datadog-agent
datadog-agent copied to clipboard
DataDog
feat(gitlab): Enable retry on failures while fetching secrets
What does this PR do?
Alternative to #29087 Change the way we store secrets in script. Instead of
export VAR=$(fetch_secret)
use
VAR=$(fetch secret) || exit $?; export VAR
To be able to use the retry:exit_codes feature from gitlab, we need to throw the error in gitlab configuration. As a consequence, we need to split assignation and export (cf this shell check), otherwise the return value of fetch_secret would be ignored
Motivation
Prevent the failures when emissary container is down before the job starts.
Possible Drawbacks / Trade-offs
Contrary to the solution proposed on #29087, with this implementation we cannot do:
VAR=$(fetch_secret) run_command_needing_VAR
And in some cases (regression_detector) we added more storage on variables because it's not possible to do
$(fetch_secret) | use_secret_from_stdin
neither. However we leverage the PIPESTATUS array to send password on stdin when possible (docker).
While the above is the recommended way we can see in #29087 it adds complexity to the gitlab configuration and impacts readability.
Describe how to test/QA your changes
Pipeline is successful
Regression Detector
Regression Detector Results
Run ID: 651d318e-d213-4eec-870b-b15f41039d2b Metrics dashboard Target profiles
Baseline: edc716fac20474b7ee0a0db327eeb1cc9babe0bc Comparison: cb885432edcbd9a9b5583c0e35257fd6b2677426
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
No significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | pycheck_lots_of_tags | % cpu utilization | +0.37 | [-2.25, +2.99] | 1 | Logs |
| ➖ | otel_to_otel_logs | ingress throughput | +0.36 | [-0.48, +1.19] | 1 | Logs |
| ➖ | idle | memory utilization | +0.14 | [+0.10, +0.19] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.00 | [-0.06, +0.07] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.00 | [-0.00, +0.00] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.01, +0.01] | 1 | Logs |
| ➖ | basic_py_check | % cpu utilization | -0.24 | [-3.04, +2.56] | 1 | Logs |
| ➖ | file_tree | memory utilization | -0.59 | [-0.70, -0.48] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -1.03 | [-1.79, -0.27] | 1 | Logs |
Bounds Checks
| perf | experiment | bounds_check_name | replicates_passed |
|---|---|---|---|
| ❌ | idle | memory_usage | 9/10 |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
Gitlab CI Configuration Changes
Updated: .gitlab-ci.yml
:warning: Diff too large to display on Github
Changes Summary
| Removed | Modified | Added | Renamed |
|---|---|---|---|
| 0 | 341 | 0 | 0 |
Updated: .gitlab/deploy_containers/deploy_containers_a7.yml
:warning: Diff too large to display on Github
Changes Summary
| Removed | Modified | Added | Renamed |
|---|---|---|---|
| 0 | 14 | 0 | 0 |
:information_source: Diff available in the job log.
I just noticed that we are missing adding exit_codes: 42 to the KMT retry logic too, as it's different from the default one.
:steam_locomotive: MergeQueue: pull request added to the queue
The median merge time in main is 23m.
Use /merge -c to cancel this operation!