Skip to content

Commit

Permalink
Add flag to opt out of product telemetry (#1605)
Browse files Browse the repository at this point in the history 
Problem: As a user of NGF
I want an easy option to opt out of recording and sending of all telemetry data
So that if I am not comfortable sending that information, I can still continue to use NGF

Solution: Added a new configurable flag that can disable telemetry. On by default. Also turns off any RBAC if not needed (for N+ usage or telemetry)
  • Loading branch information
@sjberman
sjberman authored Feb 22, 2024
1 parent a66255b commit 1dbe45a
Show file tree
Hide file tree
Showing 12 changed files with 128 additions and 85 deletions.
59 changes: 36 additions & 23 deletions cmd/gateway/commands.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,23 +44,24 @@ func createRootCommand() *cobra.Command {
func createStaticModeCommand() *cobra.Command {
// flag names
const (
gatewayFlag = "gateway"
configFlag = "config"
serviceFlag = "service"
updateGCStatusFlag = "update-gatewayclass-status"
metricsDisableFlag = "metrics-disable"
metricsSecureFlag = "metrics-secure-serving"
metricsPortFlag = "metrics-port"
healthDisableFlag = "health-disable"
healthPortFlag = "health-port"
leaderElectionDisableFlag = "leader-election-disable"
leaderElectionLockNameFlag = "leader-election-lock-name"
plusFlag = "nginx-plus"
gwAPIExperimentalFlag = "gateway-api-experimental-features"
usageReportSecretFlag = "usage-report-secret"
usageReportServerURLFlag = "usage-report-server-url"
usageReportSkipVerifyFlag = "usage-report-skip-verify"
usageReportClusterNameFlag = "usage-report-cluster-name"
gatewayFlag = "gateway"
configFlag = "config"
serviceFlag = "service"
updateGCStatusFlag = "update-gatewayclass-status"
metricsDisableFlag = "metrics-disable"
metricsSecureFlag = "metrics-secure-serving"
metricsPortFlag = "metrics-port"
healthDisableFlag = "health-disable"
healthPortFlag = "health-port"
leaderElectionDisableFlag = "leader-election-disable"
leaderElectionLockNameFlag = "leader-election-lock-name"
productTelemetryDisableFlag = "product-telemetry-disable"
plusFlag = "nginx-plus"
gwAPIExperimentalFlag = "gateway-api-experimental-features"
usageReportSecretFlag = "usage-report-secret"
usageReportServerURLFlag = "usage-report-server-url"
usageReportSkipVerifyFlag = "usage-report-skip-verify"
usageReportClusterNameFlag = "usage-report-cluster-name"
)

// flag values
Expand Down Expand Up @@ -101,6 +102,8 @@ func createStaticModeCommand() *cobra.Command {

gwExperimentalFeatures bool

disableProductTelemetry bool

plus bool
usageReportSkipVerify bool
usageReportClusterName = stringValidatingValue{
Expand Down Expand Up @@ -203,12 +206,15 @@ func createStaticModeCommand() *cobra.Command {
LockName: leaderElectionLockName.String(),
Identity: podName,
},
UsageReportConfig: usageReportConfig,
Plus: plus,
TelemetryReportPeriod: period,
Version: version,
ExperimentalFeatures: gwExperimentalFeatures,
ImageSource: imageSource,
UsageReportConfig: usageReportConfig,
ProductTelemetryConfig: config.ProductTelemetryConfig{
TelemetryReportPeriod: period,
Enabled: !disableProductTelemetry,
},
Plus: plus,
Version: version,
ExperimentalFeatures: gwExperimentalFeatures,
ImageSource: imageSource,
}

if err := static.StartManager(conf); err != nil {
Expand Down Expand Up @@ -315,6 +321,13 @@ func createStaticModeCommand() *cobra.Command {
"A Lease object with this name will be created in the same Namespace as the controller.",
)

cmd.Flags().BoolVar(
&disableProductTelemetry,
productTelemetryDisableFlag,
false,
"Disable the collection of product telemetry.",
)

cmd.Flags().BoolVar(
&plus,
plusFlag,
Expand Down
3 changes: 3 additions & 0 deletions deploy/helm-chart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,9 @@ The following tables lists the configurable parameters of the NGINX Gateway Fabr
| `nginxGateway.replicaCount` | The number of replicas of the NGINX Gateway Fabric Deployment. | 1 |
| `nginxGateway.leaderElection.enable` | Enable leader election. Leader election is used to avoid multiple replicas of the NGINX Gateway Fabric reporting the status of the Gateway API resources. | true |
| `nginxGateway.leaderElection.lockName` | The name of the leader election lock. A Lease object with this name will be created in the same Namespace as the controller. | Autogenerated |
| `nginxGateway.securityContext.allowPrivilegeEscalation` | Some environments may need this set to true in order for the control plane to successfully reload NGINX. | false |
| `nginxGateway.productTelemetry.enable` | Enable the collection of product telemetry. | true |
| `nginxGateway.gwAPIExperimentalFeatures.enable` | Enable the experimental features of Gateway API which are supported by NGINX Gateway Fabric. Requires the Gateway APIs installed from the experimental channel. | false |
| `nginx.image.repository` | The repository for the NGINX image. | ghcr.io/nginxinc/nginx-gateway-fabric/nginx |
| `nginx.image.tag` | The tag for the NGINX image. | edge |
| `nginx.image.pullPolicy` | The `imagePullPolicy` for the NGINX image. | Always |
Expand Down
3 changes: 3 additions & 0 deletions deploy/helm-chart/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ spec:
{{- else }}
- --leader-election-disable
{{- end }}
{{- if not .Values.nginxGateway.productTelemetry.enable }}
- --product-telemetry-disable
{{- end }}
{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }}
- --gateway-api-experimental-features
{{- end }}
Expand Down
27 changes: 18 additions & 9 deletions deploy/helm-chart/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,34 +39,43 @@ rules:
- get
- list
- watch
# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
{{- if .Values.nginxGateway.productTelemetry.enable }}
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
{{- end }}
{{- if .Values.nginx.plus }}
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
{{- end }}
{{- if or .Values.nginxGateway.productTelemetry.enable .Values.nginx.plus }}
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
{{- end }}
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- apiGroups:
- discovery.k8s.io
resources:
Expand Down
4 changes: 4 additions & 0 deletions deploy/helm-chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ nginxGateway:
## Some environments may need this set to true in order for the control plane to successfully reload NGINX.
allowPrivilegeEscalation: false

productTelemetry:
## Enable the collection of product telemetry.
enable: true

## The lifecycle of the nginx-gateway container.
lifecycle: {}

Expand Down
15 changes: 6 additions & 9 deletions deploy/manifests/nginx-gateway-experimental.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,18 @@ rules:
- get
- list
- watch
# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- ""
resources:
Expand All @@ -58,13 +62,6 @@ rules:
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- apiGroups:
- discovery.k8s.io
resources:
Expand Down
15 changes: 6 additions & 9 deletions deploy/manifests/nginx-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,18 @@ rules:
- get
- list
- watch
# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- ""
resources:
Expand All @@ -57,13 +61,6 @@ rules:
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- apiGroups:
- discovery.k8s.io
resources:
Expand Down
21 changes: 12 additions & 9 deletions deploy/manifests/nginx-plus-gateway-experimental.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,24 @@ rules:
- get
- list
- watch
# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
Expand All @@ -58,13 +68,6 @@ rules:
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- apiGroups:
- discovery.k8s.io
resources:
Expand Down
21 changes: 12 additions & 9 deletions deploy/manifests/nginx-plus-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,24 @@ rules:
- get
- list
- watch
# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
Expand All @@ -57,13 +67,6 @@ rules:
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- apiGroups:
- discovery.k8s.io
resources:
Expand Down
12 changes: 10 additions & 2 deletions internal/mode/static/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ type Config struct {
MetricsConfig MetricsConfig
// HealthConfig specifies the health probe config.
HealthConfig HealthConfig
// TelemetryReportPeriod is the period at which telemetry reports are sent.
TelemetryReportPeriod time.Duration
// ProductTelemetryConfig contains the configuration for collecting product telemetry.
ProductTelemetryConfig ProductTelemetryConfig
// UpdateGatewayClassStatus enables updating the status of the GatewayClass resource.
UpdateGatewayClassStatus bool
// Plus indicates whether NGINX Plus is being used.
Expand Down Expand Up @@ -86,6 +86,14 @@ type LeaderElectionConfig struct {
Enabled bool
}

// ProductTelemetryConfig contains the configuration for collecting product telemetry.
type ProductTelemetryConfig struct {
// TelemetryReportPeriod is the period at which telemetry reports are sent.
TelemetryReportPeriod time.Duration
// Enabled is the flag for toggling the collection of product telemetry.
Enabled bool
}

// UsageReportConfig contains the configuration for NGINX Plus usage reporting.
type UsageReportConfig struct {
// SecretNsName is the namespaced name of the Secret containing the server credentials.
Expand Down
Loading

0 comments on commit 1dbe45a

Please sign in to comment.