- 17 Jul 2024
- 8 Minutes to read
- Print
- PDF
Helm and terraform values
- Updated on 17 Jul 2024
- 8 Minutes to read
- Print
- PDF
The following tables summarize the different Helm and Terraform values and their description.
Administration
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| - | API token that is used to communicate with Traceable's SaaS platform. |
|
| - | Defines the path to the refresh token (in the container). |
|
| - | The environment in which the platform agent is being installed. For example, production, development, and QA. |
|
| api.traceable.ai | Traceable’s Platform endpoint. |
|
| traceable-agent-service-account | Defines the Traceable agent pod service account name |
|
|
| Defines the log level of Traceable Platform agent logs. Set it to |
|
|
| Defines the log level of Traceable’s internal library. The default value is INFO. Different logging levels are:
|
Resources
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| 1 | Platform agent max CPU |
|
| 2Gi | Platform agent max memory |
|
| 200m | Platform agent requested CPU |
|
| 400Mi | Platform agent requested memory |
|
| 2048 | Limits the number of a file's first bytes that are captured for multipart/form-data content type |
Ports
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| 5441 | gRPC server port for Traceable Platform agent APIs |
|
| 5442 | HTTP server port for Traceable Platform agent APIs |
|
| 5443 | TLS endpoint port for Traceable Platform agent APIs |
|
| 4317 | Configure the OTLP gRPC receiver port. |
|
| 4318 | Configure the OTLP HTTP receiver port. |
Image credentials
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| docker.io | Docker images registry |
|
| traceableai | Docker images registry suffix or path to Traceable’s images |
|
| - | Docker registry username |
|
| - | Docker registry password |
|
| traceable-agent | Traceable Platform agent image name. Use this option to override the default name. |
|
| - | Traceable Platform agent’s version number. Use this option if you wish to use a version different from the released version. |
|
| The custom image pull secret name. Make sure that it exists in the same namespace that traceable-agent deployment runs. |
Autoscaling
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| 1 | Defines the minimum number of traceable-agent replicas. |
|
| 1 | Defines the maximum number of traceable-agent replicas. |
|
| 80 | Target memory utilization. |
|
| 80 | Target CPU utilization. |
|
| true | Enable Kubernetes horizontal pod autoscaling. |
Label and annotations
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| - | List of labels to add to the deployment. |
|
| - | Labels to be added to all Traceable resources. |
|
|
| Additional annotations for Traceable Platform agent and eBPF deployment. |
|
| - | Annotations to be added to all Traceable resources. |
Security policy and token
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
|
| Set it to |
|
| - | Configuring this field allows you to provide the secret before installation instead of specifying the token as a value. The name is the secret name. |
|
| false | Set to true when end-to-end TLS is required for all ports. All traffic must be directed to |
| - | Additional certificate alternative names that are added to the auto-generated certificate. | |
|
| - |
|
|
| Platform CA bundle, which is base64 encoded. | |
|
| Platform CA as a secret in the same namespace, Traceable Platform agent deployment. | |
|
| Platform CA key name within the secret. | |
|
| Platform CA as a file injected into the Traceable Platform agent container. Make sure that this is the absolute path to the file. | |
|
| ClusterIP | Defines the service type of the Platform agent. Supported values are:
|
|
| - | This setting allows you to specify the name of a Kubernetes secret that contains the TLS private certificates. The secret must be located in the same namespace as your Traceable deployment. |
|
| - | Value for specifying the filename of the root CA certificate. Both reference the root CA certificate file, which must be a key in the Kubernetes secret containing your TLS private certificates. |
|
| - | Value for specifying the filename of the certificate. Both reference the certificate file, which must be a key in the Kubernetes secret containing your TLS private certificates. |
|
| Value for specifying the filename of the private key. Both reference the private key file, which must be a key in the Kubernetes secret containing your TLS private certificates. |
Ingress
Helm Values | Terraform Variable | Default Value | Description |
---|---|---|---|
|
|
| Enables an ingress controller for the platform agent when true |
|
| - | The domain name of the Ingress controller |
|
| - | Ingress controller annotations for the HTTP services |
|
| - | Ingress controller annotations for the GRPC services |
Collector
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
| 200ms | The time duration after which a batch is sent to the Traceable platform regardless of size. |
|
| 8192 | The number of spans after which a batch is sent to the Traceable platform, regardless of the timeout. |
|
| 10000 | Defines the upper limit of the batch size. |
|
|
| Set to |
|
|
| Set to |
|
|
| Set to |
|
|
| Set to |
|
|
| Compression format used to send data to the Traceable platform. An empty value denotes no compression. |
|
| 16 | Maximum message size is allowed to be sent to the OTLP receiver. |
|
| 1m | Maximum connection age to the OTLP receiver. It can be expressed as a duration string, for example 120s = 120 seconds, 120m = 120 minutes, 2h = 2 hours |
Injector
Helm Value | Terraform Variable | Default Value | Description |
---|---|---|---|
|
|
| List of propagation formats used by the injected Java agent. The supported values are |
|
|
| List of content types that the injected proxy captures. This is a substring match. |
|
|
| Defines the iptables interception mode. The supported values are |
|
|
| Use this to configure the trace reporting format from OTLP or ZIPKIN. |
|
|
| Enables mutatingwebhook injector service. Set to |
|
|
| Enable blocking for injected containers. |
|
|
| Enable region blocking for injected containers. |
|
|
| Enable body evaluation for injected containers. |
|
| 60 | Connection keep-alive time, in seconds, for injected |
|
|
| Disable keep-alive entirely for the injected |
eBPF
Helm value | Terraform value | Default value | Description |
---|---|---|---|
|
|
| Enables the data capture mode using eBPF. |
|
|
| Enables HTTP 2 data capture in eBPF tracer. |
|
|
| Configure the trace reporter. Possible values are OTLP or ZIPKIN. |
|
|
| You can use this configuration to name services using Kubernetes labels assigned to the instrumented application.
|
|
|
| Sets the container memory limit for the eBPF tracer binary. Set the value to |
|
|
| Set node affinity for the eBPF pods. Example:
In this example, daemonSet is scheduled on all nodes, which has a label with key You can use the If you specify multiple expressions in a single If you specify multiple Consider the following
In this example, daemonSet is scheduled on all nodes which satisfy the following rule:
|
|
| info | Defines the eBPF log level. Allowed values are trace, debug, info, warn, and error. |
|
|
| Run the eBPF container in privileged mode. |
|
| 1 | |
|
|
| Deploy the eBPF tracer on the Kubernetes master node as well. It is usually deployed as a daemonset to the other non-master nodes. |
|
|
| Tolerations are configured on a pod to schedule on nodes with the corresponding taints. Set the tolerations here for the eBPF pod. |
|
|
| Node selectors for nodes you want to deploy the eBPF tracer on, that is, if you do not wish to deploy the tracer daemonset on all nodes. |
|
|
| Capture and export eBPF metrics to the Traceable platform. |
|
|
| Comma-separated values to exclude processes from capturing. |
|
|
| Configure these rules to exclude process from uprobe attach. |
|
| 1.14.1(changes as updates are made. Check the traceable-agent repo for updates). | eBPF tracer image version. |
|
| ebpf-tracer | eBPF tracer image name. |
|
|
| Log encoding. |
|
|
| Error output path. |
|
|
| Defines the download path to eBPF BTF. |
|
|
| Defines the eBPF pod service account name. |
|
| 50000 | Configure the eBPF probe event queue size. |
|
| 1000 | Process requests per second limit handled by the eBPF tracer. |
|
| 10000 | Configure the maximum number of connections tracked in the eBPF tracer. |
|
|
| Enable seLinuxOptions in eBPF pod securityContext (Configure a Security Context for a Pod or Container). |
|
|
| Configure the seLinuxOptions role. |
|
|
| Configure the seLinuxOptions type. |
|
|
| Configure the seLinuxOptions user. |
|
| Enable Openshift’s SecurityContextConstraints on eBPF. | |
|
| Openshift SCC allowPrivilegeEscalation configuration | |
|
| Openshift SCC allowHostDirVolumePlugin configuration | |
|
| Openshift SCC allowHostDirVolumePlugin configuration | |
|
| Openshift SCC allowHostIPC configuration | |
|
| Openshift SCC allowHostNetwork configuration | |
|
| Openshift SCC allowHostPorts configuration | |
|
| Openshift SCC readOnlyRootFilesystem configuration | |
ebpfOpenshiftSccConfig.requiredDropCapabilities |
| Openshift SCC requiredDropCapabilities configuration | |
|
|
| Enable default rate limit configuration in the eBPF tracer to be used for sampling. |
|
| 0 | The total number of requests to be rate-limited in a given time window. |
|
| 0 | The number of requests per endpoint to be rate-limited in a given time window. |
|
| 1m | Interval for rate limiter buckets to be reset Accepted values are in the form of 1s, 2m, 3h. The Default value is 1m. |
|
| 168h | Interval for rate limiter cache to be reset Accepted values are in the form of 1s, 2m, 3h. The Default value is 168h |
|
|
| Span type for rate-limited spans. |
Proxy
Helm value | Terraform value | Default value | Description |
---|---|---|---|
|
| - | Value of |
|
| - | Value of |
|
| - | Set this environment variable to exclude comma-separated IP addresses and hosts from being routed through an HTTP or HTTPS proxy. |
|
|
| Enable HTTP reverse proxy in traceable-agent. When enabled, you can use the HTTP server port, which defaults to 5442, to send all requests to the traceable-agent. |
Miscellaneous
Helm value | Terraform value | Default value | Description |
---|---|---|---|
|
| 131072 | Defines the maximum body size in bytes to capture. This applies to both ext_cap and injected containers. |
|
|
| Enable body evaluation during blocking evaluation. |
|
|
| Enable blocking for agents that use ext_cap. |
|
|
| Enable region blocking for agents that use ext_cap. |
|
|
| Set to |
|
|
| Enables agent manager to manage Traceable Platform agent’s configuration. Set it to |
|
|
| Enables external capture. Set it to false when external capture via Traceable Platform agent is not required. |
|
|
| List of content types captured for Traceable Module Extension (TME) based agents. |
|
|
| Additional annotations for Traceable Platform agent and eBPF deployment. |
|
| - | tolerations are configured on a pod to schedule it on nodes with the corresponding taints. For more information on Tolerations and taints, see Taints and Tolerations. |
|
| Enable Openshift’s SecurityContextConstraints on traceable-agent. |