Skip to content

[CONTP-1014] feat: Add UST docker labels to all container definitions #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Nov 4, 2025
Merged

[CONTP-1014] feat: Add UST docker labels to all container definitions #48

merged 10 commits into from
Nov 4, 2025
+169 −22

Conversation

@Mathew-Estafanous
Copy link
Contributor

@Mathew-Estafanous Mathew-Estafanous commented Oct 27, 2025
edited
Loading

What does this PR do?

Adds UST docker labels to all app container definitions excluding agent containers.

configuration to docker label mapping:

  • dd_env -> com.datadoghq.tags.env
  • dd_service -> com.datadoghq.tags.service
  • dd_version -> com.datadoghq.tags.version

Exposes configurable docker labels on agent containers through dd_docker_labels.

Motivation

ecs.fargate.cpu.limit and similar metrics don't have service/env/version tags despite setting UST env vars on all container environments. That's because UST tags cannot be created based on environment variables when deploying on ECS Fargate.

Adding UST docker labels fixes this such that metrics and logs are properly tagged with service/env/version.

Describe how you validated your changes

  • Added ust docker label tests ust_docker_labels_test.go.

Manual Testing

  1. Terraform apply with dd_service/dd_version/dd_env setup.
module "datadog_ecs_fargate_task" {
  source = "../../modules/ecs_fargate"

  # Configure Datadog
  dd_api_key                       = var.dd_api_key
  dd_site                          = var.dd_site
  dd_tags                          = "team:cont-p, owner:container-monitoring"
  dd_essential                     = true
  dd_is_datadog_dependency_enabled = true

  dd_service = "test-service"
  dd_env     = "test"
  dd_version = "1.2.3"

  dd_environment = [
    {
      name  = "DD_CUSTOM_FEATURE",
      value = "true",
    },
  ]

  dd_dogstatsd = {
    enabled                  = true
    dogstatsd_cardinality    = "high",
    origin_detection_enabled = true,
  }

  dd_apm = {
    enabled   = true,
    profiling = true,
  }

  dd_log_collection = {
    enabled = true,
  }

  dd_cws = {
    enabled = true,
  }

  # Configure Task Definition
  family = var.task_family_name
  container_definitions = jsonencode([
    {
      name      = "dummy-dogstatsd-app",
      image     = "ghcr.io/datadog/apps-dogstatsd:main",
      essential = false,
    },
    {
      name      = "dummy-apm-app",
      image     = "ghcr.io/datadog/apps-tracegen:main",
      essential = true,
    },
    {
      name      = "dummy-cws-app",
      image     = "public.ecr.aws/ubuntu/ubuntu:22.04_stable",
      essential = false,
      entryPoint = [
        "/usr/bin/bash",
        "-c",
        "cp /usr/bin/bash /tmp/malware; chmod u+s /tmp/malware; apt update;apt install -y curl wget; /tmp/malware -c 'while true; do wget https://google.com; sleep 60; done'"
      ],
    }
  ])
  volumes = [
    {
      name = "app-volume"
    }
  ]
  runtime_platform = {
    cpu_architecture        = "ARM64"
    operating_system_family = "LINUX"
  }
  requires_compatibilities = ["FARGATE"]
}
  1. Deploy task definition as service.
  2. Confirm ecs.fargate.cpu.limit metrics are tagged with UST tags.
image

Additional Notes

@Mathew-Estafanous Mathew-Estafanous added the enhancement New feature or request label Oct 27, 2025
@Mathew-Estafanous Mathew-Estafanous self-assigned this Oct 27, 2025
@Mathew-Estafanous Mathew-Estafanous changed the title [CONTP-1014] feat: Add UST docker labels to all container definitions. [CONTP-1014] feat: Add UST docker labels to all container definitions Oct 27, 2025
@Mathew-Estafanous Mathew-Estafanous marked this pull request as ready for review November 3, 2025 13:52
@Mathew-Estafanous Mathew-Estafanous requested a review from a team as a code owner November 3, 2025 13:52
gabedos
gabedos reviewed Nov 3, 2025
View reviewed changes
modules/ecs_fargate/datadog.tf
dockerLabels = merge(
local.ust_docker_labels,
// Placing this after local.ust_docker_labels ensures user defined UST labels are not overwritten.
lookup(container, "dockerLabels", {}),
Copy link
Collaborator

@gabedos gabedos Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other application container configured options like environment variables, mount points, and container dependencies give more precedence to the values defined by the Datadog Terraform module.

I think we should be fine to maintain that level of precedence here and assume that if a user defined the UST values for env, service, and version then those values would take precedence as well.

terraform-aws-ecs-datadog/modules/ecs_fargate/variables.tf

Lines 117 to 133 in 1419f73

variable "dd_service" {
description = "The task service name. Used for tagging (UST)"
type = string
default = null
}
variable "dd_env" {
description = "The task environment name. Used for tagging (UST)"
type = string
default = null
}
variable "dd_version" {
description = "The task version name. Used for tagging (UST)"
type = string
default = null
}

We can leave a bugfix note in the changelog for the next release to notify users that the UST tagging has been fixed.

Copy link
Contributor Author

@Mathew-Estafanous Mathew-Estafanous Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understandable. I guess if they wanted unique UST values, then they shouldn't set the global env,service,and version. They should then manually set it per container definition.

I initially wanted to prioritize the user's docker labels over ours because the customer's problem description implied the need for different UST values.

gabedos
gabedos reviewed Nov 3, 2025
View reviewed changes
modules/ecs_fargate/datadog.tf Outdated

dd_agent_docker_labels = merge(
local.ust_docker_labels,
var.dd_docker_labels,
Copy link
Collaborator

@gabedos gabedos Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm unsure if we should be setting the UST tags on the Agent container the same as the application containers. We should get some other opinions about this and compare what our approach is for EKS Fargate with the admission controller on the DCA.

Copy link
Contributor Author

@Mathew-Estafanous Mathew-Estafanous Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already set UST env vars, albeit they don't work for the agent.

The DCA agent sidecar mutator doesn't inject the agent with any UST tags, so I think It makes sense to remove these UST tags from the terraform agent as well.

Copy link
Collaborator

@gabedos gabedos Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, the UST env vars on the Agent (and also fluentbit and cws-init) are actually doing nothing. We should be fine clean up and remove them.

@Mathew-Estafanous Mathew-Estafanous merged commit ebc1db9 into main Nov 4, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gabedos gabedos gabedos approved these changes

Assignees

@Mathew-Estafanous Mathew-Estafanous

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Mathew-Estafanous @gabedos