datadog-agent
datadog-agent copied to clipboard
DataDog
[CONTINT-3893] add mutation_type tag in telemetry of admission controller
What does this PR do?
This PR adds mutation_type tag on the admission_webhooks.response_duration and admission_webhooks.webhooks_received telemetry emitted by the cluster agent admission controller..
Motivation
Be able to filter/partition these two metrics by mutation_type.
Additional Notes
Possible Drawbacks / Trade-offs
- Changing the webhook name in the future will not be backward compatible (breaking change), but this should be ok as the webhook name is not useful directly in the code.
Describe how to test/QA your changes
Deploy the cluster agent with at least one activated webhook and ensure that the mutation_type tag is added on the admission_webhooks.response_duration and admission_webhooks.webhooks_received, and ensure the existing telemetry for admission controller are still correct.
Here is an example that uses auto instrumentation webhook to test this:
- Deploy using the following helm:
datadog:
apiKeyExistingSecret: datadog-secret
appKeyExistingSecret: datadog-secret
kubelet:
tlsVerify: false
apm:
instrumentation:
enabled: true
clusterAgent:
enabled: true
admissionController:
enabled: true
mutateUnlabelled: true
-
Create any pod.
-
Check the cluster agent telemetry with:
kubectl exec datadog-agent-cluster-agent-5b8bc85cd8-4w7cp -- datadog-cluster-agent telemetry
- Verify the
mutation_webhooktag is added as expected:
# HELP admission_webhooks_certificate_expiry Time left before the certificate expires in hours.
# TYPE admission_webhooks_certificate_expiry gauge
admission_webhooks_certificate_expiry 8759.067823719859
# HELP admission_webhooks_mutation_attempts Number of pod mutation attempts by mutation type (agent config, standard tags, lib injection).
# TYPE admission_webhooks_mutation_attempts gauge
admission_webhooks_mutation_attempts{auto_detected="",injected="false",language="",mutation_type="agent_config"} 1
admission_webhooks_mutation_attempts{auto_detected="",injected="false",language="",mutation_type="standard_tags"} 2
admission_webhooks_mutation_attempts{auto_detected="",injected="true",language="",mutation_type="agent_config"} 1
# HELP admission_webhooks_reconcile_errors Number of reconcile errors per controller.
# TYPE admission_webhooks_reconcile_errors gauge
admission_webhooks_reconcile_errors{controller="webhooks"} 1
# HELP admission_webhooks_reconcile_success Number of reconcile success per controller.
# TYPE admission_webhooks_reconcile_success gauge
admission_webhooks_reconcile_success{controller="secrets"} 2
admission_webhooks_reconcile_success{controller="webhooks"} 3
# HELP admission_webhooks_response_duration Webhook response duration distribution (in seconds).
# TYPE admission_webhooks_response_duration histogram
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.005"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.01"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.025"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.05"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.1"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.25"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="0.5"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="1"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="2.5"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="5"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="10"} 2
admission_webhooks_response_duration_bucket{mutation_type="agent_config",le="+Inf"} 2
admission_webhooks_response_duration_sum{mutation_type="agent_config"} 0.0037749999999999997
admission_webhooks_response_duration_count{mutation_type="agent_config"} 2
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.005"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.01"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.025"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.05"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.1"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.25"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="0.5"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="1"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="2.5"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="5"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="10"} 1
admission_webhooks_response_duration_bucket{mutation_type="lib_injection",le="+Inf"} 1
admission_webhooks_response_duration_sum{mutation_type="lib_injection"} 0.001010958
admission_webhooks_response_duration_count{mutation_type="lib_injection"} 1
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.005"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.01"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.025"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.05"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.1"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.25"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="0.5"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="1"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="2.5"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="5"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="10"} 2
admission_webhooks_response_duration_bucket{mutation_type="standard_tags",le="+Inf"} 2
admission_webhooks_response_duration_sum{mutation_type="standard_tags"} 0.001559042
admission_webhooks_response_duration_count{mutation_type="standard_tags"} 2
# HELP admission_webhooks_webhooks_received Number of mutation webhook requests received.
# TYPE admission_webhooks_webhooks_received counter
admission_webhooks_webhooks_received{mutation_type="agent_config"} 2
admission_webhooks_webhooks_received{mutation_type="lib_injection"} 1
admission_webhooks_webhooks_received{mutation_type="standard_tags"} 2
Bloop Bleep... Dogbot Here
Regression Detector Results
Run ID: 488b5933-9923-4085-974d-9e42d9cefed0 Baseline: c4245acff2a1fb490ac262c5415f18bb83d443df Comparison: 2d060f0f7c95bac82af4d08051ab502373368836
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
No significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
Experiments ignored for regressions
Regressions in experiments with settings containing erratic: true are ignored.
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | file_to_blackhole | % cpu utilization | +0.83 | [-5.79, +7.46] |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI |
|---|---|---|---|---|
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | +1.01 | [-1.91, +3.94] |
| ➖ | file_to_blackhole | % cpu utilization | +0.83 | [-5.79, +7.46] |
| ➖ | idle | memory utilization | +0.34 | [+0.29, +0.38] |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.22 | [+0.11, +0.32] |
| ➖ | trace_agent_json | ingress throughput | +0.02 | [-0.01, +0.05] |
| ➖ | trace_agent_msgpack | ingress throughput | -0.00 | [-0.00, +0.00] |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.00 | [-0.21, +0.20] |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.00, +0.00] |
| ➖ | process_agent_standard_check | memory utilization | -0.15 | [-0.18, -0.11] |
| ➖ | pycheck_1000_100byte_tags | % cpu utilization | -0.16 | [-5.36, +5.04] |
| ➖ | otel_to_otel_logs | ingress throughput | -0.38 | [-0.80, +0.04] |
| ➖ | process_agent_standard_check_with_stats | memory utilization | -0.48 | [-0.52, -0.44] |
| ➖ | file_tree | memory utilization | -1.12 | [-1.20, -1.05] |
| ➖ | basic_py_check | % cpu utilization | -1.28 | [-3.62, +1.06] |
| ➖ | process_agent_real_time_mode | memory utilization | -1.41 | [-1.45, -1.36] |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
:steam_locomotive: MergeQueue
Pull request added to the queue.
This build is next! (estimated merge in less than 27m)
Use /merge -c to cancel this operation!