[nr-ebpf-agent] Sync the latest updates to the nr-ebpf-agent chart (#…

…1537)

<!--
Thank you for contributing to New Relic's Helm charts. Before you submit
this PR we'd like to
make sure you are aware of our technical requirements:

*
https://github.com/newrelic-experimental/helm-charts/blob/master/CONTRIBUTING.md#technical-requirements

For a quick overview across what we will look at reviewing your PR,
please read
our review guidelines:

*
https://github.com/newrelic-experimental/helm-charts/blob/master/REVIEW_GUIDELINES.md

Following our best practices right from the start will accelerate the
review process and
help get your PR merged quicker.

When updates to your PR are requested, please add new commits and do not
squash the
history. This will make it easier to identify new changes. The PR will
be squashed
anyways when it is merged. Thanks.

For fast feedback, please @-mention maintainers that are listed in the
Chart.yaml file.

Please make sure you test your changes before you push them. Once
pushed, a Github Action
will run across your changes and do some initial checks and linting.
These checks run
very quickly. Please check the results. We would like these checks to
pass before we
even continue reviewing your changes.
-->
#### Is this a new chart
No
#### What this PR does / why we need it:
Updates the helm chart with the latest changes made.

#### Which issue this PR fixes
*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)`
format, will close that issue when PR gets merged)*
  - fixes #

#### Special notes for your reviewer:

#### Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove
unrelated fields.]
- [x] Chart Version bumped
- [x] Variables are documented in the README.md
- [x] Title of the PR starts with chart name (e.g. `[mychartname]`)

---------

Signed-off-by: kpattaswamy <[email protected]>
Co-authored-by: Philip-R-Beckwith <[email protected]>
Co-authored-by: kpattaswamy <[email protected]>

charts/nr-ebpf-agent/Chart.yaml

@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.14
+version: 0.1.15
 dependencies:
   - name: common-library
     version: 1.3.1

charts/nr-ebpf-agent/README.md

@@ -75,42 +75,94 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Sets all pods' affinities. Can be configured also with `global.affinity` |
+| allowServiceNameRegex | string | `""` | This config acts as a bypass for the dropDataServiceNameRegex config. Service names that match this regex will not have their data dropped by the dropDataServiceNameRegex. If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. |
 | cluster | string | `""` | Name of the Kubernetes cluster to be monitored. Mandatory. Can be configured with `global.cluster` |
+| containerSecurityContext | object | `{}` | Sets all pods' containerSecurityContext. Can be configured also with `global.securityContext.container` |
+| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in your values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` |
+| customSecretName | string | `""` | In case you don't want to have the license key in your values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` |
+| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` |
+| dropAPMEnabledPods | bool | `true` | Drop data from pods that are monitored by New Relic APM via auto attach. |
 | dropDataIpServiceNames | bool | `true` | Drop data when service names map to an IP address. |
 | dropDataKubeSystem | bool | `true` | Drop data from the kube-system namespace. |
 | dropDataNewRelic | bool | `true` | Drop data from the newrelic namespace. |
-| dropDataServiceNameRegex | string | `"gmp-.*"` | Define a regex to mach service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax |
+| dropDataServiceNameRegex | string | `""` | Define a regex to match service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax |
+| ebpfAgent.affinity | object | `{}` | Sets ebpfAgent pod affinities. Overrides `affinity` and `global.affinity` |
+| ebpfAgent.containerSecurityContext | object | `{"privileged":true}` | Sets ebpfAgent pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` |
 | ebpfAgent.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. |
-| ebpfAgent.image.repository | string | `"us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/ebpf-agent"` | eBPF agent image to be deployed. |
-| ebpfAgent.image.tag | string | `"0.0.5"` | The tag of the eBPF agent image to be deployed. |
+| ebpfAgent.image.repository | string | `"docker.io/newrelic/newrelic-ebpf-agent"` | eBPF agent image to be deployed. |
+| ebpfAgent.image.tag | string | `"nr-ebpf-agent_0.0.5"` | The tag of the eBPF agent image to be deployed. |
+| ebpfAgent.podAnnotations | object | `{}` | Sets ebpfAgent pod Annotations. Overrides `podAnnotations` and `global.podAnnotations` |
+| ebpfAgent.podSecurityContext | object | `{}` | Sets ebpfAgent pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` |
 | ebpfAgent.resources.limits.memory | string | `"2Gi"` | Max memory allocated to the container. |
 | ebpfAgent.resources.requests.cpu | string | `"100m"` | Min CPU allocated to the container. |
 | ebpfAgent.resources.requests.memory | string | `"250Mi"` | Min memory allocated to the container. |
+| ebpfAgent.tolerations | list | `[]` | Sets ebpfAgent pod tolerations. Overrides `tolerations` and `global.tolerations` |
 | ebpfClient.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. |
-| ebpfClient.image.repository | string | `"us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/ebpf-client"` | eBPF client image to be deployed. |
-| ebpfClient.image.tag | string | `"0.0.7"` | The tag of the eBPF client image to be deployed. |
+| ebpfClient.image.repository | string | `"docker.io/newrelic/newrelic-ebpf-agent"` | eBPF client image to be deployed. |
+| ebpfClient.image.tag | string | `"nr-ebpf-client_0.0.7"` | The tag of the eBPF client image to be deployed. |
 | ebpfClient.resources.limits.memory | string | `"100Mi"` | Max memory allocated to the container. |
 | ebpfClient.resources.requests.cpu | string | `"50m"` | Min CPU allocated to the container. |
 | ebpfClient.resources.requests.memory | string | `"50Mi"` | Min memory allocated to the container. |
-| labels | object | `{}` | Additional labels for chart objects |
+| kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes cluster domain. |
+| labels | object | `{}` | Additional labels for chart objects. |
 | licenseKey | string | `""` | The license key to use. Can be configured with `global.licenseKey` |
 | nodeSelector | object | `{}` | Sets all pods' node selector. Can be configured also with `global.nodeSelector` |
-| nrStaging | bool | `false` | Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. Staging (staging-otlp.nr-data.net:4317) otherwise. Requires a valid staging license key. Can also be configured with global.nrStaging. |
+| nrStaging | bool | `false` | Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:4317) by default. Staging (staging-otlp.nr-data.net:4317) otherwise. |
+| otelCollector.affinity | object | `{}` | Sets otelCollector pod affinities. Overrides `affinity` and `global.affinity` |
 | otelCollector.collector.serviceAccount.annotations | object | `{}` | Annotations for the OTel collector service account. |
+| otelCollector.containerSecurityContext | object | `{}` | Sets otelCollector pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` |
 | otelCollector.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is set to Always. |
-| otelCollector.image.repository | string | `"us-west1-docker.pkg.dev/pl-dev-infra/nr-ebpf-agent-lp/nr-ebpf-otel-collector"` | OpenTelemetry collector image to be deployed. |
-| otelCollector.image.tag | string | `"0.0.1"` | The tag of the OpenTelemetry collector image to be deployed. |
+| otelCollector.image.repository | string | `"docker.io/newrelic/newrelic-ebpf-agent"` | OpenTelemetry collector image to be deployed. |
+| otelCollector.image.tag | string | `"nr-ebpf-otel-collector_0.0.1"` | The tag of the OpenTelemetry collector image to be deployed. |
+| otelCollector.podAnnotations | object | `{}` | Sets otelCollector pod Annotations. Overrides `podAnnotations` and `global.podAnnotations` |
+| otelCollector.podSecurityContext | object | `{}` | Sets otelCollector pod podSecurityContext. Overrides `podSecurityContext` and `global.securityContext.pod` |
 | otelCollector.resources.limits.cpu | string | `"100m"` | Max CPU allocated to the container. |
 | otelCollector.resources.limits.memory | string | `"200Mi"` | Max memory allocated to the container. |
 | otelCollector.resources.requests.cpu | string | `"100m"` | Min CPU allocated to the container. |
 | otelCollector.resources.requests.memory | string | `"200Mi"` | Min memory allocated to the container. |
-| podLabels | object | `{}` | Additional labels for chart pods |
-| protocols | object | `{"amqp":{"enabled":true,"samplingLatency":""},"cass":{"enabled":true,"samplingLatency":""},"dns":{"enabled":true,"samplingLatency":""},"http":{"enabled":true,"samplingLatency":""},"kafka":{"enabled":true,"samplingLatency":""},"mongodb":{"enabled":true,"samplingLatency":""},"mysql":{"enabled":true,"samplingLatency":""},"pgsql":{"enabled":true,"samplingLatency":""},"redis":{"enabled":true,"samplingLatency":""}}` | The protocols to enable for tracing in the socket_tracer. samplingLatency represents the sampling latency threshold for the spans to export. Options: p1, p10, p50, p90, p99. |
+| otelCollector.tolerations | list | `[]` | Sets otelCollector pod tolerations. Overrides `tolerations` and `global.tolerations` |
+| podLabels | object | `{}` | Additional labels for chart pods. |
+| podSecurityContext | object | `{}` | Sets all pods' podSecurityContext. Can be configured also with `global.securityContext.pod` |
+| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` |
+| protocols.amqp.spans.enabled | bool | `false` |  |
+| protocols.amqp.spans.samplingLatency | string | `""` |  |
+| protocols.cass.metrics.enabled | bool | `true` |  |
+| protocols.cass.spans.enabled | bool | `false` |  |
+| protocols.cass.spans.samplingLatency | string | `""` |  |
+| protocols.dns.spans.enabled | bool | `false` |  |
+| protocols.dns.spans.samplingLatency | string | `""` |  |
+| protocols.http.metrics.enabled | bool | `true` |  |
+| protocols.http.spans.enabled | bool | `true` |  |
+| protocols.http.spans.samplingErrorRate | string | `""` | samplingErrorRate represents the error rate threshold for an HTTP route where surpassing it would mean the corresponds spans of the route are exported. Options: 1-100 |
+| protocols.http.spans.samplingLatency | string | `""` |  |
+| protocols.kafka.spans.enabled | bool | `false` |  |
+| protocols.kafka.spans.samplingLatency | string | `""` |  |
+| protocols.mongodb.metrics.enabled | bool | `true` |  |
+| protocols.mongodb.spans.enabled | bool | `false` |  |
+| protocols.mongodb.spans.samplingLatency | string | `""` |  |
+| protocols.mysql.metrics.enabled | bool | `true` |  |
+| protocols.mysql.spans.enabled | bool | `false` |  |
+| protocols.mysql.spans.samplingLatency | string | `""` |  |
+| protocols.pgsql.metrics.enabled | bool | `true` |  |
+| protocols.pgsql.spans.enabled | bool | `false` |  |
+| protocols.pgsql.spans.samplingLatency | string | `""` |  |
+| protocols.redis.metrics.enabled | bool | `true` |  |
+| protocols.redis.spans.enabled | bool | `false` |  |
+| protocols.redis.spans.samplingLatency | string | `""` |  |
 | proxy | string | `""` | Configures the agent to send all data through the proxy specified via the otel collector. |
-| pushPeriod | string | `"15"` | The periodicity in seconds at which the eBPF agent pushes data to the OTel collector for export to NR. The eBPF agent applies a request path clustering algorithm to reduce cardinality in exported HTTP data. The algorithm only looks for similar request paths within data of the same push period. To increase the window under consideration for cardinality reduction, increase this value. Accepted range: 15-60. |
+| pushPeriod | string | `"15"` | - The periodicity in seconds at which the eBPF agent pushes data to the OTel collector for export to NR. The eBPF agent applies a request path clustering algorithm to reduce cardinality in exported HTTP data. The algorithm only looks for similar request paths within data of the same push period. To increase the window under consideration for cardinality reduction, increase this value. Accepted range: 15-60. |
 | stirlingSources | string | `"socket_tracer,tcp_stats"` | The source connectors (and data export scripts) to enable. Note that socket_tracer tracks http, mysql, redis, mongodb, amqp, cassandra, dns, and postgresql while tcp_stats tracks TCP metrics. |
 | tableStoreDataLimitMB | string | `"250"` | The primary lever to control RAM use of the eBPF agent. Specified in MiB. |
+| tls.autoGenerateCert.certPath | string | `"/tmp/ebpf/certs/"` | Certificates path. |
+| tls.autoGenerateCert.certPeriodDays | int | `365` | Cert validity period time in days. |
+| tls.autoGenerateCert.enabled | bool | `true` | If true, Helm will automatically create a self-signed cert and secret for you. |
+| tls.autoGenerateCert.recreate | bool | `true` | If set to true, a new key/certificate is generated on helm upgrade. |
+| tls.caFile | string | `""` | Path to the CA cert. |
+| tls.certFile | string | `""` | Path to your own PEM-encoded certificate. |
+| tls.enabled | bool | `true` | Enable TLS communication between the eBPF client and agent. |
+| tls.keyFile | string | `""` | Path to your own PEM-encoded private key. |
 | tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` |
+| verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` |
 
 ## Common Errors
 
@@ -122,4 +174,4 @@ If the `nr-ebpf-client` or `nr-ebpf-agent` container logs indicate that the scri
 
 * ramkrishankumarN
 * kpattaswamy
-* benkilimnik
+* benkilimnik

charts/nr-ebpf-agent/templates/_affinity.tpl

@@ -0,0 +1,21 @@
+{{- /*
+A helper to return the affinity to apply to the ebpf daemonset.
+*/ -}}
+{{- define "nrEbpfAgent.ebpfAgent.affinity" -}}
+{{- if .Values.ebpfAgent.affinity -}}
+    {{- toYaml .Values.ebpfAgent.affinity -}}
+{{- else if include "newrelic.common.affinity" . -}}
+    {{- include "newrelic.common.affinity" . -}}
+{{- end -}}
+{{- end -}}
+
+{{- /*
+A helper to return the affinity to apply to the Otel daemonset.
+*/ -}}
+{{- define "nrEbpfAgent.otelCollector.affinity" -}}
+{{- if .Values.otelCollector.affinity -}}
+    {{- toYaml .Values.otelCollector.affinity -}}
+{{- else if include "newrelic.common.affinity" . -}}
+    {{- include "newrelic.common.affinity" . -}}
+{{- end -}}
+{{- end -}}

charts/nr-ebpf-agent/templates/_helpers.tpl

@@ -52,41 +52,83 @@ Return the cluster name
 {{- end -}}
 {{- end -}}
 
+
+
+
 {{/*
-Return the licenseKey
+Create otel collector receiver endpoint
 */}}
-{{- define "nr-ebpf-agent.licenseKey" -}}
-{{- if .Values.global }}
-  {{- if .Values.global.licenseKey }}
-    {{- .Values.global.licenseKey -}}
-  {{ else if .Values.global.insightsKey }}
-    {{- .Values.global.insightsKey -}}
-  {{ else }}
-    {{- .Values.licenseKey | default "" -}}
-  {{ end }}
-{{- else -}}
-    {{- .Values.licenseKey | default "" -}}
+{{- define "nr-otel-collector-receiver.endpoint" -}}
+{{- printf "dns:///%s.%s.svc.%s:4317" (include "otel-collector.service.name" .) .Release.Namespace .Values.kubernetesClusterDomain }}
+{{- end }}
+
+{{/*
+Validate the user inputted quantile when sampling by latency.
+*/}}
+{{- define "validate.samplingLatency" -}}
+{{- $validOptions := list "" "p1" "p10" "p50" "p90" "p99" -}}
+{{- $protocol := .protocol -}}
+{{- $latency := .latency -}}
+{{- if not (has $latency $validOptions) -}}
+{{- fail (printf "Invalid samplingLatency '%s' for protocol '%s'. Valid options are: %v" $latency $protocol $validOptions) -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
-Return the customSecretName
+Validate the user inputted value when sampling by error rate.
 */}}
-{{- define "nr-ebpf-agent.customSecretName" -}}
-{{- if .Values.global }}
-    {{- .Values.global.customSecretName | default "" -}}
-{{- else -}}
-    {{- "" -}}
+{{- define "validate.samplingErrorRate" -}}
+{{- $protocol := .protocol -}}
+{{- $errorRateString := .errorRate -}}
+{{- $errorRate := .errorRate | int -}}
+{{- if or (lt $errorRate 1) (gt $errorRate 100) -}}
+{{- fail (printf "Invalid samplingErrorRate '%s' for protocol '%s'. Valid range is between 1 and 100" $errorRateString $protocol) -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
-Return the customSecretLicenseKey
+Pass environment variables to the agent container if tracing a specific protocol is to be disabled.
 */}}
-{{- define "nr-ebpf-agent.customSecretKey" -}}
-{{- if .Values.global }}
-    {{- .Values.customSecretLicenseKey | default "" -}}
-{{- else -}}
-    {{- "" -}}
-{{- end -}}
+{{- define "generateTracingEnvVars" -}}
+{{- range $protocol, $config := .Values.protocols }}
+  {{- $metricsEnabled := false }}
+  {{- if (hasKey $config "metrics") }}
+    {{- $metricsEnabled := eq $config.metrics.enabled true }}
+  {{- end }}
+  {{- $spansEnabled := false }}
+  {{- if (hasKey $config "spans") }}
+  {{- $spansEnabled := eq $config.spans.enabled true }}
+  {{- if or (and (not $metricsEnabled) (not $spansEnabled)) (and (not (hasKey $config "metrics")) (not $spansEnabled)) }}
+  {{- end }}
+- name: PX_STIRLING_ENABLE_{{ upper $protocol }}_TRACING
+  value: "0"
+  {{- end }}
+{{- end }}
 {{- end -}}
+
+{{/*
+Generate environment variables for disabling protocols and setting sampling latency.
+*/}}
+{{- define "generateClientScriptEnvVars" -}}
+{{- if .Values.protocols }}
+{{- range $protocol, $config := .Values.protocols }}
+  {{-  if (hasKey $config "metrics") }}
+    {{- if eq $config.metrics.enabled false }}
+- name: NR_EBPF_ENABLE_{{ upper $protocol }}_METRICS
+  value: "0"
+    {{- end }}
+  {{- end }}
+  {{-  if (hasKey $config "spans") }}
+    {{- if (eq $config.spans.enabled false) }}
+- name: NR_EBPF_ENABLE_{{ upper $protocol }}_SPANS
+  value: "0"
+    {{- end }}  
+    {{- if (eq $config.spans.enabled true) }}
+  {{- include "validate.samplingLatency" (dict "protocol" $protocol "latency" $config.spans.samplingLatency) }}
+- name: SAMPLE_{{ upper $protocol }}_LATENCY
+  value: "{{ $config.spans.samplingLatency | regexMatch "p1|p10|p50|p90|p99" | ternary $config.spans.samplingLatency "" }}"
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/nr-ebpf-agent/templates/_naming.tpl

@@ -0,0 +1,24 @@
+{{/* Controller manager service certificate's secret. */}}
+{{- define "nr-ebpf-agent-certificates.certificateSecret.name" -}}
+{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "controller-manager-service-cert") -}}
+{{- end }}
+
+{{- define "nr-ebpf-agent.service.name" -}}
+{{- include "newrelic.common.naming.truncateToDNS" (include "newrelic.common.naming.fullname" .) }}
+{{- end }}
+
+{{- define "otel-collector.service.name" -}}
+{{- include "newrelic.common.naming.truncateToDNS" "otel-collector" }}
+{{- end }}
+
+{{- define "nr-ebpf-agent.otelconfig.name" -}}
+{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "config") -}}
+{{- end -}}
+
+{{- define "nr-ebpf-agent.otelcollector.name" -}}
+{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "otel-collector") -}}
+{{- end -}}
+
+{{- define "nr-ebpf-agent.collector.name" -}}
+{{- include "newrelic.common.naming.truncateToDNSWithSuffix" (dict "name" (include "newrelic.common.naming.fullname" .) "suffix" "collector") -}}
+{{- end -}}