diff --git a/charts/nr-ebpf-agent/Chart.yaml b/charts/nr-ebpf-agent/Chart.yaml index 8b139064c4..c1a3b15493 100644 --- a/charts/nr-ebpf-agent/Chart.yaml +++ b/charts/nr-ebpf-agent/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.3.2 +version: 1.4.0 dependencies: - name: common-library @@ -23,7 +23,7 @@ dependencies: # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.3.0" +appVersion: "1.4.0" home: https://github.com/newrelic/helm-charts sources: - https://github.com/newrelic/ diff --git a/charts/nr-ebpf-agent/README.md b/charts/nr-ebpf-agent/README.md index 58050123bc..c5869ba947 100644 --- a/charts/nr-ebpf-agent/README.md +++ b/charts/nr-ebpf-agent/README.md @@ -131,12 +131,13 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera | kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes cluster domain. | | labels | object | `{}` | Additional labels for chart objects. | | licenseKey | string | `""` | The license key to use. Can be configured with `global.licenseKey` | -| logDataFilters.applicationReporting.enabled | bool | `true` | Enable logs collection from the entities matching the filters below. | -| logDataFilters.applicationReporting.fileRegex | string | `".*\\.log$"` | Regex to match log file names to include. | -| logDataFilters.applicationReporting.keepFileEntityRegex | string | `".*"` | Regex to match entity names to keep logs from log files. | -| logDataFilters.applicationReporting.keepStdEntityRegex | string | `".*"` | Regex to match entity names to keep logs from stdout and stderr. | -| logDataFilters.applicationReporting.maxSamplePerMinute | int | `10000` | Maximum number of log samples to collect per minute from an entity. | -| logReporting | bool | `true` | Enable log reporting. When enabled, the agent collects and reports logs from entities. | +| reportLogs | string | `false` | Enable log reporting. When enabled, the agent collects and reports logs from entities. Accepted values: 'true' (always send), 'false' (never send) and 'auto' (send only when APM is not attached)| +| logDataFilters.applicationLogReporting.enabled | string | `true` | Enable logs collection from the entities matching the filters below. | +| logDataFilters.applicationLogReporting.fileRegex | string | `".*\\.log$"` | Regex to match log file names to include. | +| logDataFilters.applicationLogReporting.logLevelThreshold | string | "INFO | Minimum log level to report (e.g., TRACE, DEBUG, INFO, WARN, ERROR). Default: INFO | +| logDataFilters.applicationLogReporting.keepFileEntityRegex | string | `".*"` | Regex to match entity names to keep logs from log files. | +| logDataFilters.applicationLogReporting.keepStdEntityRegex | string | `".*"` | Regex to match entity names to keep logs from stdout and stderr. | +| logDataFilters.applicationLogReporting.maxSamplePerMinute | int | `10000` | Maximum number of log samples to collect per minute from an entity. | | networkMetricsDataFilter.dropPodLabels | object | `{}` | Pod labels to match for filtering Network metrics data. Empty map means no label-based filtering. (Example: dropPodLabels: `{ "app": "frontend", "env": "production" }`) | | networkMetricsDataFilter.dropEntityName | list | `[]` | List of entity names to drop Network metrics data for | | networkMetricsDataFilter.keepEntityName | list | `[]` | List of entity names to always keep Network metrics data. By default all entities are kept/enabled. This config bypasses `dropEntityName` filter. | @@ -175,7 +176,6 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera | protocols.redis.spans.enabled | bool | `false` | | | protocols.redis.spans.samplingLatency | string | `""` | | | stirlingSources | string | `"socket_tracer,tcp_stats"` | The source connectors (and data export scripts) to enable. Note that socket_tracer tracks http, mysql, redis, mongodb, amqp, cassandra, dns, and postgresql while tcp_stats tracks TCP metrics. | -| tableStoreDataLimitMB | string | `"250"` | The primary lever to control RAM use of the eBPF agent. Specified in MiB. | | tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` | ## Common Errors diff --git a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml index 9e0a04e9cf..9d97bc6734 100644 --- a/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml +++ b/charts/nr-ebpf-agent/templates/nr-ebpf-agent-daemonset.yaml @@ -1,4 +1,10 @@ --- +{{- if or (and .Values.customOtlpEndpointTlsCertSecret (not .Values.customOtlpEndpointTlsCertSecretKey)) (and (not .Values.customOtlpEndpointTlsCertSecret) .Values.customOtlpEndpointTlsCertSecretKey) }} + {{- fail "Both customOtlpEndpointTlsCertSecret and customOtlpEndpointTlsCertSecretKey must be provided together." }} +{{- end }} +{{- if and .Values.customOtlpEndpointTlsCertSecret (not .Values.customOtlpEndpoint) }} + {{- fail "customOtlpEndpointTlsCertSecret is set but customOtlpEndpoint is not provided. Please provide a customOtlpEndpoint or remove the TLS cert configuration." }} +{{- end }} {{- $region := include "newrelic.common.region" . }} apiVersion: apps/v1 kind: DaemonSet @@ -72,6 +78,10 @@ spec: value: "{{ include "nr-ebpf-agent.logLevel" . }}" - name: NEW_RELIC_LOG_FILE_PATH value: "{{ .Values.logFilePath }}" + {{- if .Values.entityLabels }} + - name: NEW_RELIC_LABELS + value: "{{- $labels := list -}}{{- range $key, $value := .Values.entityLabels -}}{{- $labels = append $labels (printf "%s:%s" $key $value) -}}{{- end -}}{{ join ";" $labels }}" + {{- end }} - name: NEW_RELIC_LICENSE_KEY valueFrom: secretKeyRef: @@ -82,8 +92,11 @@ spec: key: {{ include "newrelic.common.license._customSecretKey" . }} name: {{ include "newrelic.common.license._customSecretName" . }} {{- end }} + + {{- if .Values.tableStoreDataLimitMB }} - name: TABLE_STORE_DATA_LIMIT_MB value: "{{ .Values.tableStoreDataLimitMB }}" + {{- end }} {{- if .Values.ebpfAgent.downloadedPackagedHeadersPath }} - name: DOWNLOADED_PACKAGED_HEADERS_PATH @@ -101,12 +114,20 @@ spec: fieldRef: fieldPath: status.hostIP - name: OTLP_ENDPOINT - {{- if eq $region "Staging" }} + {{- if .Values.customOtlpEndpoint }} + value: "{{ .Values.customOtlpEndpoint }}" + {{- else if eq $region "Staging" }} value: "staging-otlp.nr-data.net:443" {{- else if eq $region "EU" }} value: "otlp.eu01.nr-data.net:443" {{- else }} value: "otlp.nr-data.net:443" + {{- end }} + - name: TLS_ENABLED + value: "{{ .Values.customOtlpEndpointTlsEnabled }}" + {{- if and .Values.customOtlpEndpointTlsCertSecret .Values.customOtlpEndpointTlsCertSecretKey }} + - name: TLS_CERT_PATH + value: "/etc/otlp-tls/{{ .Values.customOtlpEndpointTlsCertSecretKey }}" {{- end }} {{- include "generateClientScriptEnvVars" . | nindent 10 }} {{- if .Values.protocols.global }} @@ -133,18 +154,35 @@ spec: value: {{ .Release.Namespace }} - name: AGENT_SERVICE_NAME value: {{ include "nr-ebpf-agent.service.name" . }} - - name: APM_DATA_REPORTING - value: "{{ if hasKey .Values "apmDataReporting" }}{{ .Values.apmDataReporting }}{{ else }}true{{ end }}" - - name: NETWORK_METRICS_REPORTING - value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}" - - name: LOG_REPORTING - value: "{{ if hasKey .Values "logReporting" }}{{ .Values.logReporting }}{{ else }}false{{ end }}" + - name: REPORT_APM_DATA + value: "{{ .Values.reportApmData }}" + - name: REPORT_NETWORK_METRICS + value: "{{ .Values.reportNetworkMetrics }}" + - name: REPORT_LOGS + {{- if hasKey .Values "reportLogs" }} + value: "{{ .Values.reportLogs }}" + {{- else if hasKey .Values "logReporting" }} + value: "{{ .Values.logReporting }}" + {{- else }} + value: "false" + {{- end }} + - name: REPORT_AI_METRICS + value: "{{ if hasKey .Values "reportAiMetrics" }}{{ .Values.reportAiMetrics }}{{ else }}false{{ end }}" + - name: GENAI_CAPTURE_MESSAGE_CONTENT + value: "{{ if hasKey .Values "genAICaptureMessageContent" }}{{ .Values.genAICaptureMessageContent }}{{ else }}false{{ end }}" + # ALL Data filtering configuration {{- if .Values.allDataFilters }} - name: DROP_ALL_DATA_FOR_NEW_RELIC value: "{{ if hasKey .Values.allDataFilters "dropNewRelicBundle" }}{{ .Values.allDataFilters.dropNewRelicBundle }}{{ else }}true{{ end }}" - name: DROP_ALL_DATA_FOR_NAMESPACES value: "{{ .Values.allDataFilters.dropNamespaces | join "," }}" + - name: KEEP_ALL_DATA_FOR_NAMESPACES + value: "{{ .Values.allDataFilters.keepNamespaces | join "," }}" + - name: DROP_ALL_DATA_FOR_POD_LABELS + value: "{{ range $key, $value := .Values.allDataFilters.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}" + - name: KEEP_ALL_DATA_FOR_POD_LABELS + value: "{{ range $key, $value := .Values.allDataFilters.keepPodLabels }}{{ $key }}={{ $value }},{{ end }}" - name: DROP_ALL_DATA_FOR_SERVICE_NAME_REGEX value: {{ .Values.allDataFilters.dropServiceNameRegex }} - name: KEEP_ALL_DATA_FOR_SERVICE_NAME_REGEX @@ -152,7 +190,7 @@ spec: - name: DROP_ALL_DATA_FOR_APM_AGENT_ENABLED_ENTITY value: "{{ if hasKey .Values.allDataFilters "dropApmAgentEnabledEntity" }}{{ .Values.allDataFilters.dropApmAgentEnabledEntity }}{{ else }}false{{ end }}" {{- end }} - + # APM data filtering configuration {{- if .Values.apmDataFilters }} - name: DROP_APM_DATA_FOR_APM_AGENT_ENABLED_ENTITY @@ -185,9 +223,11 @@ spec: {{- if .Values.logDataFilters }} {{- if .Values.logDataFilters.applicationLogReporting }} - name: APPLICATION_LOG_REPORTING_ENABLED - value: "{{ .Values.logDataFilters.applicationLogReporting.enabled | default false }}" + value: "{{ .Values.logDataFilters.applicationLogReporting.enabled | default true }}" - name: APPLICATION_LOG_FILE_REGEX value: {{ .Values.logDataFilters.applicationLogReporting.fileRegex | quote }} + - name: APPLICATION_LOG_LEVEL_THRESHOLD + value: "{{ .Values.logDataFilters.applicationLogReporting.logLevelThreshold | default "INFO" }}" - name: MAX_LOG_SAMPLES_PER_MINUTE value: "{{ .Values.logDataFilters.applicationLogReporting.maxSamplesPerMinute | default 10000 }}" - name: KEEP_STDSTREAM_LOG_FOR_ENTITY_REGEX @@ -201,6 +241,8 @@ spec: # If you are using an older configuration file with a newer Helm chart version, these settings will still work. # However, please update your configuration to use the new filtering mechanisms. # These variables will be removed in a future release. + - name: APM_DATA_REPORTING + value: "{{ if hasKey .Values "apmDataReporting" }}{{ .Values.apmDataReporting }}{{ else }}true{{ end }}" - name: TCP_STATS_REPORTING value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}" - name: DROP_DATA_NEW_RELIC @@ -225,6 +267,11 @@ spec: - name: kernel-headers-volume mountPath: /kernel-headers readOnly: true + {{- if and .Values.customOtlpEndpointTlsCertSecret .Values.customOtlpEndpointTlsCertSecretKey }} + - name: otlp-tls-cert + mountPath: /etc/otlp-tls + readOnly: true + {{- end }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: true @@ -245,6 +292,14 @@ spec: type: Directory - name: kernel-headers-volume emptyDir: {} + {{- if and .Values.customOtlpEndpointTlsCertSecret .Values.customOtlpEndpointTlsCertSecretKey }} + - name: otlp-tls-cert + secret: + secretName: {{ .Values.customOtlpEndpointTlsCertSecret }} + items: + - key: {{ .Values.customOtlpEndpointTlsCertSecretKey }} + path: {{ .Values.customOtlpEndpointTlsCertSecretKey }} + {{- end }} {{- with include "newrelic.common.nodeSelector" . }} nodeSelector: {{- . | nindent 8 -}} @@ -256,4 +311,4 @@ spec: {{- with include "nrEbpfAgent.ebpfAgent.tolerations" . }} tolerations: {{- . | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/charts/nr-ebpf-agent/tests/global_images_test.yaml b/charts/nr-ebpf-agent/tests/global_images_test.yaml index a53ddb2be0..f423db9588 100644 --- a/charts/nr-ebpf-agent/tests/global_images_test.yaml +++ b/charts/nr-ebpf-agent/tests/global_images_test.yaml @@ -22,7 +22,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: docker.io/newrelic/newrelic-ebpf-agent:1.3.0 + value: docker.io/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - it: uses global.images.registry for both images when set and no local override @@ -38,7 +38,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0 + value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - it: prefers local registry over global registry for kernel header installer @@ -71,7 +71,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: my.local.registry.com/my-org/ebpf-agent:1.3.0 + value: my.local.registry.com/my-org/ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - it: supports air-gapped registry with only global registry configured @@ -87,7 +87,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.3.0 + value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml # ======================================== @@ -246,7 +246,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0 + value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.imagePullSecrets @@ -286,7 +286,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: local.registry.com/my-org/ebpf-agent:1.3.0 + value: local.registry.com/my-org/ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.imagePullSecrets diff --git a/charts/nr-ebpf-agent/tests/global_inheritance_test.yaml b/charts/nr-ebpf-agent/tests/global_inheritance_test.yaml index 157a15138a..7fad70b244 100644 --- a/charts/nr-ebpf-agent/tests/global_inheritance_test.yaml +++ b/charts/nr-ebpf-agent/tests/global_inheritance_test.yaml @@ -18,7 +18,7 @@ tests: asserts: - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[7].value + path: spec.template.spec.containers[0].env[6].value value: test-cluster # ============================================================================= @@ -79,7 +79,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: docker.io/newrelic/newrelic-ebpf-agent:1.3.0 + value: docker.io/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - it: should use global.images.registry for ebpfAgent image @@ -120,7 +120,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0 + value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - it: prefers local registry over global registry for kernel header installer @@ -155,7 +155,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: my.local.registry.com/my-org/ebpf-agent:1.3.0 + value: my.local.registry.com/my-org/ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - it: supports air-gapped registry with only global registry configured @@ -172,7 +172,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.3.0 + value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml # ============================================================================= @@ -479,11 +479,11 @@ tests: asserts: - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[9].name + path: spec.template.spec.containers[0].env[8].name value: OTLP_ENDPOINT - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[9].value + path: spec.template.spec.containers[0].env[8].value value: staging-otlp.nr-data.net:443 - it: should use EU endpoint when global.eu is true @@ -495,11 +495,11 @@ tests: asserts: - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[9].name + path: spec.template.spec.containers[0].env[8].name value: OTLP_ENDPOINT - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[9].value + path: spec.template.spec.containers[0].env[8].value value: otlp.eu01.nr-data.net:443 - it: should use default endpoint by default @@ -508,11 +508,11 @@ tests: asserts: - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[9].name + path: spec.template.spec.containers[0].env[8].name value: OTLP_ENDPOINT - template: templates/nr-ebpf-agent-daemonset.yaml equal: - path: spec.template.spec.containers[0].env[9].value + path: spec.template.spec.containers[0].env[8].value value: otlp.nr-data.net:443 # ============================================================================= @@ -535,7 +535,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0 + value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.imagePullSecrets @@ -576,7 +576,7 @@ tests: template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.containers[0].image - value: local.registry.com/my-org/ebpf-agent:1.3.0 + value: local.registry.com/my-org/ebpf-agent:1.4.0 template: templates/nr-ebpf-agent-daemonset.yaml - equal: path: spec.template.spec.imagePullSecrets diff --git a/charts/nr-ebpf-agent/values.yaml b/charts/nr-ebpf-agent/values.yaml index a019488614..ad9f490e44 100644 --- a/charts/nr-ebpf-agent/values.yaml +++ b/charts/nr-ebpf-agent/values.yaml @@ -9,20 +9,42 @@ customSecretName: "" customSecretLicenseKey: "" # -- If using a customSecretLicenseKey, you must supply your region "US"/"EU". Otherwise, leave this value as an empty string. region: "" +# -- Custom OTLP endpoint URL. When set, this takes precedence over the region-based static endpoints. +customOtlpEndpoint: "" +# -- Whether TLS is enabled on the OTLP endpoint. Defaults to true. +# Only overridden when both customOtlpEndpoint and this field are explicitly set. +customOtlpEndpointTlsEnabled: true +# -- Name of the Kubernetes secret containing the CA certificate for the custom OTLP endpoint. +# Only used when customOtlpEndpoint is set. Must be provided together with customOtlpEndpointTlsCertSecretKey. +customOtlpEndpointTlsCertSecret: "" +# -- Key within the secret that contains the CA certificate. +# Only used when customOtlpEndpoint is set. Must be provided together with customOtlpEndpointTlsCertSecret. +customOtlpEndpointTlsCertSecretKey: "" # -- To configure the log level in increasing order of verboseness. # -- OFF, FATAL, ERROR, WARNING, INFO, DEBUG logLevel: "" # -- To configure log file path of eBPF Agent. If logging to this path fails, logs will be directed to stdout. logFilePath: "" -# -- The primary lever to control RAM use of the eBPF agent. Specified in MiB. -tableStoreDataLimitMB: "250" -# -- Enable APM data reporting. When enabled, the agent collects and reports application performance monitoring data -apmDataReporting: true -# -- Enable network metrics reporting. When enabled, the agent collects and reports network metrics including TCP statistics -# RENAMED from 'tcpStatsReporting' for clarity. The old name is deprecated but still supported for backward compatibility. -networkMetricsReporting: true -# -- Enable log reporting. When enabled, the agent collects and reports logs. -logReporting: false +# -- Enable APM data reporting. When enabled, the agent collects and reports application performance monitoring data. Controls APM data reporting. Accepted values: 'true' (always send), 'false' (never send), 'auto' (send only when neither APM nor OTel agent is attached) +reportApmData: "auto" +# -- Enable network metrics reporting. When enabled, the agent collects and reports network metrics including TCP statistics. Controls network metrics reporting. Accepted values: 'true' (always send), 'false' (never send) and 'auto' +reportNetworkMetrics: "auto" +# -- Enable log reporting. When enabled, the agent collects and reports logs. Controls log reporting. Accepted values: 'true' (always send), 'false' (never send), 'auto' (send only when neither APM nor OTel agent is attached) +reportLogs: "false" +# -- Enable AI monitoring. When enabled, the agent collects and reports AI monitoring data. Accepted values: 'true' (always send), 'false' (never send), 'auto' (send only when neither APM nor OTel agent is attached) +reportAiMetrics: "false" +# -- Enable GenAI capture message content. When enabled, the agent captures message content for GenAI interactions. Use with caution. +genAICaptureMessageContent: false + +# -- Custom labels to be added to all entities reported by the eBPF agent. +# These labels are sent as the NEW_RELIC_LABELS environment variable in the format "key1:value1;key2:value2". +# Example: +# entityLabels: +# datacenter: "us-east-1" +# cluster: "prod-cluster" +# environment: "production" +entityLabels: {} + # -- All data drop filters configuration # Configure filters to drop all types of data (Network Metrics and APM data) based on config provided @@ -31,13 +53,27 @@ allDataFilters: # RENAMED from 'dropDataNewRelic' for clarity. The old name is deprecated but still supported for backward compatibility. dropNewRelicBundle: true # -- List of Kubernetes namespaces for which all data should be dropped by the agent. - # RENAMED from 'dropDataForNamespaces' for clarity. The old name is deprecated but still supported for backward compatibility. + # Use either dropNamespaces or keepNamespaces to filter namespaces, not both. If both are provided, keepNamespaces takes precedence. dropNamespaces: ["kube-system"] + # -- List of Kubernetes namespaces for which all data should be sent by the agent. + # Use either dropNamespaces or keepNamespaces to filter namespaces, not both. If both are provided, keepNamespaces takes precedence. + keepNamespaces: [] + # -- Pod labels to match for filtering all data. Empty map means no label-based filtering + # Example: dropPodLabels: { "app": "frontend", "env": "production" } + # Use either dropPodLabels or keepPodLabels to filter based on pod labels, not both. If both are provided, keepPodLabels takes precedence. + dropPodLabels: {} + # -- Pod labels to match for keeping all data. Empty map means no label-based filtering + # Example: keepPodLabels: { "app": "frontend", "env": "production" } + # Use either dropPodLabels or keepPodLabels to filter based on pod labels, not both. If both are provided, keepPodLabels takes precedence. + keepPodLabels: {} # -- Define a regex to match k8s service names to drop. Example "kube-dns|otel-collector|\\bblah\\b" - # RENAMED from 'dropServiceNameRegex' for clarity. The old name is deprecated but still supported for backward compatibility. + # Use either dropServiceNameRegex or keepServiceNameRegex to filter service names, not both. + # If both are provided, keepServiceNameRegex takes precedence. dropServiceNameRegex: "" # -- This config acts as a bypass for the dropServiceNameRegex config. # Service names that match this regex will not have their data dropped by the dropServiceNameRegex. + # Use either dropServiceNameRegex or keepServiceNameRegex to filter service names, not both. + # If both are provided, keepServiceNameRegex takes precedence. # RENAMED from 'allowServiceNameRegex' for clarity. The old name is deprecated but still supported for backward compatibility. keepServiceNameRegex: "" # -- Drop all data for applications/entities that have NewRelic/OTEL APM agents running @@ -46,8 +82,6 @@ allDataFilters: # -- APM data filters configuration # Configure filters to drop ebpf APM data based on config provided apmDataFilters: - # -- Drop eBPF APM data for applications/entities that have NewRelic APM/OTel agents running - dropEapmForApmEnabledEntity: true # -- Pod labels to match for filtering APM data. Empty map means no label-based filtering # Example: dropPodLabels: { "app": "frontend", "env": "production" } dropPodLabels: {} @@ -77,9 +111,11 @@ logDataFilters: # -- Application/entity log reporting filters applicationLogReporting: # -- Enable log reporting for entity monitored by eBPF Agent - enabled: false + enabled: true # -- Regex to match log file path to include for entity log reporting fileRegex: ".*.log$" + # -- Minimum log level to report (e.g., TRACE, DEBUG, INFO, WARN, ERROR). Default: INFO + logLevelThreshold: "INFO" # -- Maximum number of log samples to collect per minute from an entity. # The internal maxSamplesStored is calculated proportionally based on the harvest cycle (5 seconds): # maxSamplesStored = maxSamplesPerMinute / (60 / 5) = maxSamplesPerMinute / 12 @@ -102,8 +138,11 @@ logDataFilters: # Options: p1, p10, p50, p90, p99. protocols: global: - # Controls maximum unlinked spans reported per protocol. Set to 0 to disable limit + # Controls maximum unlinked spans reported per protocol. Set to 0 to disable limit. + # Unlinked spans are spans that the eBPF agent captures but cannot associate with its parent. max_unlinked_spans: "100" + # Reserves a configurable percentage of the unlinked span quota for error spans, ensuring error visibility even when normal spans arrive first. + unlinked_spans_error_quota_percentage: "30" http: enabled: true spans: