Skip to content

Commit bbcac2e

Browse files
authored
Merge branch 'master' into delete-volumne-for-ac-and-add-secret
2 parents 0c9d27a + 83f6d3b commit bbcac2e

File tree

8 files changed

+405
-71
lines changed

8 files changed

+405
-71
lines changed

charts/nr-ebpf-agent/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ type: application
1313
# This is the chart version. This version number should be incremented each time you make changes
1414
# to the chart and its templates, including the app version.
1515
# Versions are expected to follow Semantic Versioning (https://semver.org/)
16-
version: 1.0.0
16+
version: 1.1.0
1717

1818
dependencies:
1919
- name: common-library
@@ -23,7 +23,7 @@ dependencies:
2323
# incremented each time you make changes to the application. Versions are not expected to
2424
# follow Semantic Versioning. They should reflect the version the application is using.
2525
# It is recommended to use it with quotes.
26-
appVersion: "1.0.0"
26+
appVersion: "1.1.0"
2727
home: https://github.com/newrelic/helm-charts
2828
sources:
2929
- https://github.com/newrelic/

charts/nr-ebpf-agent/README.md

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,15 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
101101
| Key | Type | Default | Description |
102102
|-----|------|---------|-------------|
103103
| affinity | object | `{}` | Sets all pods' affinities. Can be configured also with `global.affinity` |
104-
| allowServiceNameRegex | string | `""` | This config acts as a bypass for the dropDataServiceNameRegex config. Service names that match this regex will not have their data dropped by the dropDataServiceNameRegex. If dropDataServiceNameRegex is not defined, this config has no impact on the eBPF agent. |
104+
| allDataFilters.dropNewRelicBundle | boolean | `true` | Drop data from the newrelic namespace and newrelic-bundle services. (RENAMED from `dropDataNewRelic` for clarity. The old name is deprecated but still supported for backward compatibility). |
105+
| allDataFilters.dropNamespaces | list | `["kube-system"]` | List of Kubernetes namespaces for which all data should be dropped by the agent. (RENAMED from `dropDataForNamespaces` for clarity. The old name is deprecated but still supported for backward compatibility). |
106+
| allDataFilters.dropServiceNameRegex | string | `""` | Define a regex to match k8s service names to drop. Example `"kube-dns\|otel-collector\|\\bblah\\b"`. (RENAMED from `dropDataServiceNameRegex` for clarity. The old name is deprecated but still supported for backward compatibility). |
107+
| allDataFilters.keepServiceNameRegex | string | `""` | This config acts as a bypass for the `dropServiceNameRegex` config. Service names that match this regex will not have their data dropped by the `dropServiceNameRegex`. (RENAMED from `allowServiceNameRegex` for clarity. The old name is deprecated but still supported for backward compatibility). |
108+
| allDataFilters.dropApmAgentEnabledEntity | boolean | `false` | Drop all data for applications or entities that have New Relic or OTEL APM agents running. |
109+
| apmDataFilters.apmAgentEnabledEntity | boolean | `false` | Drop eBPF APM data for applications/entities that have NewRelic APM/OTel agents running. |
110+
| apmDataFilters.dropPodLabels | object | `{}` | Pod labels to match for filtering APM data. Empty map means no label-based filtering. (Example: dropPodLabels: `{ "app": "frontend", "env": "production" }`) |
111+
| apmDataFilters.dropEntityName | list | `[]` | List of entity names to drop ebpf APM data.|
112+
| apmDataFilters.keepEntityName | list | `[]` | List of entity names to always keep APM data. By default all entities are kept/enabled. This config bypasses `dropEntityName` filter. |
105113
| cluster | string | `""` | Name of the Kubernetes cluster to be monitored. Mandatory. Can be configured with `global.cluster` |
106114
| containerSecurityContext | object | `{}` | Sets all pods' containerSecurityContext. Can be configured also with `global.securityContext.container` |
107115
| customSecretLicenseKey | string | `""` | In case you don't want to have the license key in your values, this allows you to point to which secret key is the license key located. Can be configured also with `global.customSecretLicenseKey` |
@@ -110,10 +118,6 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
110118
| logFilePath | string | `""` | To configure log file path of eBPF Agent. If logging to this path fails, logs will be directed to stdout. |
111119
| dnsConfig | object | `{}` | Sets pod's dnsConfig. Can be configured also with `global.dnsConfig` |
112120
| dropAPMEnabledPods | bool | `false` | Drop data from pods that are monitored by New Relic APM via auto attach. |
113-
| dropDataNewRelic | bool | `true` | Drop data from the newrelic namespace and newrelic-bundle services. |
114-
| dropDataForEntity | list | `[]` | list entity to ignore the process monitoring based on `NEW_RELIC_APP_NAME` |
115-
| dropDataForNamespaces | list | `[]` | List of Kubernetes namespaces for which all data should be dropped by the agent. |
116-
| dropDataServiceNameRegex | string | `""` | Define a regex to match service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" see Golang Docs for Regex syntax https://github.com/google/re2/wiki/Syntax |
117121
| ebpfAgent.affinity | object | `{}` | Sets ebpfAgent pod affinities. Overrides `affinity` and `global.affinity` |
118122
| ebpfAgent.containerSecurityContext | object | `{}` | Sets ebpfAgent pod containerSecurityContext. Overrides `containerSecurityContext` and `global.securityContext.container` |
119123
| ebpfAgent.image.pullPolicy | string | `"IfNotPresent"` | The pull policy is defaulted to IfNotPresent, which skips pulling an image if it already exists. If pullPolicy is defined without a specific value, it is also set to Always. |
@@ -134,6 +138,10 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
134138
| kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes cluster domain. |
135139
| labels | object | `{}` | Additional labels for chart objects. |
136140
| licenseKey | string | `""` | The license key to use. Can be configured with `global.licenseKey` |
141+
| networkMetricsDataFilter.dropPodLabels | object | `{}` | Pod labels to match for filtering Network metrics data. Empty map means no label-based filtering. (Example: dropPodLabels: `{ "app": "frontend", "env": "production" }`) |
142+
| networkMetricsDataFilter.dropEntityName | list | `[]` | List of entity names to drop Network metrics data for |
143+
| networkMetricsDataFilter.keepEntityName | list | `[]` | List of entity names to always keep Network metrics data. By default all entities are kept/enabled. This config bypasses `dropEntityName` filter. |
144+
| networkMetricsReporting | string | `true` | Enable network metrics reporting. When enabled, the agent collects and reports network metrics including TCP statistics. RENAMED from `tcpStatsReporting`. The old name is deprecated however backward compatibility is supported. |
137145
| nodeSelector | object | `{}` | Sets all pods' node selector. Can be configured also with `global.nodeSelector` |
138146
| nrStaging | bool | `false` | Endpoint to export data to via the otel collector. NR prod (otlp.nr-data.net:443) by default. Staging (staging-otlp.nr-data.net:443) otherwise. |
139147
| podLabels | object | `{}` | Additional labels for chart pods. |
@@ -188,6 +196,5 @@ If the `nr-ebpf-client` or `nr-ebpf-agent` container logs indicate that the scri
188196
189197
## Maintainers
190198
191-
* ramkrishankumarN
192-
* kpattaswamy
193-
* benkilimnik
199+
* kkhandelwal
200+
* bsanwarwala

charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml

Lines changed: 65 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -41,34 +41,19 @@ spec:
4141
{{- end }}
4242
initContainers:
4343
- name: kernel-header-installer
44-
image: docker.io/newrelic/newrelic-ebpf-agent:agent-base-image-latest
45-
imagePullPolicy: IfNotPresent
46-
command:
47-
- "/bin/bash"
48-
- "-c"
49-
- |
50-
# Detect OS and install kernel headers accordingly
51-
if [ -f /host/etc/os-release ]; then
52-
. /host/etc/os-release
53-
if [[ $ID == 'amzn' || $ID == 'centos' || $ID == 'rhel' ]]; then
54-
echo 'Detected EKS/Amazon Linux or CentOS/RHEL. Installing kernel-devel...'
55-
chroot /host /bin/bash -c "yum install -y kernel-devel-$(uname -r)" || echo 'kernel-devel install failed, proceeding.'
56-
elif [[ $ID == 'debian' || $ID == 'ubuntu' ]]; then
57-
echo 'Detected Debian/Ubuntu. Installing linux-headers...'
58-
chroot /host /bin/bash -c "apt-get update || true && apt-get install -y linux-headers-$(uname -r)" || echo 'linux-headers install failed, proceeding.'
59-
else
60-
echo "Unsupported OS: $ID"
61-
echo "Proceeding without kernel header install."
62-
fi
63-
else
64-
echo "/host/etc/os-release not found"
65-
echo "Proceeding without kernel header install."
66-
fi
44+
image: {{ .Values.ebpfAgent.image.repository }}:agent-base-image-latest
45+
imagePullPolicy: {{ .Values.ebpfAgent.image.pullPolicy }}
46+
command: ["/scripts/install-headers.sh"]
6747
securityContext:
6848
privileged: true
6949
volumeMounts:
50+
- name: installer-script
51+
mountPath: /scripts
52+
readOnly: true
7053
- name: host-root-volume
7154
mountPath: /host
55+
- name: kernel-headers-volume
56+
mountPath: /kernel-headers
7257

7358
containers:
7459
- name: nr-ebpf-agent
@@ -124,7 +109,7 @@ spec:
124109
value: "{{ .Values.ebpfAgent.distroKernelHeadersPath }}"
125110
{{- end }}
126111
- name: DEPLOYMENT_NAME
127-
value: {{ .Values.cluster }}
112+
value: {{ if .Values.global }}{{ .Values.global.cluster | default .Values.cluster }}{{ else }}{{ .Values.cluster }}{{ end }}
128113
- name: HOST_IP
129114
valueFrom:
130115
fieldRef:
@@ -151,8 +136,54 @@ spec:
151136
value: {{ include "nr-ebpf-agent.service.name" . }}
152137
- name: APM_DATA_REPORTING
153138
value: "{{ if hasKey .Values "apmDataReporting" }}{{ .Values.apmDataReporting }}{{ else }}true{{ end }}"
139+
- name: NETWORK_METRICS_REPORTING
140+
value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}"
141+
# ALL Data filtering configuration
142+
{{- if .Values.allDataFilters }}
143+
- name: DROP_ALL_DATA_FOR_NEW_RELIC
144+
value: "{{ if hasKey .Values.allDataFilters "dropNewRelicBundle" }}{{ .Values.allDataFilters.dropNewRelicBundle }}{{ else }}true{{ end }}"
145+
- name: DROP_ALL_DATA_FOR_NAMESPACES
146+
value: "{{ .Values.allDataFilters.dropNamespaces | join "," }}"
147+
- name: DROP_ALL_DATA_FOR_SERVICE_NAME_REGEX
148+
value: {{ .Values.allDataFilters.dropServiceNameRegex }}
149+
- name: KEEP_ALL_DATA_FOR_SERVICE_NAME_REGEX
150+
value: {{ .Values.allDataFilters.keepServiceNameRegex }}
151+
- name: DROP_ALL_DATA_FOR_APM_AGENT_ENABLED_ENTITY
152+
value: "{{ if hasKey .Values.allDataFilters "dropApmAgentEnabledEntity" }}{{ .Values.allDataFilters.dropApmAgentEnabledEntity }}{{ else }}false{{ end }}"
153+
{{- end }}
154+
155+
# APM data filtering configuration
156+
{{- if .Values.apmDataFilters }}
157+
- name: DROP_APM_DATA_FOR_APM_AGENT_ENABLED_ENTITY
158+
value: "{{ if hasKey .Values.apmDataFilters "apmAgentEnabledEntity" }}{{ .Values.apmDataFilters.apmAgentEnabledEntity }}{{ else }}true{{ end }}"
159+
{{- if .Values.apmDataFilters.dropPodLabels }}
160+
- name: DROP_APM_DATA_FOR_POD_LABELS
161+
value: "{{ range $key, $value := .Values.apmDataFilters.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}"
162+
{{- end }}
163+
- name: DROP_APM_DATA_FOR_ENTITY_NAME
164+
value: "{{ .Values.apmDataFilters.dropEntityName | join "," }}"
165+
- name: KEEP_APM_DATA_FOR_ENTITY_NAME
166+
value: "{{ .Values.apmDataFilters.keepEntityName | join "," }}"
167+
{{- end }}
168+
169+
# Network metrics data filtering configuration
170+
{{- if .Values.networkMetricsDataFilter }}
171+
{{- if .Values.networkMetricsDataFilter.dropPodLabels }}
172+
- name: DROP_NETWORK_METRICS_DATA_FOR_POD_LABELS
173+
value: "{{ range $key, $value := .Values.networkMetricsDataFilter.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}"
174+
{{- end }}
175+
- name: DROP_NETWORK_METRICS_DATA_FOR_ENTITY_NAME
176+
value: "{{ .Values.networkMetricsDataFilter.dropEntityName | join "," }}"
177+
- name: KEEP_NETWORK_METRICS_DATA_FOR_ENTITY_NAME
178+
value: "{{ .Values.networkMetricsDataFilter.keepEntityName | join "," }}"
179+
{{- end }}
180+
181+
# DEPRECATED: The following environment variables are deprecated and kept for backward compatibility.
182+
# If you are using an older configuration file with a newer Helm chart version, these settings will still work.
183+
# However, please update your configuration to use the new filtering mechanisms.
184+
# These variables will be removed in a future release.
154185
- name: TCP_STATS_REPORTING
155-
value: "{{ if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}"
186+
value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}"
156187
- name: DROP_DATA_NEW_RELIC
157188
value: "{{ if hasKey .Values "dropDataNewRelic" }}{{ .Values.dropDataNewRelic }}{{ else }}true{{ end }}"
158189
- name: DROP_APM_ENABLED_PODS
@@ -172,6 +203,9 @@ spec:
172203
- name: sys-volume
173204
mountPath: /sys
174205
readOnly: true
206+
- name: kernel-headers-volume
207+
mountPath: /kernel-headers
208+
readOnly: true
175209
{{- if (hasKey .Values "tls") }}
176210
{{- if eq .Values.tls.enabled true }}
177211
- name: cert
@@ -185,6 +219,10 @@ spec:
185219
restartPolicy: Always
186220
serviceAccountName: {{ include "nr-ebpf-agent.service.name" . }}
187221
volumes:
222+
- name: installer-script
223+
configMap:
224+
name: {{ include "nr-ebpf-agent.fullname" . }}-installer-script
225+
defaultMode: 0755
188226
- name: host-root-volume
189227
hostPath:
190228
path: /
@@ -193,6 +231,8 @@ spec:
193231
hostPath:
194232
path: /sys
195233
type: Directory
234+
- name: kernel-headers-volume
235+
emptyDir: {}
196236
{{- if (hasKey .Values "tls") }}
197237
{{- if eq .Values.tls.enabled true }}
198238
- name: cert

0 commit comments

Comments
 (0)