 18:05:46 +0000 Subject: [PATCH 08/36] NR-346357: fixed the check spelling issue --- charts/nr-ebpf-agent/templates/_naming.tpl | 4 ++-- .../nr-ebpf-agent/templates/otel-collector-daemonset.yaml | 2 +- charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml | 8 ++++---- .../templates/otel-collector-service-account.yaml | 2 +- charts/nr-ebpf-agent/values.yaml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_naming.tpl b/charts/nr-ebpf-agent/templates/_naming.tpl index d678800cc..9257c5680 100644 --- a/charts/nr-ebpf-agent/templates/_naming.tpl +++ b/charts/nr-ebpf-agent/templates/_naming.tpl @@ -15,10 +15,10 @@ {{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config") -}} {{- end -}} -{{- define "nr-ebpf-agent.otelcollecter.name" -}} +{{- define "nr-ebpf-agent.otelcollector.name" -}} {{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "otel-collector") -}} {{- end -}} -{{- define "nr-ebpf-agent.collecter.name" -}} +{{- define "nr-ebpf-agent.collector.name" -}} {{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "collector") -}} {{- end -}} diff --git a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml index 9ed498d7c..fef73d84d 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml @@ -101,7 +101,7 @@ spec: {{- end }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true - serviceAccountName: {{ include "nr-ebpf-agent.collecter.name" . }} + serviceAccountName: {{ include "nr-ebpf-agent.collector.name" . }} terminationGracePeriodSeconds: 30 volumes: - name: data diff --git a/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml b/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml index e71841dca..ef19c30be 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "nr-ebpf-agent.otelcollecter.name" . }} + name: {{ include "nr-ebpf-agent.otelcollector.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} rules: @@ -29,14 +29,14 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "nr-ebpf-agent.otelcollecter.name" . }} + name: {{ include "nr-ebpf-agent.otelcollector.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "nr-ebpf-agent.otelcollecter.name" . }} + name: {{ include "nr-ebpf-agent.otelcollector.name" . }} subjects: - kind: ServiceAccount - name: {{ include "nr-ebpf-agent.collecter.name" . }} + name: {{ include "nr-ebpf-agent.collector.name" . }} namespace: '{{ .Release.Namespace }}' diff --git a/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml b/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml index 6ce437848..10e6f220d 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-service-account.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "nr-ebpf-agent.collecter.name" . }} + name: {{ include "nr-ebpf-agent.collector.name" . }} labels: {{- include "newrelic.common.labels" . | nindent 4 }} annotations: diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index c68adc0db..f6dc2195d 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -23,9 +23,9 @@ dropAPMEnabledPods: true # Define a regex to mach service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" # see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax dropDataServiceNameRegex: "" -# This config acts as a bypass for the dropDataServiceNameRegex config. +# This config acts as a bypass for the dropDataServiceNameRegex config. # Service names that match this regex will not have their data dropped by the dropDataServiceNameRegex. -# If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. +# If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. allowServiceNameRegex: "" # The primary lever to control RAM use of the eBPF agent. Specified in MiB. tableStoreDataLimitMB: "250" From c45f8dbc0e64a2ed4f62613725767a6cab6614c7 Mon Sep 17 00:00:00 2001 From: nravada Date: Fri, 17 Jan 2025 18:56:15 +0000 Subject: [PATCH 09/36] NR-346357: removed the old code that generates env vars for protocols --- .../templates/nr-ebpf-agent-daemonset.yaml | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 8f910c961..3dc88ef19 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -47,14 +47,6 @@ spec: - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" {{- include "generateTracingEnvVars" . | indent 10 }} - {{- if .Values.protocols }} - {{- range $protocol, $config := .Values.protocols }} - {{- if (eq $config.enabled false) }} - - name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING - value: "0" - {{- end }} - {{- end }} - {{- end }} - name: KUBERNETES_CLUSTER_DOMAIN value: "cluster.local" - name: PL_TABLE_STORE_DATA_LIMIT_MB @@ -106,18 +98,6 @@ spec: - name: SAMPLE_HTTP_ERROR_RATE value: "{{ .Values.protocols.http.spans.samplingErrorRate | default "0"}}" {{- end }} - {{- if .Values.protocols }} - {{- range $protocol, $config := .Values.protocols }} - {{- if (eq $config.enabled false) }} - - name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING - value: "0" - {{- end }} - {{- if (eq $config.enabled true) }} - - name: SAMPLE_{{ upper $protocol }}_LATENCY - value: {{ $config.samplingLatency | regexMatch "p1|p10|p50|p90|p99" | ternary $config.samplingLatency "p1" }} - {{- end }} - {{- end }} - {{- end }} # TODO(kpattaswamy): Once we implement TLS, we should make this configurable again - name: IS_INSECURE value: "True" From b7f3c63e14b7dbe3a388e2f6ee982438fb0c33eb Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 16:04:28 +0530 Subject: [PATCH 10/36] Handled lint chart test error --- charts/nr-ebpf-agent/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 80d5f2e94..9661c4360 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -91,8 +91,8 @@ Pass environment variables to the agent container if tracing a specific protocol */}} {{- define "generateTracingEnvVars" -}} {{- range $protocol, $config := .Values.protocols }} - {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} - {{- $spansEnabled := and (hasKey $config "spans") (eq $config.spans.enabled true) }} + {{- $metricsEnabled := and (hasKey $config "metrics") (hasKey $config.metrics "enabled") (eq $config.metrics.enabled true) }} + {{- $spansEnabled := and (hasKey $config "spans") (hasKey $config.spans "enabled") (eq $config.spans.enabled true) }} {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }} - name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING value: "0" From 4c3e0eb9417730a49cdfec52e40af31378aedab5 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 11:20:41 +0000 Subject: [PATCH 11/36] handled lint chart issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 4 ++-- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 9661c4360..80d5f2e94 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -91,8 +91,8 @@ Pass environment variables to the agent container if tracing a specific protocol */}} {{- define "generateTracingEnvVars" -}} {{- range $protocol, $config := .Values.protocols }} - {{- $metricsEnabled := and (hasKey $config "metrics") (hasKey $config.metrics "enabled") (eq $config.metrics.enabled true) }} - {{- $spansEnabled := and (hasKey $config "spans") (hasKey $config.spans "enabled") (eq $config.spans.enabled true) }} + {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} + {{- $spansEnabled := and (hasKey $config "spans") (eq $config.spans.enabled true) }} {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }} - name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING value: "0" diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 3dc88ef19..d2c5ad516 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -46,7 +46,7 @@ spec: value: "/host" - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" - {{- include "generateTracingEnvVars" . | indent 10 }} + {{- include "generateTracingEnvVars" . | default "false" | indent 10 }} - name: KUBERNETES_CLUSTER_DOMAIN value: "cluster.local" - name: PL_TABLE_STORE_DATA_LIMIT_MB @@ -92,7 +92,7 @@ spec: value: {{ include "nr-otel-collector-receiver.endpoint" .}} - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" - {{- include "generateClientScriptEnvVars" . | nindent 10 }} + {{- include "generateClientScriptEnvVars" . | default "false" | nindent 10 }} {{- if .Values.protocols.http.spans.samplingErrorRate}} {{- include "validate.samplingErrorRate" (dict "protocol" "http" "errorRate" .Values.protocols.http.spans.samplingErrorRate) }} - name: SAMPLE_HTTP_ERROR_RATE From 30ac18169973e38dd2e0c48ecd488cd005708fd4 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 11:26:23 +0000 Subject: [PATCH 12/36] handled lint chart issue --- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index d2c5ad516..3dc88ef19 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -46,7 +46,7 @@ spec: value: "/host" - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" - {{- include "generateTracingEnvVars" . | default "false" | indent 10 }} + {{- include "generateTracingEnvVars" . | indent 10 }} - name: KUBERNETES_CLUSTER_DOMAIN value: "cluster.local" - name: PL_TABLE_STORE_DATA_LIMIT_MB @@ -92,7 +92,7 @@ spec: value: {{ include "nr-otel-collector-receiver.endpoint" .}} - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" - {{- include "generateClientScriptEnvVars" . | default "false" | nindent 10 }} + {{- include "generateClientScriptEnvVars" . | nindent 10 }} {{- if .Values.protocols.http.spans.samplingErrorRate}} {{- include "validate.samplingErrorRate" (dict "protocol" "http" "errorRate" .Values.protocols.http.spans.samplingErrorRate) }} - name: SAMPLE_HTTP_ERROR_RATE From 1c54feaee342721c5b32e6b04c4aa799d407ce00 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 11:38:02 +0000 Subject: [PATCH 13/36] handled lint chart issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 80d5f2e94..4396f2831 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -91,7 +91,11 @@ Pass environment variables to the agent container if tracing a specific protocol */}} {{- define "generateTracingEnvVars" -}} {{- range $protocol, $config := .Values.protocols }} - {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} + {{- if (hasKey $config "metrics") }} + {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} + {{- else }} + {{- $metricsEnabled := false }} + {{- end }} {{- $spansEnabled := and (hasKey $config "spans") (eq $config.spans.enabled true) }} {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }} - name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING From 37d333d9a8c7017101cf6b77a6297feef14f0cd1 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 11:41:39 +0000 Subject: [PATCH 14/36] handled lint chart issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 4396f2831..31b95464c 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -91,6 +91,7 @@ Pass environment variables to the agent container if tracing a specific protocol */}} {{- define "generateTracingEnvVars" -}} {{- range $protocol, $config := .Values.protocols }} + {{- $metricsEnabled := false }} {{- if (hasKey $config "metrics") }} {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} {{- else }} From 739807677069c6fe01063b5137ab8a43d5f2f302 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 11:47:57 +0000 Subject: [PATCH 15/36] handled lint chart issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 31b95464c..5e41f22a5 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -111,9 +111,11 @@ Generate environment variables for disabling protocols and setting sampling late {{- define "generateClientScriptEnvVars" -}} {{- if .Values.protocols }} {{- range $protocol, $config := .Values.protocols }} - {{- if and (hasKey $config "metrics") (eq $config.metrics.enabled false) }} + {{- if (hasKey $config "metrics") }} + {{- if and (hasKey $config "metrics") (eq $config.metrics.enabled false) }} - name: NR_EBPF_ENABLE_{{ upper $protocol }}_METRICS value: "0" + {{- end }} {{- end }} {{- if (eq $config.spans.enabled false) }} - name: NR_EBPF_ENABLE_{{ upper $protocol }}_SPANS From ab367b7783f720dfeabfd89f40f727c0cc444c91 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 14:03:01 +0000 Subject: [PATCH 16/36] handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/_tls.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl index b87129788..144c60c67 100644 --- a/charts/nr-ebpf-agent/templates/_tls.tpl +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -7,7 +7,8 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $caCert := "" }} {{- $clientCert := "" }} {{- $clientKey := "" }} -{{- if .Values.tls.autoGenerateCert.enabled }} +{{- $enabletls := .Values.tls.autoGenerateCert.enabled | default true}} +{{- if .$enabletls }} {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} {{- $clientCert = index $prevSecret "data" "tls.crt" }} From 301b7da8294bbf61f91d29739a4c501adce4d8d0 Mon Sep 17 00:00:00 2001 From: nravada Date: Mon, 20 Jan 2025 14:08:15 +0000 Subject: [PATCH 17/36] handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/_tls.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl index 144c60c67..42cabc544 100644 --- a/charts/nr-ebpf-agent/templates/_tls.tpl +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -8,7 +8,7 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $clientCert := "" }} {{- $clientKey := "" }} {{- $enabletls := .Values.tls.autoGenerateCert.enabled | default true}} -{{- if .$enabletls }} +{{- if $enabletls }} {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} {{- $clientCert = index $prevSecret "data" "tls.crt" }} From c6cdc729b34c6f968210c757dc4b4694a277d6f2 Mon Sep 17 00:00:00 2001 From: nravada Date: Tue, 21 Jan 2025 09:17:46 +0000 Subject: [PATCH 18/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/_tls.tpl | 48 +++++++++++++------------ 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl index 42cabc544..e1c8778e8 100644 --- a/charts/nr-ebpf-agent/templates/_tls.tpl +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -7,31 +7,33 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $caCert := "" }} {{- $clientCert := "" }} {{- $clientKey := "" }} -{{- $enabletls := .Values.tls.autoGenerateCert.enabled | default true}} -{{- if $enabletls }} - {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} - {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} - {{- $clientCert = index $prevSecret "data" "tls.crt" }} - {{- $clientKey = index $prevSecret "data" "tls.key" }} - {{- $caCert = index $prevSecret "data" "ca.crt" }} +{{- $config := .Values }} +{{- if (hasKey $config "tls") }} + {{- if .Values.tls.autoGenerateCert.enabled }} + {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} + {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} + {{- $clientCert = index $prevSecret "data" "tls.crt" }} + {{- $clientKey = index $prevSecret "data" "tls.key" }} + {{- $caCert = index $prevSecret "data" "ca.crt" }} + {{- else }} + {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }} + {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }} + {{- $domain1 := printf "%s.%s.svc" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }} + {{- $domain2 := printf "%s.%s.svc.%s" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} + {{- $domain3 := printf "%s.%s.svc" (include "otel-collector.service.name" .) $.Release.Namespace }} + {{- $domain4 := printf "%s.%s.svc.%s" (include "otel-collector.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} + {{- $domains := list $domain1 $domain2 $domain3 $domain4 }} + {{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }} + {{- $clientCert = b64enc $cert.Cert }} + {{- $clientKey = b64enc $cert.Key }} + {{- $caCert = b64enc $ca.Cert }} + {{- end }} {{- else }} - {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }} - {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }} - {{- $domain1 := printf "%s.%s.svc" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }} - {{- $domain2 := printf "%s.%s.svc.%s" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} - {{- $domain3 := printf "%s.%s.svc" (include "otel-collector.service.name" .) $.Release.Namespace }} - {{- $domain4 := printf "%s.%s.svc.%s" (include "otel-collector.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} - {{- $domains := list $domain1 $domain2 $domain3 $domain4 }} - {{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }} - {{- $clientCert = b64enc $cert.Cert }} - {{- $clientKey = b64enc $cert.Key }} - {{- $caCert = b64enc $ca.Cert }} + {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }} + {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }} + {{- $caCert = .Files.Get .Values.tls.caFile | b64enc }} {{- end }} -{{- else }} - {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }} - {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }} - {{- $caCert = .Files.Get .Values.tls.caFile | b64enc }} -{{- end }} +{{- end }} {{- $result := dict "clientCert" $clientCert "clientKey" $clientKey "caCert" $caCert }} {{- $result | toYaml }} {{- end }} From 5ff48ea0c9c9a30588fed08541eec96baffb4091 Mon Sep 17 00:00:00 2001 From: nravada Date: Tue, 21 Jan 2025 09:54:07 +0000 Subject: [PATCH 19/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/_tls.tpl | 47 ++++++++++----------- charts/nr-ebpf-agent/templates/secrets.yaml | 3 ++ 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl index e1c8778e8..b87129788 100644 --- a/charts/nr-ebpf-agent/templates/_tls.tpl +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -7,33 +7,30 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $caCert := "" }} {{- $clientCert := "" }} {{- $clientKey := "" }} -{{- $config := .Values }} -{{- if (hasKey $config "tls") }} - {{- if .Values.tls.autoGenerateCert.enabled }} - {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} - {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} - {{- $clientCert = index $prevSecret "data" "tls.crt" }} - {{- $clientKey = index $prevSecret "data" "tls.key" }} - {{- $caCert = index $prevSecret "data" "ca.crt" }} - {{- else }} - {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }} - {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }} - {{- $domain1 := printf "%s.%s.svc" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }} - {{- $domain2 := printf "%s.%s.svc.%s" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} - {{- $domain3 := printf "%s.%s.svc" (include "otel-collector.service.name" .) $.Release.Namespace }} - {{- $domain4 := printf "%s.%s.svc.%s" (include "otel-collector.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} - {{- $domains := list $domain1 $domain2 $domain3 $domain4 }} - {{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }} - {{- $clientCert = b64enc $cert.Cert }} - {{- $clientKey = b64enc $cert.Key }} - {{- $caCert = b64enc $ca.Cert }} - {{- end }} +{{- if .Values.tls.autoGenerateCert.enabled }} + {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} + {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} + {{- $clientCert = index $prevSecret "data" "tls.crt" }} + {{- $clientKey = index $prevSecret "data" "tls.key" }} + {{- $caCert = index $prevSecret "data" "ca.crt" }} {{- else }} - {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }} - {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }} - {{- $caCert = .Files.Get .Values.tls.caFile | b64enc }} + {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }} + {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }} + {{- $domain1 := printf "%s.%s.svc" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }} + {{- $domain2 := printf "%s.%s.svc.%s" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} + {{- $domain3 := printf "%s.%s.svc" (include "otel-collector.service.name" .) $.Release.Namespace }} + {{- $domain4 := printf "%s.%s.svc.%s" (include "otel-collector.service.name" .) $.Release.Namespace $.Values.kubernetesClusterDomain }} + {{- $domains := list $domain1 $domain2 $domain3 $domain4 }} + {{- $cert := genSignedCert (include "newrelic.common.naming.fullname" .) nil $domains $certValidity $ca }} + {{- $clientCert = b64enc $cert.Cert }} + {{- $clientKey = b64enc $cert.Key }} + {{- $caCert = b64enc $ca.Cert }} {{- end }} -{{- end }} +{{- else }} + {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }} + {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }} + {{- $caCert = .Files.Get .Values.tls.caFile | b64enc }} +{{- end }} {{- $result := dict "clientCert" $clientCert "clientKey" $clientKey "caCert" $caCert }} {{- $result | toYaml }} {{- end }} diff --git a/charts/nr-ebpf-agent/templates/secrets.yaml b/charts/nr-ebpf-agent/templates/secrets.yaml index 6a73c50a7..9c69b080b 100644 --- a/charts/nr-ebpf-agent/templates/secrets.yaml +++ b/charts/nr-ebpf-agent/templates/secrets.yaml @@ -17,6 +17,8 @@ data: NR_LICENSE_KEY: {{ required "secrets.licenseKey is required" .Values.licenseKey | b64enc | quote }} {{- end }} --- +{{- $config := .Values }} +{{- if (hasKey $config "tls") }} {{- $tls := fromYaml (include "nr-ebpf-agent-certificates.ebpfCert" .) }} {{- if .Values.tls.autoGenerateCert.enabled }} apiVersion: v1 @@ -35,3 +37,4 @@ data: tls.key: {{ $tls.clientKey }} ca.crt: {{ $tls.caCert }} {{- end }} +{{- end }} From 1f708509367e06f85973e01a16705a24014dfa1c Mon Sep 17 00:00:00 2001 From: nravada Date: Tue, 21 Jan 2025 14:21:30 +0000 Subject: [PATCH 20/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 6 ++---- .../templates/nr-ebpf-agent-daemonset.yaml | 20 +++++++++++++++++-- .../templates/otel-collector-config.yaml | 4 +++- .../templates/otel-collector-daemonset.yaml | 4 ++++ charts/nr-ebpf-agent/templates/secrets.yaml | 3 +-- 5 files changed, 28 insertions(+), 9 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index 5e41f22a5..e912247b5 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -93,9 +93,7 @@ Pass environment variables to the agent container if tracing a specific protocol {{- range $protocol, $config := .Values.protocols }} {{- $metricsEnabled := false }} {{- if (hasKey $config "metrics") }} - {{- $metricsEnabled := and (hasKey $config "metrics") (eq $config.metrics.enabled true) }} - {{- else }} - {{- $metricsEnabled := false }} + {{- $metricsEnabled := eq $config.metrics.enabled true }} {{- end }} {{- $spansEnabled := and (hasKey $config "spans") (eq $config.spans.enabled true) }} {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }} @@ -112,7 +110,7 @@ Generate environment variables for disabling protocols and setting sampling late {{- if .Values.protocols }} {{- range $protocol, $config := .Values.protocols }} {{- if (hasKey $config "metrics") }} - {{- if and (hasKey $config "metrics") (eq $config.metrics.enabled false) }} + {{- if eq $config.metrics.enabled false }} - name: NR_EBPF_ENABLE_{{ upper $protocol }}_METRICS value: "0" {{- end }} diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 3dc88ef19..062c2a9ee 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -52,15 +52,21 @@ spec: - name: PL_TABLE_STORE_DATA_LIMIT_MB value: "{{ .Values.tableStoreDataLimitMB }}" - name: PX_DISABLE_TLS - {{- if eq .Values.tls.enabled true }} + {{- $tls := false}} + {{- if (hasKey .Values "tls") }} + {{- $tls := true}} + {{- end }} + {{- if eq $tls true }} value: "0" {{- else }} value: "1" {{- end }} + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: CERT_PATH value: "{{ .Values.tls.autoGenerateCert.certPath }}" {{- end }} + {{- end }} securityContext: privileged: true volumeMounts: @@ -70,11 +76,13 @@ spec: - name: sys-volume mountPath: /sys readOnly: true + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: cert mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" readOnly: true {{- end }} + {{- end }} - name: nr-ebpf-client image: {{ .Values.ebpfClient.image.repository }}:{{ .Values.ebpfClient.image.tag }} imagePullPolicy: {{ .Values.ebpfClient.image.pullPolicy }} @@ -102,13 +110,18 @@ spec: - name: IS_INSECURE value: "True" - name: PX_DISABLE_TLS - {{- if eq .Values.tls.enabled true }} + {{- $tls := false}} + {{- if (hasKey .Values "tls") }} + {{- $tls := true}} + {{- end }} + {{- if eq $tls true }} value: "0" {{- else }} value: "1" {{- end }} - name: KUBERNETES_CLUSTER_DOMAIN value: "{{ .Values.kubernetesClusterDomain }}" + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: CERT_PATH value: "{{ .Values.tls.autoGenerateCert.certPath }}" @@ -119,6 +132,7 @@ spec: mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" readOnly: true {{- end }} + {{- end }} envFrom: - secretRef: name: nr-ebpf-agent-secrets @@ -139,12 +153,14 @@ spec: nodeSelector: {{- . | nindent 8 -}} {{- end }} + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: cert secret: defaultMode: 420 secretName: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} {{- end }} + {{- end }} {{- with include "nrEbpfAgent.ebpfAgent.affinity" . }} affinity: {{- . | nindent 8 }} diff --git a/charts/nr-ebpf-agent/templates/otel-collector-config.yaml b/charts/nr-ebpf-agent/templates/otel-collector-config.yaml index 60caf6ea4..caca266a6 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-config.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-config.yaml @@ -12,11 +12,13 @@ data: protocols: grpc: endpoint: $RECEIVER_ENDPOINT:4317 + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} tls: cert_file: "{{ .Values.tls.autoGenerateCert.certPath }}tls.crt" key_file: "{{ .Values.tls.autoGenerateCert.certPath }}tls.key" - {{- end}} + {{- end }} + {{- end }} processors: k8sattributes/local_k8s_md: auth_type: 'serviceAccount' diff --git a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml index fef73d84d..4625de463 100644 --- a/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/otel-collector-daemonset.yaml @@ -94,11 +94,13 @@ spec: mountPath: /etc/otel/config.yaml subPath: config.yaml readOnly: true + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: cert mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" readOnly: true {{- end }} + {{- end }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true serviceAccountName: {{ include "nr-ebpf-agent.collector.name" . }} @@ -111,12 +113,14 @@ spec: nodeSelector: {{- . | nindent 8 -}} {{- end }} + {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: cert secret: defaultMode: 420 secretName: {{ include "nr-ebpf-agent-certificates.certificateSecret.name" . }} {{- end }} + {{- end }} {{- with include "nrEbpfAgent.otelCollector.affinity" . }} affinity: {{- . | nindent 8 }} diff --git a/charts/nr-ebpf-agent/templates/secrets.yaml b/charts/nr-ebpf-agent/templates/secrets.yaml index 9c69b080b..d6f7d4f85 100644 --- a/charts/nr-ebpf-agent/templates/secrets.yaml +++ b/charts/nr-ebpf-agent/templates/secrets.yaml @@ -17,8 +17,7 @@ data: NR_LICENSE_KEY: {{ required "secrets.licenseKey is required" .Values.licenseKey | b64enc | quote }} {{- end }} --- -{{- $config := .Values }} -{{- if (hasKey $config "tls") }} +{{- if (hasKey .Values "tls") }} {{- $tls := fromYaml (include "nr-ebpf-agent-certificates.ebpfCert" .) }} {{- if .Values.tls.autoGenerateCert.enabled }} apiVersion: v1 From f4b549d966f99bfc96e1147ea73d9835acec18c4 Mon Sep 17 00:00:00 2001 From: nravada Date: Tue, 21 Jan 2025 17:22:05 +0000 Subject: [PATCH 21/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/_helpers.tpl | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_helpers.tpl b/charts/nr-ebpf-agent/templates/_helpers.tpl index e912247b5..3f3dd51f8 100644 --- a/charts/nr-ebpf-agent/templates/_helpers.tpl +++ b/charts/nr-ebpf-agent/templates/_helpers.tpl @@ -94,9 +94,12 @@ Pass environment variables to the agent container if tracing a specific protocol {{- $metricsEnabled := false }} {{- if (hasKey $config "metrics") }} {{- $metricsEnabled := eq $config.metrics.enabled true }} - {{- end }} - {{- $spansEnabled := and (hasKey $config "spans") (eq $config.spans.enabled true) }} + {{- end }} + {{- $spansEnabled := false }} + {{- if (hasKey $config "spans") }} + {{- $spansEnabled := eq $config.spans.enabled true }} {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }} + {{- end }} - name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING value: "0" {{- end }} @@ -115,14 +118,16 @@ Generate environment variables for disabling protocols and setting sampling late value: "0" {{- end }} {{- end }} - {{- if (eq $config.spans.enabled false) }} + {{- if (hasKey $config "spans") }} + {{- if (eq $config.spans.enabled false) }} - name: NR_EBPF_ENABLE_{{ upper $protocol }}_SPANS value: "0" - {{- end }} - {{- if (eq $config.spans.enabled true) }} + {{- end }} + {{- if (eq $config.spans.enabled true) }} {{- include "validate.samplingLatency" (dict "protocol" $protocol "latency" $config.spans.samplingLatency) }} - name: SAMPLE_{{ upper $protocol }}_LATENCY value: "{{ $config.spans.samplingLatency | regexMatch "p1|p10|p50|p90|p99" | ternary $config.spans.samplingLatency "" }}" + {{- end }} {{- end }} {{- end }} {{- end }} From c909d449aaf56b74874b131f0d2578a36828b1f5 Mon Sep 17 00:00:00 2001 From: nravada Date: Wed, 22 Jan 2025 09:05:59 +0000 Subject: [PATCH 22/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 062c2a9ee..386709aea 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -101,11 +101,13 @@ spec: - name: PL_STIRLING_SOURCES value: "{{ .Values.stirlingSources }}" {{- include "generateClientScriptEnvVars" . | nindent 10 }} + {{- if (hasKey .Values.protocols.http "spans") }} {{- if .Values.protocols.http.spans.samplingErrorRate}} {{- include "validate.samplingErrorRate" (dict "protocol" "http" "errorRate" .Values.protocols.http.spans.samplingErrorRate) }} - name: SAMPLE_HTTP_ERROR_RATE value: "{{ .Values.protocols.http.spans.samplingErrorRate | default "0"}}" {{- end }} + {{- end }} # TODO(kpattaswamy): Once we implement TLS, we should make this configurable again - name: IS_INSECURE value: "True" From eeef0e00695eb5c35c9207d2af575eb459a5b327 Mon Sep 17 00:00:00 2001 From: nravada Date: Wed, 22 Jan 2025 11:14:28 +0000 Subject: [PATCH 23/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 6 ++++++ charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 386709aea..d5d9307bf 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -4,20 +4,26 @@ kind: DaemonSet metadata: name: nr-ebpf-agent labels: + {{- if gt .Chart.Version "0.1.13"}} app: nr-ebpf-agent component: agent + {{- end }} {{- include "newrelic.common.labels" . | nindent 4 }} spec: selector: matchLabels: + {{- if gt .Chart.Version "0.1.13"}} app: nr-ebpf-agent component: agent + {{- end }} {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} template: metadata: labels: + {{- if gt .Chart.Version "0.1.13"}} app: nr-ebpf-agent component: agent + {{- end }} {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} annotations: checksum/config: "" diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml index 84bfb262c..bb628078a 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml @@ -4,8 +4,10 @@ kind: Service metadata: name: {{ include "nr-ebpf-agent.service.name" . }} labels: + {{- if gt .Chart.Version "0.1.13"}} app: nr-ebpf-agent component: agent + {{- end }} {{- include "newrelic.common.labels" . | nindent 4 }} spec: # The Agent pod will use a service containing a clusterIP and port 12345 to interface via. From 560fb6e56f711bf7f94041d21a0f8ce8be50d919 Mon Sep 17 00:00:00 2001 From: nravada Date: Wed, 22 Jan 2025 13:35:37 +0000 Subject: [PATCH 24/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 6 +++--- charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index d5d9307bf..02bc3bbd2 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -4,7 +4,7 @@ kind: DaemonSet metadata: name: nr-ebpf-agent labels: - {{- if gt .Chart.Version "0.1.13"}} + {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent {{- end }} @@ -12,7 +12,7 @@ metadata: spec: selector: matchLabels: - {{- if gt .Chart.Version "0.1.13"}} + {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent {{- end }} @@ -20,7 +20,7 @@ spec: template: metadata: labels: - {{- if gt .Chart.Version "0.1.13"}} + {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent {{- end }} diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml index bb628078a..0c1150f77 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: {{ include "nr-ebpf-agent.service.name" . }} labels: - {{- if gt .Chart.Version "0.1.13"}} + {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent {{- end }} From 1c89770cce083a6f66e4e414769679c6ee7816ca Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 23 Jan 2025 08:07:01 +0000 Subject: [PATCH 25/36] NR-346357: handled test upgrade chart issue --- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 6 ------ charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml | 2 -- 2 files changed, 8 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 02bc3bbd2..386709aea 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -4,26 +4,20 @@ kind: DaemonSet metadata: name: nr-ebpf-agent labels: - {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent - {{- end }} {{- include "newrelic.common.labels" . | nindent 4 }} spec: selector: matchLabels: - {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent - {{- end }} {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent - {{- end }} {{- include "newrelic.common.labels.podLabels" . | nindent 8 }} annotations: checksum/config: "" diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml index 0c1150f77..84bfb262c 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-service.yaml @@ -4,10 +4,8 @@ kind: Service metadata: name: {{ include "nr-ebpf-agent.service.name" . }} labels: - {{- if gt .Chart.Version "0.1.14"}} app: nr-ebpf-agent component: agent - {{- end }} {{- include "newrelic.common.labels" . | nindent 4 }} spec: # The Agent pod will use a service containing a clusterIP and port 12345 to interface via. From 0441aaf6b4de45a8fe7bdd01994478f9c26a623e Mon Sep 17 00:00:00 2001 From: nravada Date: Fri, 24 Jan 2025 15:52:37 +0000 Subject: [PATCH 26/36] NR-346357: Addressed the review comments and updated the README file --- charts/nr-ebpf-agent/Chart.yaml | 2 +- charts/nr-ebpf-agent/README.md | 82 ++++++++++++++++++++++++++------ charts/nr-ebpf-agent/values.yaml | 60 +++++++++++------------ 3 files changed, 98 insertions(+), 46 deletions(-) diff --git a/charts/nr-ebpf-agent/Chart.yaml b/charts/nr-ebpf-agent/Chart.yaml index 934a21c76..4834aeb48 100644 --- a/charts/nr-ebpf-agent/Chart.yaml +++ b/charts/nr-ebpf-agent/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 dependencies: - name: common-library version: 1.3.1 diff --git a/charts/nr-ebpf-agent/README.md b/charts/nr-ebpf-agent/README.md index cdfffd042..2df76cc56 100644 --- a/charts/nr-ebpf-agent/README.md +++ b/charts/nr-ebpf-agent/README.md @@ -40,7 +40,7 @@ kubectl logs -c nr-ebpf-client -n newrelic kubectl logs -c nr-ebpf-agent -n newrelic ``` -### Check the logs of the OpenTelemetry collector pod: +### Check the logs of the OpenteTemetry collector pod: ``` kubectl logs -n newrelic ``` @@ -75,42 +75,94 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Sets all pods' affinities. Can be configured also with `global.affinity` | +| allowServiceNameRegex | string | `""` | This config acts as a bypass for the dropDataServiceNameRegex config. Service names that match this regex will not have their data dropped by the dropDataServiceNameRegex. If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. | | cluster | string | `""` | Name of the Kubernetes cluster to be monitored. Mandatory. Can be configured with `global.cluster` | -| dropDataIpServiceNames | bool | `true` | Drop data when service names map to an IP address. | -| dropDataKubeSystem | bool | `true` | Drop data from the kube-system namespace. | +| containerSecurityContext | object | `{}` | Sets all pods' containerSecurityContext. Can be configured also with `global.securityContext.container` | +| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in your values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` | +| customSecretName | string | `""` | In case you don't want to have the license key in your values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | +| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | +| dropAPMEnabledPods | bool | `true` | Drop data from pods that are monitored by New Relic APM via auto attach. | +| dropDataIpServiceNames | bool | `true` | Drop data where to service names map to an IP address. | +| dropDataKubeSystem | bool | `true` | Drop data from to the kube-system namespace. | | dropDataNewRelic | bool | `true` | Drop data from the newrelic namespace. | -| dropDataServiceNameRegex | string | `"gmp-.*"` | Define a regex to mach service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax | +| dropDataServiceNameRegex | string | `""` | Define a regex to match service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax | +| ebpfAgent.affinity | object | `{}` | Sets ebpfAgent pod affinities. Overrides `affinity` and `global.affinity` | +| ebpfAgent.containerSecurityContext | object | `{"privileged":true}` | Sets ebpfAgent pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` | | ebpfAgent.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. | -| ebpfAgent.image.repository | string | `"us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/ebpf-agent"` | eBPF agent image to be deployed. | -| ebpfAgent.image.tag | string | `"0.0.5"` | The tag of the eBPF agent image to be deployed. | +| ebpfAgent.image.repository | string | `"docker.io/newrelic/newrelic-ebpf-agent"` | eBPF agent image to be deployed. | +| ebpfAgent.image.tag | string | `"nr-ebpf-agent_0.0.5"` | The tag of the eBPF agent image to be deployed. | +| ebpfAgent.podAnnotations | object | `{}` | Sets ebpfAgent pod Annotations. Overrides `podAnnotations` and `global.podAnnotations` | +| ebpfAgent.podSecurityContext | object | `{}` | Sets ebpfAgent pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` | | ebpfAgent.resources.limits.memory | string | `"2Gi"` | Max memory allocated to the container. | | ebpfAgent.resources.requests.cpu | string | `"100m"` | Min CPU allocated to the container. | | ebpfAgent.resources.requests.memory | string | `"250Mi"` | Min memory allocated to the container. | +| ebpfAgent.tolerations | list | `[]` | Sets ebpfAgent pod tolerations. Overrides `tolerations` and `global.tolerations` | | ebpfClient.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. | -| ebpfClient.image.repository | string | `"us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/ebpf-client"` | eBPF client image to be deployed. | -| ebpfClient.image.tag | string | `"0.0.7"` | The tag of the eBPF client image to be deployed. | +| ebpfClient.image.repository | string | `"docker.io/newrelic/newrelic-ebpf-agent"` | eBPF client image to be deployed. | +| ebpfClient.image.tag | string | `"nr-ebpf-client_0.0.7"` | The tag of the eBPF client image to be deployed. | | ebpfClient.resources.limits.memory | string | `"100Mi"` | Max memory allocated to the container. | | ebpfClient.resources.requests.cpu | string | `"50m"` | Min CPU allocated to the container. | | ebpfClient.resources.requests.memory | string | `"50Mi"` | Min memory allocated to the container. | -| labels | object | `{}` | Additional labels for chart objects | +| kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes cluster domain. | +| labels | object | `{}` | Additional labels for chart objects. | | licenseKey | string | `""` | The license key to use. Can be configured with `global.licenseKey` | | nodeSelector | object | `{}` | Sets all pods' node selector. Can be configured also with `global.nodeSelector` | -| nrStaging | bool | `false` | Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. Staging (staging-otlp.nr-data.net:4317) otherwise. Requires a valid staging license key. Can also be configured with global.nrStaging. | +| nrStaging | bool | `false` | Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. Staging (staging-otlp.nr-data.net:4317) otherwise. | +| otelCollector.affinity | object | `{}` | Sets otelCollector pod affinities. Overrides `affinity` and `global.affinity` | | otelCollector.collector.serviceAccount.annotations | object | `{}` | Annotations for the OTel collector service account. | +| otelCollector.containerSecurityContext | object | `{}` | Sets otelCollector pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` | | otelCollector.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. | -| otelCollector.image.repository | string | `"us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/nr-ebpf-otel-collector"` | OpenTelemetry collector image to be deployed. | -| otelCollector.image.tag | string | `"0.0.1"` | The tag of the OpenTelemetry collector image to be deployed. | +| otelCollector.image.repository | string | `"docker.io/newrelic/newrelic-ebpf-agent"` | OpenTelemetry collector image to be deployed. | +| otelCollector.image.tag | string | `"nr-ebpf-otel-collector_0.0.1"` | The tag of the OpenTelemetry collector image to be deployed. | +| otelCollector.podAnnotations | object | `{}` | Sets otelCollector pod Annotations. Overrides `podAnnotations` and `global.podAnnotations` | +| otelCollector.podSecurityContext | object | `{}` | Sets otelCollector pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` | | otelCollector.resources.limits.cpu | string | `"100m"` | Max CPU allocated to the container. | | otelCollector.resources.limits.memory | string | `"200Mi"` | Max memory allocated to the container. | | otelCollector.resources.requests.cpu | string | `"100m"` | Min CPU allocated to the container. | | otelCollector.resources.requests.memory | string | `"200Mi"` | Min memory allocated to the container. | -| podLabels | object | `{}` | Additional labels for chart pods | -| protocols | object | `{"amqp":{"enabled":true,"samplingLatency":""},"cass":{"enabled":true,"samplingLatency":""},"dns":{"enabled":true,"samplingLatency":""},"http":{"enabled":true,"samplingLatency":""},"kafka":{"enabled":true,"samplingLatency":""},"mongodb":{"enabled":true,"samplingLatency":""},"mysql":{"enabled":true,"samplingLatency":""},"pgsql":{"enabled":true,"samplingLatency":""},"redis":{"enabled":true,"samplingLatency":""}}` | The protocols to enable for tracing in the socket_tracer. samplingLatency represents the sampling latency threshold for the spans to export. Options: p1, p10, p50, p90, p99. | +| otelCollector.tolerations | list | `[]` | Sets otelCollector pod tolerations. Overrides `tolerations` and `global.tolerations` | +| podLabels | object | `{}` | Additional labels for chart pods. | +| podSecurityContext | object | `{}` | Sets all pods' podSecurityContext. Can be configured also with `global.securityContext.pod` | +| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` | +| protocols.amqp.spans.enabled | bool | `false` | | +| protocols.amqp.spans.samplingLatency | string | `""` | | +| protocols.cass.metrics.enabled | bool | `true` | | +| protocols.cass.spans.enabled | bool | `false` | | +| protocols.cass.spans.samplingLatency | string | `""` | | +| protocols.dns.spans.enabled | bool | `false` | | +| protocols.dns.spans.samplingLatency | string | `""` | | +| protocols.http.metrics.enabled | bool | `true` | | +| protocols.http.spans.enabled | bool | `true` | | +| protocols.http.spans.samplingErrorRate | string | `""` | samplingErrorRate represents the error rate threshold for an HTTP route where surpassing it would mean the corresponds spans of the route are exported. Options: 1-100 | +| protocols.http.spans.samplingLatency | string | `""` | | +| protocols.kafka.spans.enabled | bool | `false` | | +| protocols.kafka.spans.samplingLatency | string | `""` | | +| protocols.mongodb.metrics.enabled | bool | `true` | | +| protocols.mongodb.spans.enabled | bool | `false` | | +| protocols.mongodb.spans.samplingLatency | string | `""` | | +| protocols.mysql.metrics.enabled | bool | `true` | | +| protocols.mysql.spans.enabled | bool | `false` | | +| protocols.mysql.spans.samplingLatency | string | `""` | | +| protocols.pgsql.metrics.enabled | bool | `true` | | +| protocols.pgsql.spans.enabled | bool | `false` | | +| protocols.pgsql.spans.samplingLatency | string | `""` | | +| protocols.redis.metrics.enabled | bool | `true` | | +| protocols.redis.spans.enabled | bool | `false` | | +| protocols.redis.spans.samplingLatency | string | `""` | | | proxy | string | `""` | Configures the agent to send all data through the proxy specified via the otel collector. | -| pushPeriod | string | `"15"` | The periodicity in seconds at which the eBPF agent pushes data to the OTel collector for export to NR. The eBPF agent applies a request path clustering algorithm to reduce cardinality in exported HTTP data. The algorithm only looks for similar request paths within data of the same push period. To increase the window under consideration for cardinality reduction, increase this value. Accepted range: 15-60. | +| pushPeriod | string | `"15"` | - The periodicity in seconds at which the eBPF agent pushes data to the OTel collector for export to NR. The eBPF agent applies a request path clustering algorithm to reduce cardinality in exported HTTP data. The algorithm only looks for similar request paths within data of the same push period. To increase the window under consideration for cardinality reduction, increase this value. Accepted range: 15-60. | | stirlingSources | string | `"socket_tracer,tcp_stats"` | The source connectors (and data export scripts) to enable. Note that socket_tracer tracks http, mysql, redis, mongodb, amqp, cassandra, dns, and postgresql while tcp_stats tracks TCP metrics. | | tableStoreDataLimitMB | string | `"250"` | The primary lever to control RAM use of the eBPF agent. Specified in MiB. | +| tls.autoGenerateCert.certPath | string | `"/tmp/ebpf/certs/"` | Certificates path. | +| tls.autoGenerateCert.certPeriodDays | int | `365` | Cert validity period time in days. | +| tls.autoGenerateCert.enabled | bool | `true` | If true, Helm will automatically create a self-signed cert and secret for you. | +| tls.autoGenerateCert.recreate | bool | `true` | If set to true, a new key/certificate is generated on helm upgrade. | +| tls.caFile | string | `""` | Path to the CA cert. | +| tls.certFile | string | `""` | Path to your own PEM-encoded certificate. | +| tls.enabled | bool | `true` | Enable TLS communication between the eBPF client and agent. | +| tls.keyFile | string | `""` | Path to your own PEM-encoded private key. | | tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` | +| verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` | ## Common Errors diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index f6dc2195d..687ceeeab 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -3,36 +3,36 @@ cluster: "" # -- The license key to use. Can be configured with `global.licenseKey` licenseKey: "" -# -- In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` +# -- In case you don't want to have the license key in your values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` customSecretName: "" -# -- In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` +# -- In case you don't want to have the license key in your values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` customSecretLicenseKey: "" -# Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. +# -- Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. # Staging (staging-otlp.nr-data.net:4317) otherwise. nrStaging: false -# Configures the agent to send all data through the proxy specified via the otel collector. +# -- Configures the agent to send all data through the proxy specified via the otel collector. proxy: "" -# Drop data where to service names mapps to an IP address +# -- Drop data where to service names map to an IP address. dropDataIpServiceNames: true -# Drop data from to the kube-system namespace +# -- Drop data from to the kube-system namespace. dropDataKubeSystem: true -# Drop data from the newrelic namespace +# -- Drop data from the newrelic namespace. dropDataNewRelic: true -# Drop data from pods that are monitored by New Relic APM via auto attach. +# -- Drop data from pods that are monitored by New Relic APM via auto attach. dropAPMEnabledPods: true -# Define a regex to mach service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" +# -- Define a regex to match service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" # see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax dropDataServiceNameRegex: "" -# This config acts as a bypass for the dropDataServiceNameRegex config. +# -- This config acts as a bypass for the dropDataServiceNameRegex config. # Service names that match this regex will not have their data dropped by the dropDataServiceNameRegex. # If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. allowServiceNameRegex: "" -# The primary lever to control RAM use of the eBPF agent. Specified in MiB. +# -- The primary lever to control RAM use of the eBPF agent. Specified in MiB. tableStoreDataLimitMB: "250" -# The source connectors (and data export scripts) to enable. +# -- The source connectors (and data export scripts) to enable. # Note that socket_tracer tracks http, mysql, redis, mongodb, amqp, cassandra, dns, and postgresql -# while tcp_stats tracks TCP metrics and jvm_stats tracks JVM metrics. -stirlingSources: "socket_tracer,tcp_stats,jvm_stats" +# while tcp_stats tracks TCP metrics. +stirlingSources: "socket_tracer,tcp_stats" # The protocols to enable for tracing in the socket_tracer. # samplingLatency represents the sampling latency threshold for the spans to export. # Options: p1, p10, p50, p90, p99. @@ -43,7 +43,7 @@ protocols: spans: enabled: true samplingLatency: "" - # samplingErrorRate represents the error rate threshold for an HTTP route where surpassing it would mean the corresponds spans of the route are exported. + # -- samplingErrorRate represents the error rate threshold for an HTTP route where surpassing it would mean the corresponds spans of the route are exported. # Options: 1-100 samplingErrorRate: "" mysql: @@ -89,7 +89,7 @@ protocols: enabled: false samplingLatency: "" -# The periodicity in seconds at which the eBPF client pushes data to the OTel collector for export to NR. +# --- The periodicity in seconds at which the eBPF agent pushes data to the OTel collector for export to NR. # The eBPF agent applies a request path clustering algorithm to reduce cardinality in exported HTTP data. # The algorithm only looks for similar request paths within data of the same push period. # To increase the window under consideration for cardinality reduction, increase this value. Accepted range: 15-60. @@ -179,9 +179,9 @@ otelCollector: # -- Annotations for the OTel collector service account. annotations: {} -# -- Additional labels for chart pods +# -- Additional labels for chart pods. podLabels: {} -# -- Additional labels for chart objects +# -- Additional labels for chart objects. labels: {} # -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` priorityClassName: "" @@ -197,32 +197,32 @@ affinity: {} podSecurityContext: {} # -- Sets all pods' containerSecurityContext. Can be configured also with `global.securityContext.container` containerSecurityContext: {} -# -- Kubernetes cluster domain +# -- Kubernetes cluster domain. kubernetesClusterDomain: cluster.local # -- (bool) Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` # @default -- `false` verboseLog: -# -- tls make sure only requests with correctly formatted rules will get into the Operator +# tls makes sure only requests with correctly formatted rules will get into the operator. tls: + # -- Enable TLS communication between the eBPF client and agent. enabled: true - - ## TLS Certificate Option 1: Use Helm to automatically generate self-signed certificate. - ## autoGenerateCert must be enabled. + # TLS Certificate Option 1: Use Helm to automatically generate a self-signed certificate. + # autoGenerateCert must be enabled. autoGenerateCert: # -- If true, Helm will automatically create a self-signed cert and secret for you. enabled: true - # -- If set to true, new key/certificate is generated on helm upgrade. + # -- If set to true, a new key/certificate is generated on helm upgrade. recreate: true # -- Cert validity period time in days. certPeriodDays: 365 - # -- Certificates path + # -- Certificates path. certPath: "/tmp/ebpf/certs/" - ## TLS Certificate Option 2: Use your own self-signed certificate. - ## autoGenerateCert must be disabled and certFile, keyFile, and caFile must be set. - ## The chart reads the contents of the file paths with the helm .Files.Get function. - ## Refer to this doc https://helm.sh/docs/chart_template_guide/accessing_files/ to understand - ## limitations of file paths accessible to the chart. + # TLS Certificate Option 2: Use your own self-signed certificate. + # autoGenerateCert must be disabled, and certFile, keyFile, and caFile must be set. + # The chart reads the contents of the file paths with the helm. Files.Get function. + # Refer to this doc https://helm.sh/docs/chart_template_guide/accessing_files/ to understand + # limitations of file paths accessible to the chart. # -- Path to your own PEM-encoded certificate. certFile: "" # -- Path to your own PEM-encoded private key. From 4466dcb37e3234c999b83e12add94224dd7ddbc4 Mon Sep 17 00:00:00 2001 From: nravada Date: Tue, 28 Jan 2025 12:37:02 +0000 Subject: [PATCH 27/36] NR-346357: fixed the release checklist issues --- .../templates/nr-ebpf-agent-daemonset.yaml | 28 +++++++------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 386709aea..3ee6901d1 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -51,17 +51,13 @@ spec: value: "cluster.local" - name: PL_TABLE_STORE_DATA_LIMIT_MB value: "{{ .Values.tableStoreDataLimitMB }}" - - name: PX_DISABLE_TLS - {{- $tls := false}} + - name: PX_DISABLE_TLS {{- if (hasKey .Values "tls") }} - {{- $tls := true}} - {{- end }} - {{- if eq $tls true }} + {{- if eq .Values.tls.enabled true }} value: "0" {{- else }} value: "1" {{- end }} - {{- if (hasKey .Values "tls") }} {{- if eq .Values.tls.enabled true }} - name: CERT_PATH value: "{{ .Values.tls.autoGenerateCert.certPath }}" @@ -108,33 +104,29 @@ spec: value: "{{ .Values.protocols.http.spans.samplingErrorRate | default "0"}}" {{- end }} {{- end }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: "{{ .Values.kubernetesClusterDomain }}" + - name: NAMESPACE + value: {{ .Release.Namespace }} # TODO(kpattaswamy): Once we implement TLS, we should make this configurable again - name: IS_INSECURE value: "True" - name: PX_DISABLE_TLS - {{- $tls := false}} {{- if (hasKey .Values "tls") }} - {{- $tls := true}} - {{- end }} - {{- if eq $tls true }} + {{- if eq .Values.tls.enabled true }} value: "0" - {{- else }} + {{- else }} value: "1" - {{- end }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: "{{ .Values.kubernetesClusterDomain }}" - {{- if (hasKey .Values "tls") }} + {{- end }} {{- if eq .Values.tls.enabled true }} - name: CERT_PATH value: "{{ .Values.tls.autoGenerateCert.certPath }}" - - name: NAMESPACE - value: {{ .Release.Namespace }} volumeMounts: - name: cert mountPath: "{{ .Values.tls.autoGenerateCert.certPath }}" readOnly: true {{- end }} - {{- end }} + {{- end }} envFrom: - secretRef: name: nr-ebpf-agent-secrets From a564b9145c005a4904bba4b15d18812077a62a4c Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:15:07 -0800 Subject: [PATCH 28/36] [ebpf-agent] Remove unnecessary selector labels (#1589) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit #### Is this a new chart NO. #### What this PR does / why we need it: Removes selector labels that we don't need. Installed the chart without the new selectors and got data: Screenshot 2025-01-28 at 12 24 33 PM #### Which issue this PR fixes *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)* - fixes # #### Special notes for your reviewer: #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] - [ ] Chart Version bumped - [x] Variables are documented in the README.md - [x] Title of the PR starts with chart name (e.g. `[mychartname]`) --- charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 3ee6901d1..3b28be46c 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -10,8 +10,6 @@ metadata: spec: selector: matchLabels: - app: nr-ebpf-agent - component: agent {{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }} template: metadata: @@ -162,4 +160,4 @@ spec: {{- with include "nrEbpfAgent.ebpfAgent.tolerations" . }} tolerations: {{- . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} From b57c422e7da9e3efe82df95534d1686634f9fe1b Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Tue, 28 Jan 2025 17:15:34 -0800 Subject: [PATCH 29/36] [nr-ebpf-agent] updating images for deploy. (#1590) #### Is this a new chart NO. #### What this PR does / why we need it: Updates the images to match what they should be for the release. #### Which issue this PR fixes *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)* - fixes # #### Special notes for your reviewer: Released images can be found here. https://hub.docker.com/r/newrelic/newrelic-ebpf-agent/tags #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] - [ ] Chart Version bumped - [x] Variables are documented in the README.md - [x] Title of the PR starts with chart name (e.g. `[mychartname]`) --- charts/nr-ebpf-agent/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index 687ceeeab..618b7548f 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -103,7 +103,7 @@ ebpfAgent: # -- The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. pullPolicy: IfNotPresent # -- The tag of the eBPF agent image to be deployed. - tag: nr-ebpf-agent_0.0.5 + tag: agent-nr-ebpf-agent_0.0.6 resources: limits: # -- Max memory allocated to the container. @@ -133,7 +133,7 @@ ebpfClient: # -- The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. pullPolicy: IfNotPresent # -- The tag of the eBPF client image to be deployed. - tag: nr-ebpf-client_0.0.7 + tag: client-nr-ebpf-client_0.0.8 resources: limits: # -- Max memory allocated to the container. From 733b5498f0d73b8767ce8dc60250ad39abddf9d6 Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Wed, 29 Jan 2025 08:28:12 -0800 Subject: [PATCH 30/36] Update README.md --- charts/nr-ebpf-agent/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nr-ebpf-agent/README.md b/charts/nr-ebpf-agent/README.md index 2df76cc56..58e16bcd6 100644 --- a/charts/nr-ebpf-agent/README.md +++ b/charts/nr-ebpf-agent/README.md @@ -40,7 +40,7 @@ kubectl logs -c nr-ebpf-client -n newrelic kubectl logs -c nr-ebpf-agent -n newrelic ``` -### Check the logs of the OpenteTemetry collector pod: +### Check the logs of the OpenTelemetry collector pod: ``` kubectl logs -n newrelic ``` @@ -174,4 +174,4 @@ If the `nr-ebpf-client` or `nr-ebpf-agent` container logs indicate that the scri * ramkrishankumarN * kpattaswamy -* benkilimnik \ No newline at end of file +* benkilimnik From 8af429f04ea1769972281102e13c5a560d94feb3 Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Wed, 29 Jan 2025 08:30:00 -0800 Subject: [PATCH 31/36] Update values.yaml --- charts/nr-ebpf-agent/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index 618b7548f..63c3157bb 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -122,8 +122,7 @@ ebpfAgent: # -- Sets ebpfAgent pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` podSecurityContext: {} # -- Sets ebpfAgent pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` - containerSecurityContext: - privileged: true + containerSecurityContext: {} # Configuration to apply on the eBPF client daemonset. ebpfClient: From 014562c272dec84f5627e63db867a843197a445d Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:44:31 -0800 Subject: [PATCH 32/36] Update lint_test_charts.yaml --- .github/workflows/lint_test_charts.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint_test_charts.yaml b/.github/workflows/lint_test_charts.yaml index 9997731fb..461c37330 100644 --- a/.github/workflows/lint_test_charts.yaml +++ b/.github/workflows/lint_test_charts.yaml @@ -32,7 +32,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Set up helm-unittest run: helm plugin install https://github.com/helm-unittest/helm-unittest @@ -76,7 +76,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Install Minikube uses: manusa/actions-setup-minikube@v2.13.0 @@ -109,7 +109,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Add helm repositories run: | @@ -157,7 +157,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Add helm repositories run: | From 3b7671f228e15925eb72d6d9469c48c268f0a39f Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:51:52 -0800 Subject: [PATCH 33/36] [ebpf agent] (#1591) Commenting out use of lookup. #### Is this a new chart #### What this PR does / why we need it: #### Which issue this PR fixes *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)* - fixes # #### Special notes for your reviewer: #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] - [ ] Chart Version bumped - [ ] Variables are documented in the README.md - [ ] Title of the PR starts with chart name (e.g. `[mychartname]`) --- charts/nr-ebpf-agent/templates/_tls.tpl | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/charts/nr-ebpf-agent/templates/_tls.tpl b/charts/nr-ebpf-agent/templates/_tls.tpl index b87129788..3c2fb4dba 100644 --- a/charts/nr-ebpf-agent/templates/_tls.tpl +++ b/charts/nr-ebpf-agent/templates/_tls.tpl @@ -8,12 +8,13 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $clientCert := "" }} {{- $clientKey := "" }} {{- if .Values.tls.autoGenerateCert.enabled }} - {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }} - {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }} - {{- $clientCert = index $prevSecret "data" "tls.crt" }} - {{- $clientKey = index $prevSecret "data" "tls.key" }} - {{- $caCert = index $prevSecret "data" "ca.crt" }} - {{- else }} +{{/*TODO Enable this section once the helm Chart repo supports the lookup function*/}} +{{/* {{- $prevSecret := (lookup "v1" "Secret" "" (include "nr-ebpf-agent-certificates.certificateSecret.name" . )) }}*/}} +{{/* {{- if and (not .Values.tls.autoGenerateCert.recreate) $prevSecret }}*/}} +{{/* {{- $clientCert = index $prevSecret "data" "tls.crt" }}*/}} +{{/* {{- $clientKey = index $prevSecret "data" "tls.key" }}*/}} +{{/* {{- $caCert = index $prevSecret "data" "ca.crt" }}*/}} +{{/* {{- else }}*/}} {{- $certValidity := int .Values.tls.autoGenerateCert.certPeriodDays | default 365 }} {{- $ca := genCA "nr-ebpf-agent-certificates-ca" $certValidity }} {{- $domain1 := printf "%s.%s.svc" (include "nr-ebpf-agent.service.name" .) $.Release.Namespace }} @@ -25,7 +26,7 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $clientCert = b64enc $cert.Cert }} {{- $clientKey = b64enc $cert.Key }} {{- $caCert = b64enc $ca.Cert }} - {{- end }} +{{/* {{- end }}*/}} {{- else }} {{- $clientCert = .Files.Get .Values.tls.certFile | b64enc }} {{- $clientKey = .Files.Get .Values.tls.keyFile | b64enc }} From a204985df4b9ccafceca3f2b07a4459e5a32cc26 Mon Sep 17 00:00:00 2001 From: nravada Date: Thu, 5 Dec 2024 13:13:25 +0000 Subject: [PATCH 34/36] NR-346357: fix for the lint and test charts, lookup fn issue --- .github/workflows/lint_test_charts.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint_test_charts.yaml b/.github/workflows/lint_test_charts.yaml index 461c37330..9997731fb 100644 --- a/.github/workflows/lint_test_charts.yaml +++ b/.github/workflows/lint_test_charts.yaml @@ -32,7 +32,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Set up helm-unittest run: helm plugin install https://github.com/helm-unittest/helm-unittest @@ -76,7 +76,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Install Minikube uses: manusa/actions-setup-minikube@v2.13.0 @@ -109,7 +109,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Add helm repositories run: | @@ -157,7 +157,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.0.0' + version: 'v3.2.0' - name: Add helm repositories run: | From 4ed2d10272a8f76738787da98168f26731c22c46 Mon Sep 17 00:00:00 2001 From: kpattaswamy Date: Thu, 30 Jan 2025 00:51:10 +0000 Subject: [PATCH 35/36] Fix comment/readme Signed-off-by: kpattaswamy --- charts/nr-ebpf-agent/README.md | 4 ++-- charts/nr-ebpf-agent/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/nr-ebpf-agent/README.md b/charts/nr-ebpf-agent/README.md index 58e16bcd6..a780945ea 100644 --- a/charts/nr-ebpf-agent/README.md +++ b/charts/nr-ebpf-agent/README.md @@ -82,8 +82,8 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera | customSecretName | string | `""` | In case you don't want to have the license key in your values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` | | dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` | | dropAPMEnabledPods | bool | `true` | Drop data from pods that are monitored by New Relic APM via auto attach. | -| dropDataIpServiceNames | bool | `true` | Drop data where to service names map to an IP address. | -| dropDataKubeSystem | bool | `true` | Drop data from to the kube-system namespace. | +| dropDataIpServiceNames | bool | `true` | Drop data when service names map to an IP address. | +| dropDataKubeSystem | bool | `true` | Drop data from the kube-system namespace. | | dropDataNewRelic | bool | `true` | Drop data from the newrelic namespace. | | dropDataServiceNameRegex | string | `""` | Define a regex to match service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax | | ebpfAgent.affinity | object | `{}` | Sets ebpfAgent pod affinities. Overrides `affinity` and `global.affinity` | diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index 63c3157bb..623ecc74f 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -12,9 +12,9 @@ customSecretLicenseKey: "" nrStaging: false # -- Configures the agent to send all data through the proxy specified via the otel collector. proxy: "" -# -- Drop data where to service names map to an IP address. +# -- Drop data when service names map to an IP address. dropDataIpServiceNames: true -# -- Drop data from to the kube-system namespace. +# -- Drop data from the kube-system namespace. dropDataKubeSystem: true # -- Drop data from the newrelic namespace. dropDataNewRelic: true From 2c9423fdadd1c61b8e747d901b7584a46e1958b5 Mon Sep 17 00:00:00 2001 From: Philip-R-Beckwith <74079252+Philip-R-Beckwith@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:58:36 -0800 Subject: [PATCH 36/36] Update lint_test_charts.yaml --- .github/workflows/lint_test_charts.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint_test_charts.yaml b/.github/workflows/lint_test_charts.yaml index 9997731fb..461c37330 100644 --- a/.github/workflows/lint_test_charts.yaml +++ b/.github/workflows/lint_test_charts.yaml @@ -32,7 +32,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Set up helm-unittest run: helm plugin install https://github.com/helm-unittest/helm-unittest @@ -76,7 +76,7 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Install Minikube uses: manusa/actions-setup-minikube@v2.13.0 @@ -109,7 +109,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Add helm repositories run: | @@ -157,7 +157,7 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4 with: - version: 'v3.2.0' + version: 'v3.0.0' - name: Add helm repositories run: |