newrelic · kkhandelwal-nr · Apr 27, 2026 · Mar 17, 2026 · Mar 27, 2026 · Mar 30, 2026
@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.3.2
+version: 1.4.0
 
 dependencies:
   - name: common-library
@@ -23,7 +23,7 @@ dependencies:
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.3.0"
+appVersion: "1.4.0"
 home: https://github.com/newrelic/helm-charts
 sources:
   - https://github.com/newrelic/

@@ -131,12 +131,13 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
 | kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes cluster domain. |
 | labels | object | `{}` | Additional labels for chart objects. |
 | licenseKey | string | `""` | The license key to use. Can be configured with `global.licenseKey` |
-| logDataFilters.applicationReporting.enabled | bool | `true` | Enable logs collection from the entities matching the filters below. |
-| logDataFilters.applicationReporting.fileRegex | string | `".*\\.log$"` | Regex to match log file names to include. |
-| logDataFilters.applicationReporting.keepFileEntityRegex | string | `".*"` | Regex to match entity names to keep logs from log files. |
-| logDataFilters.applicationReporting.keepStdEntityRegex | string | `".*"` | Regex to match entity names to keep logs from stdout and stderr. |
-| logDataFilters.applicationReporting.maxSamplePerMinute | int | `10000` | Maximum number of log samples to collect per minute from an entity. |
-| logReporting | bool | `true` | Enable log reporting. When enabled, the agent collects and reports logs from entities. |
+| reportLogs | string | `false` | Enable log reporting. When enabled, the agent collects and reports logs from entities. Accepted values: 'true' (always send), 'false' (never send) and 'auto' (send only when APM is not attached)|
+| logDataFilters.applicationLogReporting.enabled | string | `true` | Enable logs collection from the entities matching the filters below. |
+| logDataFilters.applicationLogReporting.fileRegex | string | `".*\\.log$"` | Regex to match log file names to include. |
+| logDataFilters.applicationLogReporting.logLevelThreshold | string | "INFO | Minimum log level to report (e.g., TRACE, DEBUG, INFO, WARN, ERROR). Default: INFO |
+| logDataFilters.applicationLogReporting.keepFileEntityRegex | string | `".*"` | Regex to match entity names to keep logs from log files. |
+| logDataFilters.applicationLogReporting.keepStdEntityRegex | string | `".*"` | Regex to match entity names to keep logs from stdout and stderr. |
+| logDataFilters.applicationLogReporting.maxSamplePerMinute | int | `10000` | Maximum number of log samples to collect per minute from an entity. |
 | networkMetricsDataFilter.dropPodLabels | object | `{}` | Pod labels to match for filtering Network metrics data. Empty map means no label-based filtering. (Example: dropPodLabels: `{ "app": "frontend", "env": "production" }`) |
 | networkMetricsDataFilter.dropEntityName | list | `[]` | List of entity names to drop Network metrics data for |
 | networkMetricsDataFilter.keepEntityName | list | `[]` | List of entity names to always keep Network metrics data. By default all entities are kept/enabled. This config bypasses `dropEntityName` filter. |
@@ -175,7 +176,6 @@ Options that can be defined globally include `affinity`, `nodeSelector`, `tolera
 | protocols.redis.spans.enabled | bool | `false` |  |
 | protocols.redis.spans.samplingLatency | string | `""` |  |
 | stirlingSources | string | `"socket_tracer,tcp_stats"` | The source connectors (and data export scripts) to enable. Note that socket_tracer tracks http, mysql, redis, mongodb, amqp, cassandra, dns, and postgresql while tcp_stats tracks TCP metrics. |
-| tableStoreDataLimitMB | string | `"250"` | The primary lever to control RAM use of the eBPF agent. Specified in MiB. |
 | tolerations | list | `[]` | Sets all pods' tolerations to node taints. Can be configured also with `global.tolerations` |
 
 ## Common Errors

@@ -1,4 +1,10 @@
 ---
+{{- if or (and .Values.customOtlpEndpointTlsCertSecret (not .Values.customOtlpEndpointTlsCertSecretKey)) (and (not .Values.customOtlpEndpointTlsCertSecret) .Values.customOtlpEndpointTlsCertSecretKey) }}
+  {{- fail "Both customOtlpEndpointTlsCertSecret and customOtlpEndpointTlsCertSecretKey must be provided together." }}
+{{- end }}
+{{- if and .Values.customOtlpEndpointTlsCertSecret (not .Values.customOtlpEndpoint) }}
+  {{- fail "customOtlpEndpointTlsCertSecret is set but customOtlpEndpoint is not provided. Please provide a customOtlpEndpoint or remove the TLS cert configuration." }}
+{{- end }}
 {{- $region := include "newrelic.common.region" . }}
 apiVersion: apps/v1
 kind: DaemonSet
@@ -72,6 +78,10 @@ spec:
             value: "{{ include "nr-ebpf-agent.logLevel" . }}"
           - name: NEW_RELIC_LOG_FILE_PATH
             value: "{{ .Values.logFilePath }}"
+          {{- if .Values.entityLabels }}
+          - name: NEW_RELIC_LABELS
+            value: "{{- $labels := list -}}{{- range $key, $value := .Values.entityLabels -}}{{- $labels = append $labels (printf "%s:%s" $key $value) -}}{{- end -}}{{ join ";" $labels }}"
+          {{- end }}
           - name: NEW_RELIC_LICENSE_KEY
             valueFrom:
               secretKeyRef:
@@ -82,8 +92,11 @@ spec:
                 key: {{ include "newrelic.common.license._customSecretKey" . }}
                 name: {{ include "newrelic.common.license._customSecretName" . }}
                 {{- end }}
+
+          {{- if .Values.tableStoreDataLimitMB }}
           - name: TABLE_STORE_DATA_LIMIT_MB
             value: "{{ .Values.tableStoreDataLimitMB }}"
+          {{- end }}
 
           {{- if .Values.ebpfAgent.downloadedPackagedHeadersPath }}
           - name: DOWNLOADED_PACKAGED_HEADERS_PATH
@@ -101,12 +114,20 @@ spec:
               fieldRef:
                 fieldPath: status.hostIP
           - name: OTLP_ENDPOINT
-        {{- if eq $region "Staging" }}
+        {{- if .Values.customOtlpEndpoint }}
+            value: "{{ .Values.customOtlpEndpoint }}"
+        {{- else if eq $region "Staging" }}
             value: "staging-otlp.nr-data.net:443"
         {{- else if eq $region "EU" }}
             value: "otlp.eu01.nr-data.net:443"
         {{- else }}
             value: "otlp.nr-data.net:443"
+        {{- end }}
+          - name: TLS_ENABLED
+            value: "{{ .Values.customOtlpEndpointTlsEnabled }}"
+        {{- if and .Values.customOtlpEndpointTlsCertSecret .Values.customOtlpEndpointTlsCertSecretKey }}
+          - name: TLS_CERT_PATH
+            value: "/etc/otlp-tls/{{ .Values.customOtlpEndpointTlsCertSecretKey }}"
         {{- end }}
           {{- include "generateClientScriptEnvVars" . | nindent 10 }}
           {{- if .Values.protocols.global }}
@@ -133,26 +154,43 @@ spec:
             value: {{ .Release.Namespace }}
           - name: AGENT_SERVICE_NAME
             value: {{ include "nr-ebpf-agent.service.name" . }}
-          - name: APM_DATA_REPORTING
-            value: "{{ if hasKey .Values "apmDataReporting" }}{{ .Values.apmDataReporting }}{{ else }}true{{ end }}"
-          - name: NETWORK_METRICS_REPORTING
-            value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}"  
-          - name: LOG_REPORTING
-            value: "{{ if hasKey .Values "logReporting" }}{{ .Values.logReporting }}{{ else }}false{{ end }}"
+          - name: REPORT_APM_DATA
+            value: "{{ .Values.reportApmData }}"
+          - name: REPORT_NETWORK_METRICS
+            value: "{{ .Values.reportNetworkMetrics }}"
+          - name: REPORT_LOGS
+          {{- if hasKey .Values "reportLogs" }}
+            value: "{{ .Values.reportLogs }}"
+          {{- else if hasKey .Values "logReporting" }}
+            value: "{{ .Values.logReporting }}"
+          {{- else }}
+            value: "false"
+          {{- end }}
+          - name: REPORT_AI_METRICS
+            value: "{{ if hasKey .Values "reportAiMetrics" }}{{ .Values.reportAiMetrics }}{{ else }}false{{ end }}"
+          - name: GENAI_CAPTURE_MESSAGE_CONTENT
+            value: "{{ if hasKey .Values "genAICaptureMessageContent" }}{{ .Values.genAICaptureMessageContent }}{{ else }}false{{ end }}"
+
           # ALL Data filtering configuration
           {{- if .Values.allDataFilters }}
           - name: DROP_ALL_DATA_FOR_NEW_RELIC
             value: "{{ if hasKey .Values.allDataFilters "dropNewRelicBundle" }}{{ .Values.allDataFilters.dropNewRelicBundle }}{{ else }}true{{ end }}"
           - name: DROP_ALL_DATA_FOR_NAMESPACES
             value: "{{ .Values.allDataFilters.dropNamespaces | join "," }}"
+          - name: KEEP_ALL_DATA_FOR_NAMESPACES
+            value: "{{ .Values.allDataFilters.keepNamespaces | join "," }}"
+          - name: DROP_ALL_DATA_FOR_POD_LABELS
+            value: "{{ range $key, $value := .Values.allDataFilters.dropPodLabels }}{{ $key }}={{ $value }},{{ end }}"
+          - name: KEEP_ALL_DATA_FOR_POD_LABELS
+            value: "{{ range $key, $value := .Values.allDataFilters.keepPodLabels }}{{ $key }}={{ $value }},{{ end }}"
           - name: DROP_ALL_DATA_FOR_SERVICE_NAME_REGEX
             value: {{ .Values.allDataFilters.dropServiceNameRegex }}
           - name: KEEP_ALL_DATA_FOR_SERVICE_NAME_REGEX
             value: {{ .Values.allDataFilters.keepServiceNameRegex }}
           - name: DROP_ALL_DATA_FOR_APM_AGENT_ENABLED_ENTITY
             value: "{{ if hasKey .Values.allDataFilters "dropApmAgentEnabledEntity" }}{{ .Values.allDataFilters.dropApmAgentEnabledEntity }}{{ else }}false{{ end }}"
           {{- end }}
-          
+
           # APM data filtering configuration
           {{- if .Values.apmDataFilters }}
           - name: DROP_APM_DATA_FOR_APM_AGENT_ENABLED_ENTITY
@@ -185,9 +223,11 @@ spec:
           {{- if .Values.logDataFilters }}
           {{- if .Values.logDataFilters.applicationLogReporting }}
           - name: APPLICATION_LOG_REPORTING_ENABLED
-            value: "{{ .Values.logDataFilters.applicationLogReporting.enabled | default false }}"
+            value: "{{ .Values.logDataFilters.applicationLogReporting.enabled | default true }}"
           - name: APPLICATION_LOG_FILE_REGEX
             value: {{ .Values.logDataFilters.applicationLogReporting.fileRegex | quote }}
+          - name: APPLICATION_LOG_LEVEL_THRESHOLD
+            value: "{{ .Values.logDataFilters.applicationLogReporting.logLevelThreshold | default "INFO" }}"
           - name: MAX_LOG_SAMPLES_PER_MINUTE
             value: "{{ .Values.logDataFilters.applicationLogReporting.maxSamplesPerMinute | default 10000 }}"
           - name: KEEP_STDSTREAM_LOG_FOR_ENTITY_REGEX
@@ -201,6 +241,8 @@ spec:
           # If you are using an older configuration file with a newer Helm chart version, these settings will still work.
           # However, please update your configuration to use the new filtering mechanisms.
           # These variables will be removed in a future release.
+          - name: APM_DATA_REPORTING
+            value: "{{ if hasKey .Values "apmDataReporting" }}{{ .Values.apmDataReporting }}{{ else }}true{{ end }}"
           - name: TCP_STATS_REPORTING
             value: "{{ if hasKey .Values "networkMetricsReporting" }}{{ .Values.networkMetricsReporting }}{{ else if hasKey .Values "tcpStatsReporting" }}{{ .Values.tcpStatsReporting }}{{ else }}true{{ end }}"
           - name: DROP_DATA_NEW_RELIC
@@ -225,6 +267,11 @@ spec:
           - name: kernel-headers-volume
             mountPath: /kernel-headers
             readOnly: true
+          {{- if and .Values.customOtlpEndpointTlsCertSecret .Values.customOtlpEndpointTlsCertSecretKey }}
+          - name: otlp-tls-cert
+            mountPath: /etc/otlp-tls
+            readOnly: true
+          {{- end }}
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
       hostPID: true
@@ -245,6 +292,14 @@ spec:
           type: Directory
       - name: kernel-headers-volume
         emptyDir: {}
+      {{- if and .Values.customOtlpEndpointTlsCertSecret .Values.customOtlpEndpointTlsCertSecretKey }}
+      - name: otlp-tls-cert
+        secret:
+          secretName: {{ .Values.customOtlpEndpointTlsCertSecret }}
+          items:
+          - key: {{ .Values.customOtlpEndpointTlsCertSecretKey }}
+            path: {{ .Values.customOtlpEndpointTlsCertSecretKey }}
+      {{- end }}
       {{- with include "newrelic.common.nodeSelector" . }}
       nodeSelector:
         {{- . | nindent 8 -}}
@@ -256,4 +311,4 @@ spec:
       {{- with include "nrEbpfAgent.ebpfAgent.tolerations" . }}
       tolerations:
         {{- . | nindent 8 }}
-      {{- end }}
+      {{- end }}
@@ -22,7 +22,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: docker.io/newrelic/newrelic-ebpf-agent:1.3.0
+          value: docker.io/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   - it: uses global.images.registry for both images when set and no local override
@@ -38,7 +38,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0
+          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   - it: prefers local registry over global registry for kernel header installer
@@ -71,7 +71,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: my.local.registry.com/my-org/ebpf-agent:1.3.0
+          value: my.local.registry.com/my-org/ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   - it: supports air-gapped registry with only global registry configured
@@ -87,7 +87,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.3.0
+          value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   # ========================================
@@ -246,7 +246,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0
+          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.imagePullSecrets
@@ -286,7 +286,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: local.registry.com/my-org/ebpf-agent:1.3.0
+          value: local.registry.com/my-org/ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.imagePullSecrets

@@ -18,7 +18,7 @@ tests:
     asserts:
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[7].value
+          path: spec.template.spec.containers[0].env[6].value
           value: test-cluster
 
   # =============================================================================
@@ -79,7 +79,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: docker.io/newrelic/newrelic-ebpf-agent:1.3.0
+          value: docker.io/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   - it: should use global.images.registry for ebpfAgent image
@@ -120,7 +120,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0
+          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   - it: prefers local registry over global registry for kernel header installer
@@ -155,7 +155,7 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].image
-          value: my.local.registry.com/my-org/ebpf-agent:1.3.0
+          value: my.local.registry.com/my-org/ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   - it: supports air-gapped registry with only global registry configured
@@ -172,7 +172,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.3.0
+          value: registry.internal.company.com/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
 
   # =============================================================================
@@ -479,11 +479,11 @@ tests:
     asserts:
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[9].name
+          path: spec.template.spec.containers[0].env[8].name
           value: OTLP_ENDPOINT
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[9].value
+          path: spec.template.spec.containers[0].env[8].value
           value: staging-otlp.nr-data.net:443
 
   - it: should use EU endpoint when global.eu is true
@@ -495,11 +495,11 @@ tests:
     asserts:
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[9].name
+          path: spec.template.spec.containers[0].env[8].name
           value: OTLP_ENDPOINT
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[9].value
+          path: spec.template.spec.containers[0].env[8].value
           value: otlp.eu01.nr-data.net:443
 
   - it: should use default endpoint by default
@@ -508,11 +508,11 @@ tests:
     asserts:
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[9].name
+          path: spec.template.spec.containers[0].env[8].name
           value: OTLP_ENDPOINT
       - template: templates/nr-ebpf-agent-daemonset.yaml
         equal:
-          path: spec.template.spec.containers[0].env[9].value
+          path: spec.template.spec.containers[0].env[8].value
           value: otlp.nr-data.net:443
 
   # =============================================================================
@@ -535,7 +535,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.3.0
+          value: my.private.registry.com/newrelic/newrelic-ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.imagePullSecrets
@@ -576,7 +576,7 @@ tests:
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.containers[0].image
-          value: local.registry.com/my-org/ebpf-agent:1.3.0
+          value: local.registry.com/my-org/ebpf-agent:1.4.0
         template: templates/nr-ebpf-agent-daemonset.yaml
       - equal:
           path: spec.template.spec.imagePullSecrets