curt pr review changes (minus extraConfig templating verification cha…

…nges)
hashicorp · Feb 9, 2024 · 3b27810 · 3b27810
1 parent e792599
commit 3b27810
Show file tree

Hide file tree

Showing 13 changed files with 173 additions and 129 deletions.
diff --git a/.changelog/3383.txt b/.changelog/3383.txt
@@ -1,15 +1,15 @@
 ```release-note:feature
 breaking-change: users who previously had agent `enable_debug` set in `global.server.extraConfig`, should remove the extraConfig entry to avoid configuration conflicts.
 breaking-change: users who previously had agent `telemetry` stanza settings for `disable_hostname`, `enable_host_metrics`, `prefix_filter`, `dogstatsd_addr`, and/or `dogstatsd_tags`, should remove the extraConfig entry/entries to avoid configuration conflicts.
-helm: introduces `global.metrics.datadogIntegration` overrides to streamline consul-k8s datadog integration.
+helm: introduces `global.metrics.datadog` overrides to streamline consul-k8s datadog integration.
 helm: introduces `global.metrics.enableConsulAgentDebug` to expose agent [`enable_debug`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#enable_debug) configuration.
 helm: introduces `global.metrics.disableAgentHostName` to expose agent [`telemetry.disable_hostname`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-disable_hostname) configuration.
 helm: introduces `global.metrics.enableHostMetrics` to expose agent [`telemetry.enable_host_metrics`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-enable_host_metrics) configuration.
-helm: introduces `global.metrics.metricsPrefixFiltering` to expose agent [`telemetry.prefix_filter`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-prefix_filter) configuration.
-helm: introduces `global.metrics.datadogIntegration.dogstatsd.dogstatsdAddr` to expose agent [`telemetry.dogstatsd_addr`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-dogstatsd_addr) configuration.
-helm: introduces `global.metrics.datadogIntegration.dogstatsd.dogstatsdTags` to expose agent [`telemetry.dogstatsd_tags`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-dogstatsd_tags) configuration.
+helm: introduces `global.metrics.prefixFilter` to expose agent [`telemetry.prefix_filter`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-prefix_filter) configuration.
+helm: introduces `global.metrics.datadog.dogstatsd.dogstatsdAddr` to expose agent [`telemetry.dogstatsd_addr`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-dogstatsd_addr) configuration.
+helm: introduces `global.metrics.datadog.dogstatsd.dogstatsdTags` to expose agent [`telemetry.dogstatsd_tags`](https://developer.hashicorp.com/consul/docs/agent/config/config-files#telemetry-dogstatsd_tags) configuration.
 helm: introduces required `ad.datadoghq.com/` annotations and `tags.datadoghq.com/` labels for integration with [Datadog Autodiscovery](https://docs.datadoghq.com/integrations/consul/?tab=containerized) and [Datadog Unified Service Tagging](https://docs.datadoghq.com/getting_started/tagging/unified_service_tagging/?tab=kubernetes#serverless-environment) for Consul.
 helm: introduces automated unix domain socket hostPath mounting for containerized integration with datadog within consul-server statefulset.
-helm: introduces `global.metrics.datadogIntegration.datadogOpenTelemetryCollector` override options to allow OTLP metrics forwarding to Datadog Agent.
+helm: introduces `global.metrics.datadog.datadogOpenTelemetryCollector` override options to allow OTLP metrics forwarding to Datadog Agent.
 control-plane: adds `server-acl-init` datadog agent token creation for datadog integration.
 ```
diff --git a/charts/consul/templates/_helpers.tpl b/charts/consul/templates/_helpers.tpl
@@ -520,41 +520,83 @@ Usage: {{ template "consul.validateResourceAPIs" . }}
 {{- end }}
 {{- end }}
 
+{{/*
+Validation for Consul Metrics configuration:
+
+Fail if metrics.enabled=true and metrics.disableAgentHostName=true, but metrics.enableAgentMetrics=false
+    - metrics.enabled = true
+    - metrics.enableAgentMetrics = false
+    - metrics.disableAgentHostName = true
+
+Fail if metrics.enableAgentMetrics=true and metrics.disableAgentHostName=true, but metrics.enabled=false
+    - metrics.enabled = false
+    - metrics.enableAgentMetrics = true
+    - metrics.disableAgentHostName = true
+
+Fail if metrics.enabled=true and metrics.enableHostMetrics=true, but metrics.enableAgentMetrics=false
+    - metrics.enabled = true
+    - metrics.enableAgentMetrics = false
+    - metrics.enableHostMetrics = true
+
+Fail if metrics.enableAgentMetrics=true and metrics.enableHostMetrics=true, but metrics.enabled=false
+    - metrics.enabled = false
+    - metrics.enableAgentMetrics = true
+    - metrics.enableHostMetrics = true
+
+Usage: {{ template "consul.validateMetricsConfig" . }}
+
+*/}}
+
+{{- define "consul.validateMetricsConfig" -}}
+{{- if and (not .Values.global.metrics.enableAgentMetrics) (and .Values.global.metrics.disableAgentHostName .Values.global.metrics.enabled )}}
+{{fail "When enabling metrics (global.metrics.enabled) and disabling hostname emission from metrics (global.metrics.disableAgentHostName), global.metrics.enableAgentMetrics must be set to true"}}
+{{- end }}
+{{- if and (not .Values.global.metrics) (and .Values.global.metrics.disableAgentHostName .Values.global.metrics.enableAgentMetrics )}}
+{{fail "When enabling Consul agent metrics (global.metrics.enableAgentMetrics) and disabling hostname emission from metrics (global.metrics.disableAgentHostName), global metrics enablement (global.metrics.enabled) must be set to true"}}
+{{- end }}
+{{- if and (not .Values.global.metrics.enableAgentMetrics) (and .Values.global.metrics.disableAgentHostName .Values.global.metrics.enabled )}}
+{{fail "When disabling hostname emission from metrics (global.metrics.disableAgentHostName) and enabling global metrics (global.metrics.enabled), Consul agent metrics must be enabled(global.metrics.enableAgentMetrics=true)"}}
+{{- end }}
+{{- if and (not .Values.global.metrics.enabled) (and .Values.global.metrics.disableAgentHostName .Values.global.metrics.enableAgentMetrics)}}
+{{fail "When enabling Consul agent metrics (global.metrics.enableAgentMetrics) and disabling hostname metrics emission (global.metrics.disableAgentHostName), global metrics must be enabled (global.metrics.enabled)."}}
+{{- end }}
+{{- end -}}
+
 {{/*
 Validation for Consul Datadog Integration deployment:
 
 Fail if Datadog integration enabled and Consul server agent telemetry is not enabled.
-    - global.metrics.datadogIntegration.enabled=true
+    - global.metrics.datadog.enabled=true
     - global.metrics.enableAgentMetrics=false || global.metrics.enabled=false
 
 Fail if Consul OpenMetrics (Prometheus) and DogStatsD metrics are both enabled and configured.
-    - global.metrics.datadogIntegration.dogstatsd.enabled (scrapes `/v1/agent/metrics?format=prometheus` via the `use_prometheus_endpoint` option)
-    - global.metrics.datadogIntegration.openMetricsPrometheus.enabled (scrapes `/v1/agent/metrics?format=prometheus`)
+    - global.metrics.datadog.dogstatsd.enabled (scrapes `/v1/agent/metrics?format=prometheus` via the `use_prometheus_endpoint` option)
+    - global.metrics.datadog.openMetricsPrometheus.enabled (scrapes `/v1/agent/metrics?format=prometheus`)
     - see https://docs.datadoghq.com/integrations/consul/?tab=host#host for recommendation to not have both
 
 Fail if Datadog OTLP forwarding is enabled and Consul Telemetry Collection is not enabled.
-    - global.metrics.datadogIntegration.datadogOpenTelemetryCollector.enabled=true
+    - global.metrics.datadog.otlp.enabled=true
     - telemetryCollector.enabled=false
 
 Fail if Consul Open Telemetry collector forwarding protocol is not one of either "http" or "grpc"
-    - global.metrics.datadogIntegration.datadogOpenTelemetryCollector.protocol!="http" || global.metrics.datadogIntegration.datadogOpenTelemetryCollector.protocol!="grpc"
+    - global.metrics.datadog.otlp.protocol!="http" || global.metrics.datadog.otlp.protocol!="grpc"
 
 Usage: {{ template "consul.validateDatadogConfiguration" . }}
 
 */}}
 
 {{- define "consul.validateDatadogConfiguration" -}}
-{{- if and .Values.global.metrics.datadogIntegration.enabled (or (not .Values.global.metrics.enableAgentMetrics) (not .Values.global.metrics.enabled) )}}
+{{- if and .Values.global.metrics.datadog.enabled (or (not .Values.global.metrics.enableAgentMetrics) (not .Values.global.metrics.enabled) )}}
 {{fail "When enabling datadog metrics collection, the /v1/agent/metrics is required to be accessible, therefore global.metrics.enableAgentMetrics and global.metrics.enabled must be also be enabled."}}
 {{- end }}
-{{- if and .Values.global.metrics.datadogIntegration.dogstatsd.enabled .Values.global.metrics.datadogIntegration.openMetricsPrometheus.enabled }}
-{{fail "You must have one of DogStatsD (global.metrics.datadogIntegration.dogstatsd.enabled) or OpenMetrics (global.metrics.datadogIntegration.openMetricsPrometheus.enabled) enabled, not both as this is an unsupported configuration." }}
+{{- if and .Values.global.metrics.datadog.dogstatsd.enabled .Values.global.metrics.datadog.openMetricsPrometheus.enabled }}
+{{fail "You must have one of DogStatsD (global.metrics.datadog.dogstatsd.enabled) or OpenMetrics (global.metrics.datadog.openMetricsPrometheus.enabled) enabled, not both as this is an unsupported configuration." }}
 {{- end }}
-{{- if and .Values.global.metrics.datadogIntegration.datadogOpenTelemetryCollector.enabled (not .Values.telemetryCollector.enabled) }}
-{{fail "Cannot enable Datadog OTLP metrics collection (global.metrics.datadogIntegration.datadogOpenTelemetryCollector.enabled) without consul-telemetry-collector. Ensure Consul OTLP collection is enabled (telemetryCollector.enabled) and configured." }}
+{{- if and .Values.global.metrics.datadog.otlp.enabled (not .Values.telemetryCollector.enabled) }}
+{{fail "Cannot enable Datadog OTLP metrics collection (global.metrics.datadog.otlp.enabled) without consul-telemetry-collector. Ensure Consul OTLP collection is enabled (telemetryCollector.enabled) and configured." }}
 {{- end }}
-{{- if and .Values.global.metrics.datadogIntegration.datadogOpenTelemetryCollector.enabled (or (eq (.Values.global.metrics.datadogIntegration.datadogOpenTelemetryCollector.protocol | trimAll "\"" | quote) "http") (eq (.Values.global.metrics.datadogIntegration.datadogOpenTelemetryCollector.protocol | trimAll "\"" | quote) "grpc")) }}
-{{fail "Valid values for global.metrics.datadogIntegration.datadogOpenTelemetryCollector.protocol must be one of either \"http\" or \"grpc\"." }}
+{{- if and .Values.global.metrics.datadog.otlp.enabled (or (eq (.Values.global.metrics.datadog.otlp.protocol | trimAll "\"" | quote) "http") (eq (.Values.global.metrics.datadog.otlp.protocol | trimAll "\"" | quote) "grpc")) }}
+{{fail "Valid values for global.metrics.datadog.otlp.protocol must be one of either \"http\" or \"grpc\"." }}
 {{- end }}
 {{- end -}}
 
@@ -569,18 +611,18 @@ Usage: {{ template "consul.dogstatsdAaddressInfo" . }}
 */}}
 
 {{- define "consul.dogstatsdAaddressInfo" -}}
-{{- if (and .Values.global.metrics.datadogIntegration.enabled .Values.global.metrics.datadogIntegration.dogstatsd.enabled) }}
-        "dogstatsd_addr": "{{- if eq .Values.global.metrics.datadogIntegration.dogstatsd.socketTransportType "UDS" }}unix://{{ .Values.global.metrics.datadogIntegration.dogstatsd.dogstatsdAddr }}{{- else }}{{ .Values.global.metrics.datadogIntegration.dogstatsd.dogstatsdAddr | trimAll "\"" }}:{{ .Values.global.metrics.datadogIntegration.dogstatsd.dogstatsdPort | toString }}{{- end }}",{{- end }}
+{{- if (and .Values.global.metrics.datadog.enabled .Values.global.metrics.datadog.dogstatsd.enabled) }}
+        "dogstatsd_addr": "{{- if eq .Values.global.metrics.datadog.dogstatsd.socketTransportType "UDS" }}unix://{{ .Values.global.metrics.datadog.dogstatsd.dogstatsdAddr }}{{- else }}{{ .Values.global.metrics.datadog.dogstatsd.dogstatsdAddr | trimAll "\"" }}:{{ .Values.global.metrics.datadog.dogstatsd.dogstatsdPort | toString }}{{- end }}",{{- end }}
 {{- end -}}
 
 {{/*
 Configures the metrics prefixing that's required to either allow or dissallow certaing RPC or gRPC server calls:
 
-Usage: {{ template "consul.metricsPrefixFiltering" . }}
+Usage: {{ template "consul.prefixFilter" . }}
 */}}
-{{- define "consul.metricsPrefixFiltering" -}}
-{{- $allowList := .Values.global.metrics.metricsPrefixFiltering.allowList }}
-{{- $blockList := .Values.global.metrics.metricsPrefixFiltering.blockList }}
+{{- define "consul.prefixFilter" -}}
+{{- $allowList := .Values.global.metrics.prefixFilter.allowList }}
+{{- $blockList := .Values.global.metrics.prefixFilter.blockList }}
 {{- if and (not (empty $allowList)) (not (empty $blockList)) }}
         "prefix_filter": [{{- range $index, $value := concat $allowList $blockList -}}
     "{{- if (has $value $allowList) }}{{ printf "+%s" ($value | trimAll "\"") }}{{- else }}{{ printf "-%s" ($value | trimAll "\"") }}{{- end }}"{{- if lt $index (sub (len (concat $allowList $blockList)) 1) -}},{{- end -}}

diff --git a/charts/consul/templates/datadog-agent-role.yaml b/charts/consul/templates/datadog-agent-role.yaml
@@ -1,8 +1,8 @@
-{{- if .Values.global.metrics.datadogIntegration.enabled }}
+{{- if .Values.global.metrics.datadog.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "consul.fullname" . }}-datadog-metrics-agent
+  name: {{ template "consul.fullname" . }}-datadog-metrics
   namespace: {{ .Release.Namespace }}
   labels:
     app: datadog
@@ -15,15 +15,15 @@ rules:
   - apiGroups: ["policy"]
     resources: ["podsecuritypolicies"]
     resourceNames:
-      - {{ template "consul.fullname" . }}-datadog-metrics-agent
+      - {{ template "consul.fullname" . }}-datadog-metrics
     verbs:
       - use
 {{- end }}
 {{- if (and .Values.global.openshift.enabled .Values.server.exposeGossipAndRPCPorts ) }}
   - apiGroups: ["security.openshift.io"]
     resources: ["securitycontextconstraints"]
     resourceNames:
-      - {{ template "consul.fullname" . }}-datadog-metrics-agent
+      - {{ template "consul.fullname" . }}-datadog-metrics
     verbs:
       - use
 {{- end }}

diff --git a/charts/consul/templates/datadog-agent-rolebinding.yaml b/charts/consul/templates/datadog-agent-rolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.global.metrics.datadogIntegration.enabled }}
+{{- if .Values.global.metrics.datadog.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -17,6 +17,6 @@ subjects:
     namespace: datadog
 roleRef:
   kind: Role
-  name: {{ template "consul.fullname" . }}-datadog-metrics-agent
+  name: {{ template "consul.fullname" . }}-datadog-metrics
   apiGroup: ""
 {{- end }}
diff --git a/charts/consul/templates/server-acl-init-job.yaml b/charts/consul/templates/server-acl-init-job.yaml
@@ -2,9 +2,6 @@
 {{- if (and $serverEnabled .Values.externalServers.enabled) }}{{ fail "only one of server.enabled or externalServers.enabled can be set" }}{{ end -}}
 {{- if (or $serverEnabled .Values.externalServers.enabled) }}
 {{- if and .Values.global.acls.createReplicationToken (not .Values.global.acls.manageSystemACLs) }}{{ fail "if global.acls.createReplicationToken is true, global.acls.manageSystemACLs must be true" }}{{ end -}}
-{{- if .Values.global.metrics.enableDatadogIntegration }}
-{{- if and .Values.global.metrics.enableDatadogIntegration.createAgentToken (not .Values.global.acls.manageSystemACLs) }}{{ fail "if global.metrics.enableDatadogIntegration.createAgentToken is true, global.acls.manageSystemACLs must be true" }}{{ end -}}
-{{- end }}
 {{- if .Values.global.bootstrapACLs }}{{ fail "global.bootstrapACLs was removed, use global.acls.manageSystemACLs instead" }}{{ end -}}
 {{- if .Values.global.acls.manageSystemACLs }}
 {{- if or (and .Values.global.acls.bootstrapToken.secretName (not .Values.global.acls.bootstrapToken.secretKey))  (and .Values.global.acls.bootstrapToken.secretKey (not .Values.global.acls.bootstrapToken.secretName))}}{{ fail "both global.acls.bootstrapToken.secretKey and global.acls.bootstrapToken.secretName must be set if one of them is provided" }}{{ end -}}
@@ -276,7 +273,7 @@ spec:
             -create-enterprise-license-token=true \
             {{- end }}
 
-            {{- if (and (not .Values.global.metrics.datadogIntegration.dogstatsd.enabled) .Values.global.metrics.datadogIntegration.enabled .Values.global.acls.manageSystemACLs) }}
+            {{- if (and (not .Values.global.metrics.datadog.dogstatsd.enabled) .Values.global.metrics.datadog.enabled .Values.global.acls.manageSystemACLs) }}
             -create-dd-agent-token=true \
             {{- end }}
 

diff --git a/charts/consul/templates/server-config-configmap.yaml b/charts/consul/templates/server-config-configmap.yaml
@@ -30,7 +30,7 @@ data:
       {{- if .Values.server.logLevel }}
       "log_level": "{{ .Values.server.logLevel | upper }}",
       {{- end }}
-      "enable_debug": {{ .Values.global.metrics.enableConsulAgentDebug }},
+      "enable_debug": {{ .Values.server.enableAgentDebug }},
       "domain": "{{ .Values.global.domain }}",
       "limits": {
         "request_limits": {
@@ -194,10 +194,10 @@ data:
     {
       "telemetry": {
         "prometheus_retention_time": "{{ .Values.global.metrics.agentMetricsRetentionTime }}",
-        "disable_hostname": {{ .Values.global.metrics.disableAgentHostName }},{{ template "consul.metricsPrefixFiltering" . }}
-        "enable_host_metrics": {{ .Values.global.metrics.enableHostMetrics }}{{- if .Values.global.metrics.datadogIntegration.dogstatsd.enabled }},{{ template "consul.dogstatsdAaddressInfo" . }}
-        {{- if .Values.global.metrics.datadogIntegration.dogstatsd.enabled }}
-        "dogstatsd_tags": {{ .Values.global.metrics.datadogIntegration.dogstatsd.dogstatsdTags | toJson }}
+        "disable_hostname": {{ .Values.global.metrics.disableAgentHostName }},{{ template "consul.prefixFilter" . }}
+        "enable_host_metrics": {{ .Values.global.metrics.enableHostMetrics }}{{- if .Values.global.metrics.datadog.dogstatsd.enabled }},{{ template "consul.dogstatsdAaddressInfo" . }}
+        {{- if .Values.global.metrics.datadog.dogstatsd.enabled }}
+        "dogstatsd_tags": {{ .Values.global.metrics.datadog.dogstatsd.dogstatsdTags | toJson }}
         {{- end }}
         {{- end }}
       }