-
Notifications
You must be signed in to change notification settings - Fork 237
Expand file tree
/
Copy pathnr-ebpf-agent-daemonset.yaml
More file actions
271 lines (264 loc) · 12.8 KB
/
nr-ebpf-agent-daemonset.yaml
File metadata and controls
271 lines (264 loc) · 12.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
---
{{- $region := include "newrelic.common.region" . }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nr-ebpf-agent
namespace: {{ .Release.Namespace }}
labels:
app: nr-ebpf-agent
component: agent
{{- include "newrelic.common.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "newrelic.common.labels.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
app: nr-ebpf-agent
component: agent
{{- include "newrelic.common.labels.podLabels" . | nindent 8 }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- with .Values.ebpfAgent.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with include "nrEbpfAgent.ebpfAgent.securityContext.pod" . }}
securityContext:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.priorityClassName" . }}
priorityClassName: {{ . }}
{{- end }}
{{- with include "newrelic.common.images.renderPullSecrets" ( dict "pullSecrets" (list .Values.pullSecrets) "context" .) }}
imagePullSecrets:
{{- . | nindent 8 }}
{{- end }}
{{- with include "newrelic.common.dnsConfig" . }}
dnsConfig:
{{- . | nindent 8 }}
{{- end }}
initContainers:
- name: kernel-header-installer
image: {{ include "nr-ebpf-agent.initContainerImage" . }}
imagePullPolicy: {{ .Values.ebpfAgent.image.pullPolicy }}
command: ["/scripts/install-headers.sh"]
securityContext:
privileged: true
volumeMounts:
- name: installer-script
mountPath: /scripts
readOnly: true
- name: host-root-volume
mountPath: /host
- name: kernel-headers-volume
mountPath: /kernel-headers
containers:
- name: nr-ebpf-agent
image: {{ .Values.ebpfAgent.image.repository }}:{{ include "nr-ebpf-agent.imageTag" . }}
imagePullPolicy: {{ .Values.ebpfAgent.image.pullPolicy }}
resources: {{ .Values.ebpfAgent.resources | toYaml | nindent 10 }}
env:
- name: PL_HOST_PATH
value: "/host"
- name: PL_STIRLING_SOURCES
value: "{{ .Values.stirlingSources | default "socket_tracer,tcp_stats" }}"
- name: KUBERNETES_CLUSTER_DOMAIN
value: "cluster.local"
- name: NEW_RELIC_LOG_LEVEL
value: "{{ .Values.logLevel }}"
- name: NEW_RELIC_LOG_FILE_PATH
value: "{{ .Values.logFilePath }}"
{{- if .Values.entityLabels }}
- name: NEW_RELIC_LABELS
value: "{{- $labels := list -}}{{- range $key, $value := .Values.entityLabels -}}{{- $labels = append $labels (printf "%s:%s" $key $value) -}}{{- end -}}{{ join ";" $labels }}"
{{- end }}
- name: NEW_RELIC_LICENSE_KEY
valueFrom:
secretKeyRef:
{{- if (include "newrelic.common.license._licenseKey" .) }}
key: NEW_RELIC_LICENSE_KEY
name: nr-ebpf-agent-secrets
{{- else }}
key: {{ include "newrelic.common.license._customSecretKey" . }}
name: {{ include "newrelic.common.license._customSecretName" . }}
{{- end }}
- name: TABLE_STORE_DATA_LIMIT_MB
value: "{{ .Values.tableStoreDataLimitMB }}"
{{- if .Values.ebpfAgent.downloadedPackagedHeadersPath }}
- name: DOWNLOADED_PACKAGED_HEADERS_PATH
value: "{{ .Values.ebpfAgent.downloadedPackagedHeadersPath }}"
{{- end }}
{{- if .Values.ebpfAgent.distroKernelHeadersPath }}
- name: DISTRO_KERNEL_HEADERS_PATH
value: "{{ .Values.ebpfAgent.distroKernelHeadersPath }}"
{{- end }}
- name: DEPLOYMENT_NAME
value: {{ if .Values.global }}{{ .Values.global.cluster | default .Values.cluster }}{{ else }}{{ .Values.cluster }}{{ end }}
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: OTLP_ENDPOINT
{{- if eq $region "Staging" }}
value: "staging-otlp.nr-data.net:443"
{{- else if eq $region "EU" }}
value: "otlp.eu01.nr-data.net:443"
{{- else }}
value: "otlp.nr-data.net:443"
{{- end }}
{{- include "generateClientScriptEnvVars" . | nindent 10 }}
{{- if .Values.protocols.global }}
{{- if (hasKey .Values.protocols.global "max_unlinked_spans") }}
- name: PROTOCOLS_SPANS_UNLINKED_MAX
value: "{{ .Values.protocols.global.max_unlinked_spans }}"
{{- end }}
{{- end }}
{{- if (hasKey .Values.protocols.http "spans") }}
{{- if .Values.protocols.http.spans.samplingErrorRate}}
{{- include "validate.samplingErrorRate" (dict "protocol" "http" "errorRate" .Values.protocols.http.spans.samplingErrorRate) }}
- name: PROTOCOLS_HTTP_SPANS_SAMPLING_ERROR_RATE
value: "{{ .Values.protocols.http.spans.samplingErrorRate | default "0"}}"
{{- end }}
{{- end }}
{{- if (hasKey .Values.protocols.thrift "spans") }}
{{- if .Values.protocols.thrift.spans.samplingErrorRate}}
{{- include "validate.samplingErrorRate" (dict "protocol" "thrift" "errorRate" .Values.protocols.thrift.spans.samplingErrorRate) }}
- name: PROTOCOLS_THRIFT_SPANS_SAMPLING_ERROR_RATE
value: "{{ .Values.protocols.thrift.spans.samplingErrorRate | default "0"}}"
{{- end }}
{{- end }}
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: AGENT_SERVICE_NAME
value: {{ include "nr-ebpf-agent.service.name" . }}
- name: REPORT_APM_DATA
value: "{{ .Values.reportApmData }}"
- name: REPORT_NETWORK_METRICS
value: "{{ .Values.reportNetworkMetrics }}"
- name: LOG_REPORTING
value: "{{ if hasKey .Values "logReporting" }}{{ .Values.logReporting }}{{ else }}false{{ end }}"
# ALL Data filtering configuration
{{- if .Values.allDataFilters }}
- name: DROP_ALL_DATA_FOR_NEW_RELIC
value: "{{ if hasKey .Values.allDataFilters "dropNewRelicBundle" }}{{ .Values.allDataFilters.dropNewRelicBundle }}{{ else }}true{{ end }}"
- name: DROP_ALL_DATA_FOR_NAMESPACES
value: "{{ .Values.allDataFilters.dropNamespaces | join "," }}"
- name: KEEP_ALL_DATA_FOR_NAMESPACES
value: "{{ .Values.allDataFilters.keepNamespaces | join "," }}"
- name: DROP_ALL_DATA_FOR_POD_LABELS
value: "{{ range $key, $value := .Values.allDataFilters.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}"
- name: KEEP_ALL_DATA_FOR_POD_LABELS
value: "{{ range $key, $value := .Values.allDataFilters.keepPodLabels }}{{ $key }}={{ $value }},{{ end }}"
- name: DROP_ALL_DATA_FOR_SERVICE_NAME_REGEX
value: {{ .Values.allDataFilters.dropServiceNameRegex }}
- name: KEEP_ALL_DATA_FOR_SERVICE_NAME_REGEX
value: {{ .Values.allDataFilters.keepServiceNameRegex }}
- name: DROP_ALL_DATA_FOR_APM_AGENT_ENABLED_ENTITY
value: "{{ if hasKey .Values.allDataFilters "dropApmAgentEnabledEntity" }}{{ .Values.allDataFilters.dropApmAgentEnabledEntity }}{{ else }}false{{ end }}"
{{- end }}
# APM data filtering configuration
{{- if .Values.apmDataFilters }}
- name: DROP_APM_DATA_FOR_APM_AGENT_ENABLED_ENTITY
value: "{{ if hasKey .Values.apmDataFilters "dropEapmForApmEnabledEntity" }}{{ .Values.apmDataFilters.dropEapmForApmEnabledEntity }}{{ else if hasKey .Values.apmDataFilters "apmAgentEnabledEntity" }}{{ .Values.apmDataFilters.apmAgentEnabledEntity }}{{ else }}true{{ end }}"
{{- if .Values.apmDataFilters.dropPodLabels }}
- name: DROP_APM_DATA_FOR_POD_LABELS
value: "{{ range $key, $value := .Values.apmDataFilters.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}"
{{- end }}
- name: DROP_APM_DATA_FOR_ENTITY_NAME
value: "{{ .Values.apmDataFilters.dropEntityName | join "," }}"
- name: KEEP_APM_DATA_FOR_ENTITY_NAME
value: "{{ .Values.apmDataFilters.keepEntityName | join "," }}"
- name: JVM_METRICS_REPORTING
value: "{{ if hasKey .Values.apmDataFilters "jvmMetricsReporting" }}{{ .Values.apmDataFilters.jvmMetricsReporting }}{{ else }}true{{ end }}"
{{- end }}
# Network metrics data filtering configuration
{{- if .Values.networkMetricsDataFilter }}
{{- if .Values.networkMetricsDataFilter.dropPodLabels }}
- name: DROP_NETWORK_METRICS_DATA_FOR_POD_LABELS
value: "{{ range $key, $value := .Values.networkMetricsDataFilter.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}"
{{- end }}
- name: DROP_NETWORK_METRICS_DATA_FOR_ENTITY_NAME
value: "{{ .Values.networkMetricsDataFilter.dropEntityName | join "," }}"
- name: KEEP_NETWORK_METRICS_DATA_FOR_ENTITY_NAME
value: "{{ .Values.networkMetricsDataFilter.keepEntityName | join "," }}"
{{- end }}
# Log data filtering configuration
{{- if .Values.logDataFilters }}
{{- if .Values.logDataFilters.applicationLogReporting }}
- name: APPLICATION_LOG_REPORTING_ENABLED
value: "{{ .Values.logDataFilters.applicationLogReporting.enabled | default false }}"
- name: APPLICATION_LOG_FILE_REGEX
value: {{ .Values.logDataFilters.applicationLogReporting.fileRegex | quote }}
- name: MAX_LOG_SAMPLES_PER_MINUTE
value: "{{ .Values.logDataFilters.applicationLogReporting.maxSamplesPerMinute | default 10000 }}"
- name: KEEP_STDSTREAM_LOG_FOR_ENTITY_REGEX
value: {{ .Values.logDataFilters.applicationLogReporting.keepStdStreamEntityRegex | quote }}
- name: KEEP_FILE_LOG_FOR_ENTITY_REGEX
value: {{ .Values.logDataFilters.applicationLogReporting.keepFileEntityRegex | quote }}
{{- end }}
{{- end }}
# DEPRECATED: The following environment variables are deprecated and kept for backward compatibility.
# If you are using an older configuration file with a newer Helm chart version, these settings will still work.
# However, please update your configuration to use the new filtering mechanisms.
# These variables will be removed in a future release.
- name: APM_DATA_REPORTING
value: "{{ if hasKey .Values "apmDataReporting" }}{{ .Values.apmDataReporting }}{{ else }}true{{ end }}"
- name: TCP_STATS_REPORTING
value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}"
- name: DROP_DATA_NEW_RELIC
value: "{{ if hasKey .Values "dropDataNewRelic" }}{{ .Values.dropDataNewRelic }}{{ else }}true{{ end }}"
- name: DROP_APM_ENABLED_PODS
value: "{{ if hasKey .Values "dropAPMEnabledPods" }}{{ .Values.dropAPMEnabledPods }}{{ else }}false{{ end }}"
- name: DROP_DATA_FOR_NAMESPACES
value: "{{ .Values.dropDataForNamespaces | join "," }}"
- name: DROP_SERVICE_NAME_REGEX
value: {{ .Values.dropDataServiceNameRegex }}
- name: ALLOW_SERVICE_NAME_REGEX
value: {{ .Values.allowServiceNameRegex }}
securityContext:
privileged: true
volumeMounts:
- name: host-root-volume
mountPath: /host
readOnly: true
- name: sys-volume
mountPath: /sys
readOnly: true
- name: kernel-headers-volume
mountPath: /kernel-headers
readOnly: true
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostPID: true
restartPolicy: Always
serviceAccountName: {{ include "nr-ebpf-agent.service.name" . }}
volumes:
- name: installer-script
configMap:
name: {{ include "nr-ebpf-agent.fullname" . }}-installer-script
defaultMode: 0755
- name: host-root-volume
hostPath:
path: /
type: Directory
- name: sys-volume
hostPath:
path: /sys
type: Directory
- name: kernel-headers-volume
emptyDir: {}
{{- with include "newrelic.common.nodeSelector" . }}
nodeSelector:
{{- . | nindent 8 -}}
{{- end }}
{{- with include "nrEbpfAgent.ebpfAgent.affinity" . }}
affinity:
{{- . | nindent 8 }}
{{- end }}
{{- with include "nrEbpfAgent.ebpfAgent.tolerations" . }}
tolerations:
{{- . | nindent 8 }}
{{- end }}