Merge branch 'master' into dbudziwojski/otel-improvements-follow-up

# Conflicts:
#	charts/nr-k8s-otel-collector/Chart.yaml
#	charts/nr-k8s-otel-collector/templates/daemonset-configmap.yaml
#	charts/nr-k8s-otel-collector/templates/deployment-configmap.yaml

Author: dbudziwojskiNR

.github/renovate.json5

@@ -56,17 +56,5 @@
       ],
       "enabled": false
     }
-  ],
-  "customManagers": [
-    {
-      // Update Super Agent chart
-      "customType": "regex",
-      "fileMatch": [ "^charts/agent-control/Chart.yaml$" ],
-      "datasourceTemplate": "docker",
-      "depNameTemplate": "newrelic/newrelic-agent-control",
-      "matchStrings": [
-        "appVersion: (?<currentValue>.*)  # .*"
-      ]
-    }
   ]
 }

.github/workflows/check-generated-files.yaml

@@ -0,0 +1,56 @@
+name: Check Generated Files
+
+on:
+  pull_request:
+    paths:
+      - 'charts/nr-k8s-otel-collector/**'
+      - '.github/workflows/nr-k8s-otel-e2e.yml'
+
+jobs:
+  check-generated-files:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.12.0
+
+      - name: Add Helm repositories
+        run: |
+          helm repo add newrelic https://helm-charts.newrelic.com
+          helm repo add k8s-agents-operator https://newrelic.github.io/k8s-agents-operator
+          helm repo add k8s-metadata-injection https://newrelic.github.io/k8s-metadata-injection
+          helm repo add newrelic-infra-operator https://newrelic.github.io/newrelic-infra-operator          
+          helm repo add newrelic-k8s-metrics-adapter https://newrelic.github.io/newrelic-k8s-metrics-adapter
+          helm repo add newrelic-prometheus-configurator https://newrelic.github.io/newrelic-prometheus-configurator
+          helm repo add nr-helm-charts https://newrelic.github.io/helm-charts
+          helm repo add nri-kube-events https://newrelic.github.io/nri-kube-events
+          helm repo add nri-kubernetes https://newrelic.github.io/nri-kubernetes
+          helm repo add nri-prometheus https://newrelic.github.io/nri-prometheus
+          helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts
+          helm repo add pixie-operator https://pixie-operator-charts.storage.googleapis.com
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo update
+
+      - name: Check generated example is up to date
+        run: |
+          make generate-examples
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git diff
+            exit 1
+          fi
+
+      - name: Check README.md is up to date
+        run: |
+          go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.11.0
+          make generate-nr-k8s-chart-docs
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git diff
+            exit 1
+          fi

.github/workflows/nr-k8s-otel-e2e.yml

@@ -0,0 +1,47 @@
+name: K8s OTEL E2E Test Suite
+
+on:
+  pull_request:
+    paths:
+      - 'charts/nr-k8s-otel-collector/**'
+      - '.github/workflows/nr-k8s-otel-e2e.yml'
+
+permissions:
+  contents: read
+
+env:
+  # NOTICE that apart from this, the versions in the chart linter matrix needs to be bumped too.
+  LATEST_K8S_VERSION: 'v1.32.0'
+  MINIKUBE_VERSION: 'v1.35.0'
+
+jobs:
+  e2e-test:
+    name: Run Tests
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci/skip-e2e') }}
+    runs-on: ubuntu-latest
+    # If the environment is broken, this job could time out since the default timeout for tilt ci is 30m.
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Minikube
+        uses: manusa/actions-setup-minikube@v2.14.0
+        with:
+          minikube version: ${{ env.MINIKUBE_VERSION }}
+          kubernetes version: ${{ env.LATEST_K8S_VERSION }}
+          # default driver doesn't support 'eval $$(minikube docker-env)'.
+          driver: docker
+          github token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run e2e-test
+        env:
+          SECRET_AVAILABLE: ${{ secrets.K8S_AGENTS_E2E_ACCOUNT_ID }}
+        if: ${{ env.SECRET_AVAILABLE != '' }}
+        uses: newrelic/newrelic-integration-e2e-action@v1
+        with:
+          retry_seconds: 90
+          retry_attempts: 10
+          agent_enabled: false
+          spec_path: charts/nr-k8s-otel-collector/e2e/test-specs.yml
+          account_id: ${{ secrets.K8S_AGENTS_E2E_ACCOUNT_ID }}
+          api_key: ${{ secrets.K8S_AGENTS_E2E_API_KEY }}
+          license_key: ${{ secrets.K8S_AGENTS_E2E_LICENSE_KEY }}
+

CODEOWNERS

@@ -21,9 +21,10 @@
 
 # Infrastructure-related charts
 /charts/nri-statsd/ @newrelic/ohai
-/charts/super-agent-deployment/ @newrelic/ac @newrelic/ohai
-/charts/super-agent/ @newrelic/ac @newrelic/ohai
-/charts/agent-control/ @newrelic/ac @newrelic/ohai
+
+# Agent Control charts
+/charts/agent-control-deployment/ @newrelic/ac
+/charts/agent-control/ @newrelic/ac
 
 # pipeline-control-gateway
-/charts/pipeline-control-gateway/ @newrelic/pcon
+/charts/pipeline-control-gateway/ @newrelic/pcon

Makefile

@@ -0,0 +1,34 @@
+TMP_DIRECTORY = ./tmp
+CHARTS ?= nr-k8s-otel-collector
+
+.PHONY: generate-examples
+generate-examples:
+	for chart_name in $(CHARTS); do \
+  		make install-helm-dependencies -C charts/$${chart_name}; \
+		helm dependency build charts/$${chart_name}; \
+		EXAMPLES_DIR=charts/$${chart_name}/examples; \
+		EXAMPLES=$$(find $${EXAMPLES_DIR} -maxdepth 1 -mindepth 1 -type d -exec basename \{\} \;); \
+		for example in $${EXAMPLES}; do \
+			echo "Generating example: $${example}"; \
+			VALUES=$$(find $${EXAMPLES_DIR}/$${example} -name *values.yaml); \
+			rm -rf "$${EXAMPLES_DIR}/$${example}/rendered"; \
+			for value in $${VALUES}; do \
+				helm template "$${chart_name}" charts/$${chart_name} --namespace newrelic --set licenseKey='<NR_licenseKey>' --set cluster='<cluser_name>' --values $${value} --output-dir "$${EXAMPLES_DIR}/$${example}/rendered"; \
+				mv $${EXAMPLES_DIR}/$${example}/rendered/$${chart_name}/templates/* "$${EXAMPLES_DIR}/$${example}/rendered"; \
+				SUBCHARTS_DIR=$${EXAMPLES_DIR}/$${example}/rendered/$${chart_name}/charts; \
+				if [ -d "$${SUBCHARTS_DIR}" ]; then \
+					SUBCHARTS=$$(find $${SUBCHARTS_DIR} -maxdepth 1 -mindepth 1 -type d -exec basename \{\} \;); \
+					for subchart in $${SUBCHARTS}; do \
+						mkdir -p "$${EXAMPLES_DIR}/$${example}/rendered/$${subchart}"; \
+						mv $${SUBCHARTS_DIR}/$${subchart}/templates/* "$${EXAMPLES_DIR}/$${example}/rendered/$${subchart}"; \
+					done; \
+				fi; \
+				rm -rf $${EXAMPLES_DIR}/$${example}/rendered/$${chart_name}; \
+			done; \
+		done; \
+	done
+
+HELM_DOCS ?= go run github.com/norwoodj/helm-docs/cmd/helm-docs@latest
+.PHONY: generate-nr-k8s-chart-docs
+generate-nr-k8s-chart-docs:
+	$(HELM_DOCS) -c charts/nr-k8s-otel-collector

…rts/agent-control-deployment/.helmignore …rts/agent-control-deployment/.helmignorecharts/agent-control/charts/agent-control-deployment/.helmignore renamed to charts/agent-control-deployment/.helmignore charts/agent-control/charts/agent-control-deployment/.helmignore renamed to charts/agent-control-deployment/.helmignore

@@ -0,0 +1,6 @@
+dependencies:
+- name: common-library
+  repository: https://helm-charts.newrelic.com
+  version: 1.3.3
+digest: sha256:0ba54a189b03d9104713cb93542f6df09c0fa3546e785fb71fe679c1a6426d8a
+generated: "2025-06-26T12:57:00.46884+02:00"

charts/agent-control-deployment/Chart.lock

@@ -0,0 +1,22 @@
+apiVersion: v2
+name: agent-control-deployment
+description: A Helm chart to install New Relic Agent Control on Kubernetes
+
+type: application
+
+version: 0.0.56
+appVersion: "0.40.0"
+
+dependencies:
+  - name: common-library
+    version: 1.3.3
+    repository: https://helm-charts.newrelic.com
+
+keywords:
+  - newrelic
+  - agent-control
+
+maintainers:
+  # Agent Control Team
+  - name: ac
+    url: https://github.com/orgs/newrelic/teams/ac/members

charts/agent-control-deployment/Chart.yaml

@@ -0,0 +1,76 @@
+[![Community Plus header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Plus.png)](https://opensource.newrelic.com/oss-category/#community-plus)
+
+# agent-control-deployment
+
+A Helm chart to install New Relic Agent Control on Kubernetes
+
+# Helm installation
+
+This chart is not intended to be installed on its own. Instead, it is designed to be installed as part of the [agent-control](https://github.com/newrelic/helm-charts/tree/master/charts/agent-control) chart.
+
+## Values managed globally
+
+This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which
+means that it honors a wide range of defaults and globals common to most New Relic Helm charts.
+
+Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at
+[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md).
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | Sets pod/node affinities. Can be configured also with `global.affinity` |
+| cluster | string | `""` | Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`. |
+| config.agentControl | object | See `values.yaml` | Configuration for the Agent Control. |
+| config.agentControl.content | object | `{}` | Overrides the configuration that has been created automatically by the chart. This configuration here will be **MERGED** with the configuration specified above. If you need to have you own configuration, disabled the creation of this configMap and create your own. |
+| config.agentControl.create | bool | `true` | Set if the configMap is going to be created by this chart or the user will provide its own. |
+| config.fleet_control.auth.organizationId | string | `""` | Organization ID where fleets will live. |
+| config.fleet_control.auth.secret.client_id.base64 | string | `nil` | In case `.config.auth.secret.create` is true, you can set these keys to set client ID directly as base64 if you want to skip its creation. This options is mutually exclusive with `plain`. |
+| config.fleet_control.auth.secret.client_id.plain | string | `nil` | In case `.config.auth.secret.create` is true, you can set these keys to set client ID directly as plain text if you want to skip its creation. This options is mutually exclusive with `base64`. |
+| config.fleet_control.auth.secret.client_id.secret_key | string | `client_id` | Key inside the secret containing the client ID. |
+| config.fleet_control.auth.secret.create | bool | `true` |  |
+| config.fleet_control.auth.secret.name | string | release name suffixed with "-auth" | Name auth' secret provided by the user. If the creation of this secret is set to `true`, this is the same the secret will have. |
+| config.fleet_control.auth.secret.private_key.base64_pem | string | `nil` | In case `.config.auth.secret.create` is true, you can set these keys to set private key directly as base64 if you want to skip its creation. This options is mutually exclusive with `plain_pem`. |
+| config.fleet_control.auth.secret.private_key.plain_pem | string | `nil` | In case `.config.auth.secret.create` is true, you can set these keys to set private key directly as plain text if you want to skip its creation. This options is mutually exclusive with `base64_pem`. |
+| config.fleet_control.auth.secret.private_key.secret_key | string | `private_key` | Key inside the secret containing the private key. |
+| config.fleet_control.enabled | bool | `true` | Enables or disables the auth against fleet control. It implies to disable any fleet communication and running the agent in stand alone mode where only the agents specified on `.config.subAgents` will be launched. |
+| config.fleet_control.fleet_id | string | `""` | Specify a fleet_id to automatically connect the Agent Control to an existing fleet. |
+| config.status_server.port | int | See `values.yaml` | Set the status server port |
+| config.subAgents | string | `{}` (See `values.yaml`) | List of managed agents that will be deployed. The key represents the name of the agent and the value holds the configuration. |
+| containerSecurityContext | object | `{}` | Sets security context (at container level). Can be configured also with `global.containerSecurityContext` |
+| customIdentityClientIdSecretKey | string | `""` |  |
+| customIdentityClientSecretSecretKey | string | `""` |  |
+| customIdentitySecretName | string | `""` | In case you don't want to have the client_id and client_secret in your values, this allows you to point to a user created secret to get the key from there. |
+| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in you values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` |
+| customSecretName | string | `""` | In case you don't want to have the license key in you values, this allows you to point to a user created secret to get the key from there. Can be configured also with `global.customSecretName` |
+| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` |
+| extraEnv | list | `[]` | Add user environment variables to the agent |
+| extraEnvFrom | list | `[]` | Add user environment from configMaps or secrets as variables to the agent |
+| extraVolumeMounts | list | `[]` | Defines where to mount volumes specified with `extraVolumes` |
+| extraVolumes | list | `[]` | Volumes to mount in the containers |
+| hostNetwork | bool | `false` | Sets pod's hostNetwork. Can be configured also with `global.hostNetwork` |
+| identityClientId | string | `""` | Identity client_id to use. |
+| identityClientSecret | string | `""` | Identity client_secret to use. |
+| image | object | See `values.yaml` | Image for the New Relic Agent Control |
+| image.pullSecrets | list | `[]` | The secrets that are needed to pull images from a custom registry. |
+| labels | object | `{}` | Additional labels for chart objects. Can be configured also with `global.labels` |
+| licenseKey | string | `""` | This set this license key to use. Can be configured also with `global.licenseKey` |
+| nameOverride | string | See `values.yaml` | Override the name of the chart used to template resource names. |
+| nodeSelector | object | `{}` | Sets pod's node selector. Can be configured also with `global.nodeSelector` |
+| nrStaging | bool | `false` | Send the metrics to the staging backend. Requires a valid staging license key. Can be configured also with `global.nrStaging` |
+| podAnnotations | object | `{}` | Annotations to be added to all pods created by the integration. |
+| podLabels | object | `{}` | Additional labels for chart pods. Can be configured also with `global.podLabels` |
+| podSecurityContext | object | `{}` | Sets security context (at pod level). Can be configured also with `global.podSecurityContext` |
+| priorityClassName | string | `""` | Sets pod's priorityClassName. Can be configured also with `global.priorityClassName` |
+| rbac.create | bool | `true` | Whether the chart should automatically create the RBAC objects required to run. |
+| resources | object | `{}` | Resource limits to be added to all pods created by the integration. |
+| serviceAccount | object | See `values.yaml` | Settings controlling ServiceAccount creation. |
+| serviceAccount.create | bool | `true` | Whether the chart should automatically create the ServiceAccount objects required to run. |
+| systemIdentityRegistration | object | See `values.yaml` | Image for the system identity registration process |
+| tolerations | list | `[]` | Sets pod's tolerations to node taints. Can be configured also with `global.tolerations` |
+| verboseLog | bool | `false` | Sets the debug logs to this integration or all integrations if it is set globally. Can be configured also with `global.verboseLog` |
+
+## Maintainers
+
+* [ac](https://github.com/orgs/newrelic/teams/ac/members)

charts/agent-control-deployment/README.md

@@ -0,0 +1,37 @@
+[![Community Plus header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Plus.png)](https://opensource.newrelic.com/oss-category/#community-plus)
+
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+# Helm installation
+
+This chart is not intended to be installed on its own. Instead, it is designed to be installed as part of the [agent-control](https://github.com/newrelic/helm-charts/tree/master/charts/agent-control) chart.
+
+{{ template "chart.sourcesSection" . }}
+
+## Values managed globally
+
+This chart implements the [New Relic's common Helm library](https://github.com/newrelic/helm-charts/tree/master/library/common-library) which
+means that it honors a wide range of defaults and globals common to most New Relic Helm charts.
+
+Options that can be defined globally include `affinity`, `nodeSelector`, `tolerations`, `proxy` and others. The full list can be found at
+[user's guide of the common library](https://github.com/newrelic/helm-charts/blob/master/library/common-library/README.md).
+
+{{ template "chart.valuesSection" . }}
+
+{{ if .Maintainers }}
+## Maintainers
+{{ range .Maintainers }}
+{{- if .Name }}
+{{- if .Url }}
+* [{{ .Name }}]({{ .Url }})
+{{- else }}
+* {{ .Name }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}