Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

USM: Expose configuration options of USM #1705

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
+61 −2
Open

USM: Expose configuration options of USM #1705

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
914a3d5
Update chart vesion and changelog
guyarb Feb 19, 2025
abf0738
usm: Add go-tls configuration
guyarb Feb 19, 2025
bc9e729
usm: Add istio monitoring configuration
guyarb Feb 19, 2025
3068d0c
usm: Add noejs monitoring configuration
guyarb Feb 19, 2025
0ee516e
usm: Add native monitoring configuration
guyarb Feb 19, 2025
5e7a796
usm: Add http monitoring configuration
guyarb Feb 19, 2025
d059ca4
usm: Add http2/gRPC monitoring configuration
guyarb Feb 19, 2025
e52a4e4
Merge branch 'main' into arbitman/USMON-1031
guyarb Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions charts/datadog/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Datadog changelog

## 3.95.0

* Add multiple Universal Service Monitoring configurations support.
* `datadog.serviceMonitoring.tls.go.enabled` to control Go TLS monitoring.
* `datadog.serviceMonitoring.tls.istio.enabled` to control Istio TLS monitoring.
* `datadog.serviceMonitoring.tls.nodejs.enabled` to control Node.js TLS monitoring.
* `datadog.serviceMonitoring.tls.native.enabled` to control native (openssl, libssl, gnutls) TLS monitoring.
* `datadog.serviceMonitoring.httpMonitoringEnabled` to control HTTP monitoring.
* `datadog.serviceMonitoring.http2MonitoringEnabled` to control HTTP/2 & gRPC monitoring.

## 3.94.0

* Support adding labels to the Agent service account via `agents.rbac.serviceAccountAdditionalLabels`.
Expand Down
2 changes: 1 addition & 1 deletion charts/datadog/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
apiVersion: v1
name: datadog
version: 3.94.0
version: 3.95.0
appVersion: "7"
description: Datadog Agent
keywords:
Expand Down
8 changes: 7 additions & 1 deletion charts/datadog/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Datadog

![Version: 3.94.0](https://img.shields.io/badge/Version-3.94.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.95.0](https://img.shields.io/badge/Version-3.95.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)

[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

Expand Down Expand Up @@ -861,6 +861,12 @@ helm install <RELEASE_NAME> \
| datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer |
| datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment |
| datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring |
| datadog.serviceMonitoring.http2MonitoringEnabled | string | `nil` | Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the agent's default. |
| datadog.serviceMonitoring.httpMonitoringEnabled | string | `nil` | Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the agent's default. |
| datadog.serviceMonitoring.tls.go.enabled | bool | `nil` | Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the agent's default. |
| datadog.serviceMonitoring.tls.istio.enabled | bool | `nil` | Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the agent's default. |
| datadog.serviceMonitoring.tls.native.enabled | bool | `nil` | Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the agent's default. |
| datadog.serviceMonitoring.tls.nodejs.enabled | bool | `nil` | Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the agent's default. |
| datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) |
| datadog.systemProbe.apparmor | string | `"unconfined"` | Specify a apparmor profile for system-probe |
| datadog.systemProbe.bpfDebug | bool | `false` | Enable logging for kernel debug |
Expand Down
23 changes: 23 additions & 0 deletions charts/datadog/templates/system-probe-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,29 @@ data:
conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }}
service_monitoring_config:
enabled: {{ $.Values.datadog.serviceMonitoring.enabled }}
{{- if not (eq .Values.datadog.serviceMonitoring.httpMonitoringEnabled nil) }}
enable_http_monitoring: {{ $.Values.datadog.serviceMonitoring.httpMonitoringEnabled }}
{{- end }}
{{- if not (eq .Values.datadog.serviceMonitoring.http2MonitoringEnabled nil) }}
enable_http2_monitoring: {{ $.Values.datadog.serviceMonitoring.http2MonitoringEnabled }}
{{- end }}
tls:
{{- if not (eq .Values.datadog.serviceMonitoring.tls.go.enabled nil) }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we need to use the default values in the agent? It just seems a little odd setting bool value defaults as nil. It seems like this has only been done once in the helm chart before.

Can we just set the defaults we want in values.yaml and avoid all the conditional logic and defaulting booleans to nil? Don't know if your approach is wrong per say, just seems strange.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we need to use the default values in the agent?

Yes, some features have been enabled by default over time.

  1. We don’t want the Helm chart to be the source of truth for determining which features are enabled by default.
  2. The Helm chart version and the agent version are independent—updating one does not necessarily mean using the latest of the other. Therefore, we prefer to rely on the agent's version.
  3. Our goal is to provide a simple experience for customers while still allowing them to enable additional features or disable defaults as needed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adding my thoughts - the helm chart default values are typically opinionated and heavily relied upon by users, so i think it makes sense to continue that pattern and have a true/false default value set here. for instance, it is common for new features to be defaulted to "false" in the helm chart and eventually flipped to "true" when considered stable or generally available.

go:
enabled: {{ $.Values.datadog.serviceMonitoring.tls.go.enabled }}
{{- end }}
{{- if not (eq .Values.datadog.serviceMonitoring.tls.istio.enabled nil) }}
istio:
enabled: {{ $.Values.datadog.serviceMonitoring.tls.istio.enabled }}
{{- end }}
{{- if not (eq .Values.datadog.serviceMonitoring.tls.nodejs.enabled nil) }}
nodejs:
enabled: {{ $.Values.datadog.serviceMonitoring.tls.nodejs.enabled }}
{{- end }}
{{- if not (eq .Values.datadog.serviceMonitoring.tls.native.enabled nil) }}
native:
enabled: {{ $.Values.datadog.serviceMonitoring.tls.native.enabled }}
{{- end }}
{{- if not (eq .Values.datadog.discovery.enabled nil) }}
discovery:
enabled: {{ $.Values.datadog.discovery.enabled }}
Expand Down
20 changes: 20 additions & 0 deletions charts/datadog/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -831,6 +831,26 @@ datadog:
# datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring
enabled: false

# datadog.serviceMonitoring.httpMonitoringEnabled -- Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the agent's default.
httpMonitoringEnabled:

# datadog.serviceMonitoring.http2MonitoringEnabled -- Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the agent's default.
http2MonitoringEnabled:

tls:
go:
# datadog.serviceMonitoring.tls.go.enabled -- (bool) Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the agent's default.
enabled:
istio:
# datadog.serviceMonitoring.tls.istio.enabled -- (bool) Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the agent's default.
enabled:
nodejs:
# datadog.serviceMonitoring.tls.nodejs.enabled -- (bool) Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the agent's default.
enabled:
native:
# datadog.serviceMonitoring.tls.native.enabled -- (bool) Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the agent's default.
enabled:

discovery:
# datadog.discovery.enabled -- (bool) Enable Service Discovery
enabled: # false
Expand Down
Loading