Skip to content

Add support for secrets when loading additional_endpoints from env vars #37558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add support for secrets when loading additional_endpoints from env vars #37558

wants to merge 2 commits into from

Conversation

hush-hush
Copy link
Member

@hush-hush hush-hush commented Jun 2, 2025
edited
Loading

What does this PR do?

Add support for secrets when loading additional_endpoints from env vars as JSON payload.

Overall we're moving the env vars support within the config from each module. The code should not have custom cases depending on the source of a setting, once loaded they any source should produce the same types in the configuration. This also allow us to apply post-processing logic in all cases (like secrets resolution).

Motivation

Describe how you validated your changes

Set additional endpoints as through the env vars as JSON payload.

Env vars to test per team:

agent-metrics-logs:

  • logs_config.additional_endpoints

agent-apm:

  • apm_config.profiling_additional_endpoints
  • apm_config.additional_endpoints
  • apm_config.debugger_additional_endpoints
  • debugger_diagnostics_additional_endpoints
  • apm_config.symdb_additional_endpoints
  • apm_config.telemetry.additional_endpoints
  • ol_proxy_config.additional_endpoints
  • evp_proxy_config.additional_endpoints

container-app:

  • orchestrator_explorer.orchestrator_additional_endpoints
  • process_config.orchestrator_additional_endpoints

process-agent:

  • process_config.additional_endpoints
  • process_config.events_additional_endpoints

OTEL Agent team should validate that their special cases for logs_config.additional_endpoints still works as expected. The change from interface{} to string as the key for the map should not break anything since we're serializing a struct that can be loaded with mapstructure (ie: map[string]interface{}).

@hush-hush hush-hush requested review from a team as code owners June 2, 2025 16:28
@hush-hush hush-hush requested a review from rahulkaukuntla June 2, 2025 16:28
@github-actions github-actions bot added team/agent-configuration short review PR is simple enough to be reviewed quickly labels Jun 2, 2025
@cit-pr-commenter cit-pr-commenter
Copy link

cit-pr-commenter bot commented Jun 2, 2025
edited
Loading

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: bcfaa9a9-296d-45f8-a6ce-4ed5ba151785

Baseline: 0b2a5b1
Comparison: 532d46f
Diff

Optimization Goals: ❌ Regression(s) detected

perf experiment goal Δ mean % Δ mean % CI trials links
docker_containers_cpu % cpu utilization +7.02 [+3.85, +10.19] 1 Logs

Fine details of change detection per experiment

perf experiment goal Δ mean % Δ mean % CI trials links
docker_containers_cpu % cpu utilization +7.02 [+3.85, +10.19] 1 Logs
file_tree memory utilization +0.43 [+0.28, +0.57] 1 Logs
uds_dogstatsd_20mb_12k_contexts_20_senders memory utilization +0.35 [+0.31, +0.39] 1 Logs
quality_gate_idle memory utilization +0.06 [+0.00, +0.11] 1 Logs bounds checks dashboard
file_to_blackhole_0ms_latency egress throughput +0.04 [-0.58, +0.65] 1 Logs
file_to_blackhole_300ms_latency egress throughput +0.03 [-0.58, +0.65] 1 Logs
file_to_blackhole_100ms_latency egress throughput +0.01 [-0.65, +0.68] 1 Logs
file_to_blackhole_500ms_latency egress throughput +0.01 [-0.57, +0.60] 1 Logs
uds_dogstatsd_to_api ingress throughput +0.01 [-0.25, +0.27] 1 Logs
tcp_dd_logs_filter_exclude ingress throughput -0.00 [-0.03, +0.02] 1 Logs
otlp_ingest_metrics memory utilization -0.01 [-0.18, +0.16] 1 Logs
file_to_blackhole_0ms_latency_http2 egress throughput -0.03 [-0.63, +0.58] 1 Logs
file_to_blackhole_0ms_latency_http1 egress throughput -0.04 [-0.67, +0.60] 1 Logs
file_to_blackhole_1000ms_latency_linear_load egress throughput -0.04 [-0.28, +0.20] 1 Logs
file_to_blackhole_1000ms_latency egress throughput -0.06 [-0.64, +0.53] 1 Logs
quality_gate_logs % cpu utilization -0.21 [-2.98, +2.57] 1 Logs bounds checks dashboard
tcp_syslog_to_blackhole ingress throughput -0.29 [-0.36, -0.23] 1 Logs
ddot_logs memory utilization -0.37 [-0.51, -0.24] 1 Logs
otlp_ingest_logs memory utilization -0.39 [-0.51, -0.26] 1 Logs
ddot_metrics memory utilization -0.44 [-0.56, -0.33] 1 Logs
docker_containers_memory memory utilization -0.63 [-0.68, -0.58] 1 Logs
quality_gate_idle_all_features memory utilization -1.06 [-1.16, -0.97] 1 Logs bounds checks dashboard
uds_dogstatsd_to_api_cpu % cpu utilization -2.57 [-3.47, -1.68] 1 Logs

Bounds Checks: ❌ Failed

perf experiment bounds_check_name replicates_passed links
docker_containers_memory memory_usage 0/10
docker_containers_cpu simple_check_run 10/10
docker_containers_memory simple_check_run 10/10
file_to_blackhole_0ms_latency lost_bytes 10/10
file_to_blackhole_0ms_latency memory_usage 10/10
file_to_blackhole_0ms_latency_http1 lost_bytes 10/10
file_to_blackhole_0ms_latency_http1 memory_usage 10/10
file_to_blackhole_0ms_latency_http2 lost_bytes 10/10
file_to_blackhole_0ms_latency_http2 memory_usage 10/10
file_to_blackhole_1000ms_latency memory_usage 10/10
file_to_blackhole_1000ms_latency_linear_load memory_usage 10/10
file_to_blackhole_100ms_latency lost_bytes 10/10
file_to_blackhole_100ms_latency memory_usage 10/10
file_to_blackhole_300ms_latency lost_bytes 10/10
file_to_blackhole_300ms_latency memory_usage 10/10
file_to_blackhole_500ms_latency lost_bytes 10/10
file_to_blackhole_500ms_latency memory_usage 10/10
quality_gate_idle intake_connections 10/10 bounds checks dashboard
quality_gate_idle memory_usage 10/10 bounds checks dashboard
quality_gate_idle_all_features intake_connections 10/10 bounds checks dashboard
quality_gate_idle_all_features memory_usage 10/10 bounds checks dashboard
quality_gate_logs intake_connections 10/10 bounds checks dashboard
quality_gate_logs lost_bytes 10/10 bounds checks dashboard
quality_gate_logs memory_usage 10/10 bounds checks dashboard

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

  • ✅ = significantly better comparison variant performance
  • ❌ = significantly worse comparison variant performance
  • ➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

  1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

  2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

  3. Its configuration does not mark it "erratic".

CI Pass/Fail Decision

Passed. All Quality Gates passed.

  • quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
  • quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
  • quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
  • quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.

@agent-platform-auto-pr
Copy link
Contributor

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor 0b2a5b1

Successful checks

Info

Quality gate Delta On disk size (MiB) Delta On wire size (MiB)
agent_deb_amd64 $${\color{red}+0.05}$$ $${\color{green}747.17}$$ < $${752.99}$$ $${\color{green}-0.05}$$ $${\color{green}185.01}$$ < $${187.44}$$
agent_deb_amd64_fips $${\color{red}+0.05}$$ $${\color{green}745.53}$$ < $${751.36}$$ $${\color{red}+0.01}$$ $${\color{green}184.43}$$ < $${187.06}$$
agent_heroku_amd64 $${\color{red}+0.02}$$ $${\color{green}368.75}$$ < $${369.68}$$ $${\color{red}+0}$$ $${\color{green}98.68}$$ < $${99.55}$$
agent_msi $${\color{red}+0.11}$$ $${\color{green}986.5}$$ < $${987.01}$$ $${\color{green}0}$$ $${\color{green}149.71}$$ < $${150.72}$$
agent_rpm_amd64 $${\color{red}+0.05}$$ $${\color{green}747.16}$$ < $${752.98}$$ $${\color{red}+0.03}$$ $${\color{green}186.57}$$ < $${190.03}$$
agent_rpm_amd64_fips $${\color{red}+0.05}$$ $${\color{green}745.52}$$ < $${751.35}$$ $${\color{red}+0.01}$$ $${\color{green}186.23}$$ < $${189.81}$$
agent_rpm_arm64 $${\color{red}+0.04}$$ $${\color{green}733.87}$$ < $${739.42}$$ $${\color{green}-0.01}$$ $${\color{green}168.66}$$ < $${171.23}$$
agent_rpm_arm64_fips $${\color{red}+0.04}$$ $${\color{green}732.36}$$ < $${737.91}$$ $${\color{red}+0.03}$$ $${\color{green}167.71}$$ < $${170.22}$$
agent_suse_amd64 $${\color{red}+0.05}$$ $${\color{green}747.16}$$ < $${752.98}$$ $${\color{red}+0.03}$$ $${\color{green}186.57}$$ < $${190.03}$$
agent_suse_amd64_fips $${\color{red}+0.05}$$ $${\color{green}745.52}$$ < $${751.35}$$ $${\color{red}+0.01}$$ $${\color{green}186.23}$$ < $${189.81}$$
agent_suse_arm64 $${\color{red}+0.04}$$ $${\color{green}733.87}$$ < $${739.42}$$ $${\color{green}-0.01}$$ $${\color{green}168.66}$$ < $${171.23}$$
agent_suse_arm64_fips $${\color{red}+0.04}$$ $${\color{green}732.36}$$ < $${737.91}$$ $${\color{red}+0.03}$$ $${\color{green}167.71}$$ < $${170.22}$$
docker_agent_amd64 $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_arm64 $${\color{red}+0.04}$$ $${\color{green}841.12}$$ < $${858.97}$$ $${\color{red}+0.01}$$ $${\color{green}268.3}$$ < $${274.36}$$
docker_agent_jmx_amd64 $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_jmx_arm64 $${\color{red}+0.04}$$ $${\color{green}841.12}$$ < $${858.97}$$ $${\color{red}+0.01}$$ $${\color{green}268.3}$$ < $${274.36}$$
docker_agent_windows1809 $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows1809_core $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows1809_core_jmx $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows1809_jmx $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows2022 $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows2022_core $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows2022_core_jmx $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_agent_windows2022_jmx $${\color{red}+0.05}$$ $${\color{green}830.96}$$ < $${849.39}$$ $${\color{red}+0.02}$$ $${\color{green}282.19}$$ < $${288.34}$$
docker_cluster_agent_amd64 $${\color{red}+0.02}$$ $${\color{green}259.1}$$ < $${259.73}$$ $${\color{red}+0.01}$$ $${\color{green}102.85}$$ < $${103.68}$$
docker_cluster_agent_arm64 $${\color{red}+0}$$ $${\color{green}273.56}$$ < $${274.24}$$ $${\color{green}-0}$$ $${\color{green}97.57}$$ < $${98.45}$$
docker_cws_instrumentation_amd64 $${\color{green}0}$$ $${\color{green}7.08}$$ < $${7.12}$$ $${\color{green}-0}$$ $${\color{green}2.95}$$ < $${3.29}$$
docker_cws_instrumentation_arm64 $${\color{green}0}$$ $${\color{green}6.69}$$ < $${6.92}$$ $${\color{green}-0}$$ $${\color{green}2.7}$$ < $${3.07}$$
docker_dogstatsd_amd64 $${\color{red}+0}$$ $${\color{green}38.92}$$ < $${39.57}$$ $${\color{red}+0}$$ $${\color{green}14.95}$$ < $${15.76}$$
docker_dogstatsd_arm64 $${\color{green}-0}$$ $${\color{green}37.52}$$ < $${38.2}$$ $${\color{green}-0}$$ $${\color{green}13.96}$$ < $${14.83}$$
dogstatsd_deb_amd64 $${\color{red}+0.01}$$ $${\color{green}30.61}$$ < $${31.52}$$ $${\color{red}+0}$$ $${\color{green}8.03}$$ < $${8.97}$$
dogstatsd_deb_arm64 $${\color{red}+0.01}$$ $${\color{green}29.16}$$ < $${30.08}$$ $${\color{red}+0}$$ $${\color{green}6.97}$$ < $${7.92}$$
dogstatsd_rpm_amd64 $${\color{red}+0.01}$$ $${\color{green}30.61}$$ < $${31.52}$$ $${\color{red}+0}$$ $${\color{green}8.04}$$ < $${8.98}$$
dogstatsd_suse_amd64 $${\color{red}+0.01}$$ $${\color{green}30.61}$$ < $${31.52}$$ $${\color{red}+0}$$ $${\color{green}8.04}$$ < $${8.98}$$
iot_agent_deb_amd64 $${\color{red}+0.01}$$ $${\color{green}59.91}$$ < $${60.17}$$ $${\color{red}+0}$$ $${\color{green}14.98}$$ < $${15.82}$$
iot_agent_deb_arm64 $${\color{red}+0.01}$$ $${\color{green}56.65}$$ < $${56.94}$$ $${\color{red}+0}$$ $${\color{green}12.85}$$ < $${13.86}$$
iot_agent_deb_armhf $${\color{red}+0.01}$$ $${\color{green}56.09}$$ < $${56.41}$$ $${\color{red}+0}$$ $${\color{green}13.0}$$ < $${13.86}$$
iot_agent_rpm_amd64 $${\color{red}+0.01}$$ $${\color{green}59.92}$$ < $${60.18}$$ $${\color{red}+0.01}$$ $${\color{green}15.0}$$ < $${15.84}$$
iot_agent_rpm_arm64 $${\color{red}+0.01}$$ $${\color{green}56.65}$$ < $${56.94}$$ $${\color{green}-0}$$ $${\color{green}12.87}$$ < $${13.76}$$
iot_agent_suse_amd64 $${\color{red}+0.01}$$ $${\color{green}59.92}$$ < $${60.18}$$ $${\color{red}+0.01}$$ $${\color{green}15.0}$$ < $${15.84}$$

@hush-hush hush-hush force-pushed the maxime/fix-additional-endpoints-envar-support branch from 2bb982c to d4fbc63 Compare June 3, 2025 10:25
@hush-hush hush-hush requested review from a team as code owners June 3, 2025 10:25
@hush-hush hush-hush requested a review from jeremy-hanna June 3, 2025 10:25
@hush-hush hush-hush added qa/rc-required Only for a PR that requires validation on the Release Candidate and removed do-not-merge/WIP labels Jun 3, 2025
@github-actions github-actions bot added medium review PR review might take time and removed short review PR is simple enough to be reviewed quickly labels Jun 3, 2025
pgimalac
pgimalac reviewed Jun 3, 2025
View reviewed changes
@hush-hush hush-hush force-pushed the maxime/fix-additional-endpoints-envar-support branch from d4fbc63 to f66c8a5 Compare June 3, 2025 11:20
pgimalac
pgimalac approved these changes Jun 3, 2025
View reviewed changes
@StephenWakely StephenWakely mentioned this pull request Jun 3, 2025
Open
aliciascott
aliciascott reviewed Jun 3, 2025
View reviewed changes
Copy link
Contributor

@aliciascott aliciascott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hi @hush-hush just a minor typo but approved

@hush-hush @aliciascott
Update releasenotes/notes/support-for-secrets-additional-endpoints-fr…
532d46f 
…om-env-var-85c903770a231df4.yaml

Co-authored-by: Alicia Scott <aliciascott@users.noreply.github.com>
@hush-hush hush-hush requested a review from a team as a code owner June 4, 2025 10:07
GustavoCaso
GustavoCaso reviewed Jun 6, 2025
View reviewed changes
pkg/config/setup/config.go
Comment on lines +2546 to +2552
config.ParseEnvAsSlice(prefix+"additional_endpoints", func(in string) []interface{} {
var mappings []interface{}
if err := json.Unmarshal([]byte(in), &mappings); err != nil {
log.Errorf(`"%s" can not be parsed: %v`, prefix+"additional_endpoints", err)
}
return mappings
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit + personal opinion + no-blocker: should we make it into a helper function, same as enableJSONParsingFromEnv? I know. It is used only in one place, but it would make the file more homogeneous

GustavoCaso
GustavoCaso reviewed Jun 6, 2025
View reviewed changes
pkg/config/setup/apm.go
config.BindEnv("apm_config.additional_endpoints", "DD_APM_ADDITIONAL_ENDPOINTS")
enableJSONParsingFromEnv(config, "apm_config.additional_endpoints")
config.BindEnv("apm_config.replace_tags", "DD_APM_REPLACE_TAGS")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Wondering if it would make more sense to have a wrapper around BindEnv to have an options argument to indicate if we should enable JSON parsing per key?

config.BindEnv("apm_config.additional_endpoints", "DD_APM_ADDITIONAL_ENDPOINTS", nested_json_map)

@robertjli robertjli removed the request for review from a team June 12, 2025 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GustavoCaso GustavoCaso GustavoCaso left review comments

@aliciascott aliciascott aliciascott left review comments

@StephenWakely StephenWakely StephenWakely approved these changes

@robertjli robertjli robertjli approved these changes

@jeremy-hanna jeremy-hanna jeremy-hanna approved these changes

@pgimalac pgimalac pgimalac approved these changes

@rahulkaukuntla rahulkaukuntla rahulkaukuntla approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
medium review PR review might take time qa/rc-required Only for a PR that requires validation on the Release Candidate team/agent-apm trace-agent team/agent-configuration team/agent-metrics-logs team/container-app team/opentelemetry-agent team/processes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@hush-hush @StephenWakely @robertjli @GustavoCaso @jeremy-hanna @pgimalac @aliciascott @rahulkaukuntla