feat: add third_party_telemetry_enabled config to disable infra telemetry#181
Merged
stevenolen merged 12 commits intomainfrom Apr 6, 2026
Merged
feat: add third_party_telemetry_enabled config to disable infra telemetry#181stevenolen merged 12 commits intomainfrom
stevenolen merged 12 commits intomainfrom
Conversation
stevenolen
force-pushed
the
third-party-telemetry-enabled
branch
from
9f5c4cc to
3931738
Compare
Lytol
previously approved these changes
Mar 16, 2026
Contributor
Lytol
left a comment
Lytol
left a comment
There was a problem hiding this comment.
I'll trust you that the options for each component are correct. Looks good!
…etry Add a workload-level `third_party_telemetry_enabled` config option (default: true) that disables usage reporting and update checks for third-party infrastructure components when set to false. Components affected: - Grafana: analytics reporting, update checks, plugin update checks - Loki: analytics reporting - Mimir: usage stats - Alloy: reporting - Traefik: version check and anonymous usage (AWS + Azure) - Calico: usage reporting via FelixConfiguration (EKS only) Also fixes: - Tigera Operator chart version bumped 3.26.1 → 3.29.3 to support native defaultFelixConfiguration in Helm values - Tigera Operator now uses configurable tigera_operator_version from WorkloadClusterComponentConfig instead of hardcoded version
stevenolen
force-pushed
the
third-party-telemetry-enabled
branch
from
3931738 to
a496abe
Compare
force_update_version is a valid parameter on aws.eks.NodeGroup but not aws.eks.Cluster. It was incorrectly being injected into cluster_args, causing Cluster creation to fail with an unexpected keyword argument. Store the value on self for use by node groups instead.
This reverts commit 4a8e120.
When disabling third-party telemetry, the Tigera Helm chart needs to manage the existing default FelixConfiguration. Add a CustomResourcePatch to set Helm ownership labels/annotations before the Helm release runs, allowing Helm to adopt the pre-existing resource.
timtalbot
previously approved these changes
Mar 18, 2026
Calico 3.29.3 fails with iptables-legacy-save exit status 111 on Amazon Linux 2023 (kernel 6.12) which only ships nftables. Set iptablesBackend: NFT in defaultFelixConfiguration unconditionally.
- Switch linuxDataplane from Iptables to Nftables (GA in 3.31, fixes AL2023 kernel 6.12) - Remove iptablesBackend: NFT (not needed with native Nftables dataplane) - Remove nonPrivileged: Enabled (no longer supported in 3.31) - Disable Goldmane and Whisker (new 3.31 components, CRDs not pre-installed)
timtalbot
previously approved these changes
Mar 18, 2026
The Nftables linuxDataplane value was added in Calico 3.31, but older CRD schemas only allow Iptables/BPF/VPP. Patch the CRD enum before the Helm release so the API server accepts the new value, enabling single-step upgrades from older versions.
3.31.4 with linuxDataplane: Iptables works on AL2023 — the operator uses iptables-nft under the hood. The Nftables dataplane caused NetworkUnavailable to stick on nodes after the transition. Removing the CRD patch since it was only needed for the Nftables enum.
Collaborator
Author
|
Update: Tigera Operator upgrade to 3.31.4 This PR now also includes an upgrade of the Tigera Operator from 3.26.1 → 3.31.4, needed for AL2023 compatibility (iptables-legacy-save exit status 111 on kernel 6.12). What changed:
Tested on:
Note: The commit history has some noise from a failed attempt at switching to |
The Tigera operator auto-detects EKS and defaults cni.type to AmazonVPC when the field is empty. Due to a race condition during install/upgrade, the operator can fill this default before Helm writes the user's value. Once set, Helm's 3-way merge won't revert it. Add a Pulumi CustomResourcePatch that explicitly sets cni.type=Calico on the Installation CR after the Helm release, ensuring Calico CNI overlay networking is always configured regardless of operator behavior.
Collaborator
Author
|
Update: Fix Calico CNI override on EKS During the Tigera 3.31.4 upgrade, we discovered that the operator auto-detects This caused new nodes on staging clusters to come up Fix: Added a |
Helm 3.31.4 manages the default FelixConfiguration on its own when defaultFelixConfiguration is enabled — the manual Helm ownership labels/annotations patch is not needed and causes drift on every run.
amdove
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a workload-level
third_party_telemetry_enabledconfig option (default: true) that disables usage reporting and update checks for third-party infrastructure components when set to false.Components affected:
Also fixes:
Going to deploy this to test workload now to confirm!
Category of change
Checklist