discovery: Import sd-agent#44881
Merged
dd-mergequeue[bot] merged 24 commits intomainfrom Jan 15, 2026
Merged
Conversation
In CI, enable rustfmt and clippy checks for Rust targets during the build phase.
vitkyrka
added
changelog/no-changelog
Contributor
Static quality checks✅ Please find below the results from static quality gates 31 successful checks with minimal change (< 2 KiB)
On-wire sizes (compressed)
|
In CI, enable rustfmt and clippy checks for Rust targets during the build phase. This ensures that the rules are enforced by CI while still allowing developers to temporarily ignore them locally during development.
Conflicts: MODULE.bazel MODULE.bazel.lock
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: adbf998 Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | -3.50 | [-6.42, -0.59] | 1 | Logs |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | quality_gate_metrics_logs | memory utilization | +1.64 | [+1.42, +1.85] | 1 | Logs bounds checks dashboard |
| ➖ | ddot_metrics_sum_cumulativetodelta_exporter | memory utilization | +0.37 | [+0.14, +0.60] | 1 | Logs |
| ➖ | file_tree | memory utilization | +0.36 | [+0.30, +0.41] | 1 | Logs |
| ➖ | uds_dogstatsd_20mb_12k_contexts_20_senders | memory utilization | +0.25 | [+0.19, +0.30] | 1 | Logs |
| ➖ | ddot_metrics_sum_delta | memory utilization | +0.16 | [-0.05, +0.37] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | +0.07 | [-0.43, +0.57] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | +0.04 | [-0.35, +0.42] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | +0.03 | [-0.39, +0.46] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | +0.01 | [-0.03, +0.06] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_v3 | ingress throughput | -0.00 | [-0.13, +0.12] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.01 | [-0.13, +0.12] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.01 | [-0.10, +0.08] | 1 | Logs |
| ➖ | quality_gate_idle_all_features | memory utilization | -0.07 | [-0.11, -0.04] | 1 | Logs bounds checks dashboard |
| ➖ | docker_containers_memory | memory utilization | -0.11 | [-0.18, -0.04] | 1 | Logs |
| ➖ | quality_gate_idle | memory utilization | -0.16 | [-0.21, -0.11] | 1 | Logs bounds checks dashboard |
| ➖ | ddot_metrics_sum_cumulative | memory utilization | -0.26 | [-0.43, -0.10] | 1 | Logs |
| ➖ | quality_gate_logs | % cpu utilization | -0.30 | [-1.76, +1.17] | 1 | Logs bounds checks dashboard |
| ➖ | otlp_ingest_logs | memory utilization | -0.32 | [-0.40, -0.23] | 1 | Logs |
| ➖ | ddot_logs | memory utilization | -0.42 | [-0.49, -0.36] | 1 | Logs |
| ➖ | ddot_metrics | memory utilization | -0.43 | [-0.65, -0.21] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | -0.45 | [-0.52, -0.38] | 1 | Logs |
| ➖ | otlp_ingest_metrics | memory utilization | -0.62 | [-0.77, -0.48] | 1 | Logs |
| ➖ | docker_containers_cpu | % cpu utilization | -3.50 | [-6.42, -0.59] | 1 | Logs |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | links |
|---|---|---|---|---|
| ✅ | docker_containers_cpu | simple_check_run | 10/10 | |
| ✅ | docker_containers_memory | memory_usage | 10/10 | |
| ✅ | docker_containers_memory | simple_check_run | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | lost_bytes | 10/10 | |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 | |
| ✅ | quality_gate_idle | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | lost_bytes | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_logs | memory_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | cpu_usage | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | intake_connections | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | lost_bytes | 10/10 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | memory_usage | 10/10 | bounds checks dashboard |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
Replicate Execution Details
We run multiple replicates for each experiment/variant. However, we allow replicates to be automatically retried if there are any failures, up to 8 times, at which point the replicate is marked dead and we are unable to run analysis for the entire experiment. We call each of these attempts at running replicates a replicate execution. This section lists all replicate executions that failed due to the target crashing or being oom killed.
Note: In the below tables we bucket failures by experiment, variant, and failure type. For each of these buckets we list out the replicate indexes that failed with an annotation signifying how many times said replicate failed with the given failure mode. In the below example the baseline variant of the experiment named experiment_with_failures had two replicates that failed by oom kills. Replicate 0, which failed 8 executions, and replicate 1 which failed 6 executions, all with the same failure mode.
| Experiment | Variant | Replicates | Failure | Logs | Debug Dashboard |
|---|---|---|---|---|---|
| experiment_with_failures | baseline | 0 (x8) 1 (x6) | Oom killed | Debug Dashboard |
The debug dashboard links will take you to a debugging dashboard specifically designed to investigate replicate execution failures.
❌ Retried Profiling Replicate Execution Failures (target internal profiling)
Note: Profiling replicas may still be executing. See the debug dashboard for up to date status.
| Experiment | Variant | Replicates | Failure | Debug Dashboard |
|---|---|---|---|---|
| quality_gate_idle_all_features | baseline | 11 (x4) | Oom killed | Debug Dashboard |
| quality_gate_idle_all_features | comparison | 11 (x4) | Oom killed | Debug Dashboard |
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
Conflicts: MODULE.bazel MODULE.bazel.lock pkg/discovery/module/impl_linux_test.go pkg/discovery/module/rust/.gitignore pkg/discovery/module/rust/BUILD.bazel pkg/discovery/module/rust/Cargo.toml pkg/discovery/module/rust/src/main.rs
github-actions
bot
added
component/system-probe
long review
Contributor
Author
OK, I have removed these files and some others. |
aiuto
approved these changes
Jan 14, 2026
Contributor
aiuto
left a comment
aiuto
left a comment
There was a problem hiding this comment.
Glad to have you on board!
Yumasi
approved these changes
Jan 15, 2026
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
Build pipeline has failing jobs for 81e8274: What to do next?
DetailsSince those jobs are not marked as being allowed to fail, the pipeline will most likely fail. |
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
Build pipeline has failing jobs for 94f2dda: What to do next?
DetailsSince those jobs are not marked as being allowed to fail, the pipeline will most likely fail. |
Contributor
eBPF complexity changesSummary result: 🎉 - improved
runtime_security detailsruntime_security [programs with changes]
runtime_security [programs without changes]
runtime_security_fentry detailsruntime_security_fentry [programs with changes]
runtime_security_fentry [programs without changes]
runtime_security_syscall_wrapper detailsruntime_security_syscall_wrapper [programs with changes]
runtime_security_syscall_wrapper [programs without changes]
This report was generated based on the complexity data for the current branch vitkyrka/sd-agent (pipeline 90869343, commit 1dc6904) and the base branch main (commit 73a9d17). Objects without changes are not reported. Contact #ebpf-platform if you have any questions/feedback. Table complexity legend: 🔵 - new; ⚪ - unchanged; 🟢 - reduced; 🔴 - increased |
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
Build pipeline has failing jobs for 0c9b07c: What to do next?
DetailsSince those jobs are not marked as being allowed to fail, the pipeline will most likely fail. |
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
Gitlab pipeline didn't start... Please retry. you can get help from #ci-infra-support Error: gitlab pipeline not started |
Contributor
Author
|
/remove |
|
View all feedbacks in Devflow UI.
This merge request was already processed and can't be unqueued anymore. To get help about command usage, write If you need support, contact us on Slack #devflow with those details! |
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
|
theomagellan
pushed a commit
that referenced
this pull request
Jan 19, 2026
### What does this PR do? Import the Rust code for the privileged discovery agent and hook it up to the system-probe build/test system, replacing the sample binary which was added previously in #44635. This binary is not currently shipped. The contents of pkg/discovery/module/rust are taken from https://github.com/DataDog/sd-agent/commit/d1255b66edd221f07f7fa30b6372d310c9e97a1a. No modifications have been done in this PR except removing these files which are now unnecessary/unused: ``` delete mode 100644 pkg/discovery/module/rust/.bazelignore delete mode 100644 pkg/discovery/module/rust/.bazelrc delete mode 100644 pkg/discovery/module/rust/.bazelversion delete mode 100644 pkg/discovery/module/rust/.gitattributes delete mode 100644 pkg/discovery/module/rust/.github/CODEOWNERS delete mode 100644 pkg/discovery/module/rust/.github/chainguard/self.gitlab.read.sts.yaml delete mode 100644 pkg/discovery/module/rust/.github/workflows/bazel-ci.yaml delete mode 100644 pkg/discovery/module/rust/.github/workflows/ci.yaml delete mode 100644 pkg/discovery/module/rust/.github/workflows/release.yaml delete mode 100644 pkg/discovery/module/rust/.gitignore delete mode 100644 pkg/discovery/module/rust/MODULE.bazel delete mode 100644 pkg/discovery/module/rust/MODULE.bazel.lock ``` Any comments on the code itself will preferably be addressed in follow-up PRs, to keep the import clean. Note also that there is also future work needed to ensure that the resulting binary is built with the exact size optimization options, by applying the build options from the Cargo.toml (or the removed .bazelrc) to a more suitable place. This is also postponed to a later point since the binary is not being shipped yet. ### Motivation https://datadoghq.atlassian.net/browse/DSCVR-313 ### Describe how you validated your changes CI. ### Additional Notes For the handling of external crates (dependencies), I've added them via `crate_universe`'s [direct dependencies](https://bazelbuild.github.io/rules_rust/crate_universe_bzlmod.html#direct-dependencies). The alternative would have been to point to a Cargo.toml. Pointing to pkg/discovery/module/rust's from the main MODULE.bazel didn't seem correct, and adding a top-level Cargo.toml didn't seem like the way to go since we'll only be supporting Bazel for (top-level) builds. The organization of the crates.MODULE.bazel file will likely have to be revisited in the future if we get different Rust packages with conflicting requirements for crate features or versions. Co-authored-by: vincent.whitchurch <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Import the Rust code for the privileged discovery agent and hook it up to the
system-probe build/test system, replacing the sample binary which was added
previously in #44635.
This binary is not currently shipped.
The contents of pkg/discovery/module/rust are taken from https://github.com/DataDog/sd-agent/commit/d1255b66edd221f07f7fa30b6372d310c9e97a1a.
No modifications have been done in this PR except removing these files which
are now unnecessary/unused:
Any comments on the code itself will preferably be addressed in follow-up PRs,
to keep the import clean.
Note also that there is also future work needed to ensure that the resulting
binary is built with the exact size optimization options, by applying the
build options from the Cargo.toml (or the removed .bazelrc) to a more suitable
place. This is also postponed to a later point since the binary is not being
shipped yet.
Motivation
https://datadoghq.atlassian.net/browse/DSCVR-313
Describe how you validated your changes
CI.
Additional Notes
For the handling of external crates (dependencies), I've added them via
crate_universe's direct dependencies.The alternative would have been to point to a Cargo.toml. Pointing to
pkg/discovery/module/rust's from the main MODULE.bazel didn't seem correct, and
adding a top-level Cargo.toml didn't seem like the way to go since we'll only
be supporting Bazel for (top-level) builds. The organization of the
crates.MODULE.bazel file will likely have to be revisited in the future if we
get different Rust packages with conflicting requirements for crate features or
versions.