From fa73f62265f91c9d55685925f769a43afd870ba3 Mon Sep 17 00:00:00 2001
From: Guy Arbitman <guy20495@gmail.com>
Date: Mon, 3 Mar 2025 15:35:19 +0200
Subject: [PATCH] USM: Expose configuration options of USM (#1705)

* Update chart vesion and changelog

* usm: Add go-tls configuration

* usm: Add istio monitoring configuration

* usm: Add noejs monitoring configuration

* usm: Add native monitoring configuration

* usm: Add http monitoring configuration

* usm: Add http2/gRPC monitoring configuration

* Update charts/datadog/values.yaml

Co-authored-by: Celene <celene@datadoghq.com>

* Fixed wording

---------

Co-authored-by: Celene <celene@datadoghq.com>
---
 charts/datadog/CHANGELOG.md                   | 10 ++++++++
 charts/datadog/Chart.yaml                     |  2 +-
 charts/datadog/README.md                      |  8 ++++++-
 .../templates/system-probe-configmap.yaml     | 23 +++++++++++++++++++
 charts/datadog/values.yaml                    | 20 ++++++++++++++++
 5 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md
index 272b41178..cfc5b25b0 100644
--- a/charts/datadog/CHANGELOG.md
+++ b/charts/datadog/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Datadog changelog
 
+## 3.101.0
+
+* Add multiple Universal Service Monitoring configurations support.
+  * `datadog.serviceMonitoring.tls.go.enabled` to control Go TLS monitoring.
+  * `datadog.serviceMonitoring.tls.istio.enabled` to control Istio TLS monitoring.
+  * `datadog.serviceMonitoring.tls.nodejs.enabled` to control Node.js TLS monitoring.
+  * `datadog.serviceMonitoring.tls.native.enabled` to control native (openssl, libssl, gnutls) TLS monitoring.
+  * `datadog.serviceMonitoring.httpMonitoringEnabled` to control HTTP monitoring.
+  * `datadog.serviceMonitoring.http2MonitoringEnabled` to control HTTP/2 & gRPC monitoring.
+
 ## 3.100.0
 
 * Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1729000 or later).
diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml
index eefcb5779..8f46eac66 100644
--- a/charts/datadog/Chart.yaml
+++ b/charts/datadog/Chart.yaml
@@ -1,7 +1,7 @@
 ---
 apiVersion: v1
 name: datadog
-version: 3.100.0
+version: 3.101.0
 appVersion: "7"
 description: Datadog Agent
 keywords:
diff --git a/charts/datadog/README.md b/charts/datadog/README.md
index 5991225e6..361ab8753 100644
--- a/charts/datadog/README.md
+++ b/charts/datadog/README.md
@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.100.0](https://img.shields.io/badge/Version-3.100.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.101.0](https://img.shields.io/badge/Version-3.101.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -861,6 +861,12 @@ helm install <RELEASE_NAME> \
 | datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer |
 | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment |
 | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring |
+| datadog.serviceMonitoring.http2MonitoringEnabled | string | `nil` | Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the default setting in the datadog agent. |
+| datadog.serviceMonitoring.httpMonitoringEnabled | string | `nil` | Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the default setting in the datadog agent. |
+| datadog.serviceMonitoring.tls.go.enabled | bool | `nil` | Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. |
+| datadog.serviceMonitoring.tls.istio.enabled | bool | `nil` | Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the default setting in the datadog agent. |
+| datadog.serviceMonitoring.tls.native.enabled | bool | `nil` | Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. |
+| datadog.serviceMonitoring.tls.nodejs.enabled | bool | `nil` | Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the default setting in the datadog agent. |
 | datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) |
 | datadog.systemProbe.apparmor | string | `"unconfined"` | Specify a apparmor profile for system-probe |
 | datadog.systemProbe.bpfDebug | bool | `false` | Enable logging for kernel debug |
diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml
index e74f96f23..88471d801 100644
--- a/charts/datadog/templates/system-probe-configmap.yaml
+++ b/charts/datadog/templates/system-probe-configmap.yaml
@@ -43,6 +43,29 @@ data:
       conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }}
     service_monitoring_config:
       enabled: {{ $.Values.datadog.serviceMonitoring.enabled }}
+      {{- if not (eq .Values.datadog.serviceMonitoring.httpMonitoringEnabled nil) }}
+      enable_http_monitoring: {{ $.Values.datadog.serviceMonitoring.httpMonitoringEnabled }}
+      {{- end }}
+      {{- if not (eq .Values.datadog.serviceMonitoring.http2MonitoringEnabled nil) }}
+      enable_http2_monitoring: {{ $.Values.datadog.serviceMonitoring.http2MonitoringEnabled }}
+      {{- end }}
+      tls:
+        {{- if not (eq .Values.datadog.serviceMonitoring.tls.go.enabled nil) }}
+        go:
+          enabled: {{ $.Values.datadog.serviceMonitoring.tls.go.enabled }}
+        {{- end }}
+        {{- if not (eq .Values.datadog.serviceMonitoring.tls.istio.enabled nil) }}
+        istio:
+          enabled: {{ $.Values.datadog.serviceMonitoring.tls.istio.enabled }}
+        {{- end }}
+        {{- if not (eq .Values.datadog.serviceMonitoring.tls.nodejs.enabled nil) }}
+        nodejs:
+          enabled: {{ $.Values.datadog.serviceMonitoring.tls.nodejs.enabled }}
+        {{- end }}
+        {{- if not (eq .Values.datadog.serviceMonitoring.tls.native.enabled nil) }}
+        native:
+          enabled: {{ $.Values.datadog.serviceMonitoring.tls.native.enabled }}
+        {{- end }}
     {{- if not (eq .Values.datadog.discovery.enabled nil) }}
     discovery:
       enabled: {{ $.Values.datadog.discovery.enabled }}
diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml
index d91064db3..f58a5d45e 100644
--- a/charts/datadog/values.yaml
+++ b/charts/datadog/values.yaml
@@ -831,6 +831,26 @@ datadog:
     # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring
     enabled: false
 
+    # datadog.serviceMonitoring.httpMonitoringEnabled -- Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the default setting in the datadog agent.
+    httpMonitoringEnabled:
+
+    # datadog.serviceMonitoring.http2MonitoringEnabled -- Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the default setting in the datadog agent.
+    http2MonitoringEnabled:
+
+    tls:
+      go:
+        # datadog.serviceMonitoring.tls.go.enabled -- (bool) Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent.
+        enabled:
+      istio:
+        # datadog.serviceMonitoring.tls.istio.enabled -- (bool) Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the default setting in the datadog agent.
+        enabled:
+      nodejs:
+        # datadog.serviceMonitoring.tls.nodejs.enabled -- (bool) Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the default setting in the datadog agent.
+        enabled:
+      native:
+        # datadog.serviceMonitoring.tls.native.enabled -- (bool) Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent.
+        enabled:
+
   discovery:
     # datadog.discovery.enabled -- (bool) Enable Service Discovery
     enabled:  # false