diff --git a/content/en/tracing/trace_collection/single-step-apm/kubernetes.md b/content/en/tracing/trace_collection/single-step-apm/kubernetes.md
index b77aa017467..480e8f9a956 100644
--- a/content/en/tracing/trace_collection/single-step-apm/kubernetes.md
+++ b/content/en/tracing/trace_collection/single-step-apm/kubernetes.md
@@ -138,7 +138,7 @@ For complete instructions, see [setting USTs for Kubernetes services][5].
## Enable SDK-dependent products and features
-After SSI loads the Datadog SDK into your applications and enables distributed tracing, you can configure additional products that rely on the SDK. These include capabilities such as [Continuous Profiler][37], [Application Security Monitoring][38], and [trace ingestion controls][39].
+After SSI loads the Datadog SDK into your applications and enables distributed tracing, you can configure additional products that rely on the SDK. These include capabilities such as [Continuous Profiler][37], [App and API Protection (AAP)][38], and [trace ingestion controls][39].
Use one of the following setup methods:
@@ -172,7 +172,7 @@ Each target block has the following keys:
| `namespaceSelector` | The namespace(s) to instrument. Specify using one or more of:
- `matchNames`: A list of one or more namespace name(s).
- `matchLabels`: A list of one or more label(s) defined in `{key,value}` pairs.
- `matchExpressions`: A list of namespace selector requirements.
Namespaces must meet all criteria to match. For more details, see the [Kubernetes selector documentation][10].|
| `podSelector` | The pod(s) to instrument. Specify using one or more of:
- `matchLabels`: A list of one or more label(s) defined in `{key,value}` pairs.
- `matchExpressions`: A list of pod selector requirements.
Pods must meet all criteria to match. For more details, see the [Kubernetes selector documentation][10]. |
| `ddTraceVersions` | The [Datadog APM SDK][9] version to use for each language. |
-| `ddTraceConfigs` | APM SDK configs that allow setting Unified Service Tags, enabling Datadog products beyond tracing, and customizing other APM settings. [See full list of options][8]. |
+| `ddTraceConfigs` | APM SDK configs that allow setting [Unified Service Tags][8], enabling [SDK-dependent products](#enable-sdk-dependent-products-and-features) beyond tracing, and customizing other [APM settings][14]. |
The file you need to configure depends on how you enabled Single Step Instrumentation:
- If you enabled SSI with Datadog Operator, edit `datadog-agent.yaml`.
@@ -324,9 +324,43 @@ This configuration enables APM for all pods except those that have either of the
{{< /collapse-content >}}
+{{< collapse-content title="Example 6: Enable additional products with ddTraceConfigs" level="h4" >}}
+
+This configuration enables [App and API Protection (AAP)][12] and [Continuous Profiler][11] for services in the `web-apps` namespace, using `ddTraceConfigs` to set the required environment variables:
+
+{{< highlight yaml "hl_lines=4-20" >}}
+ apm:
+ instrumentation:
+ enabled: true
+ targets:
+ - name: "web-apps-with-security"
+ namespaceSelector:
+ matchNames:
+ - "web-apps"
+ ddTraceVersions:
+ java: "default"
+ python: "default"
+ ddTraceConfigs:
+ - name: "DD_APPSEC_ENABLED"
+ value: "true"
+ - name: "DD_PROFILING_ENABLED"
+ value: "auto"
+ - name: DD_SERVICE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.labels['app.kubernetes.io/name']
+{{< /highlight >}}
+
+For a full list of products you can enable through SSI, see [Enable SDK-dependent products and features](#enable-sdk-dependent-products-and-features).
+
+{{< /collapse-content >}}
+
[8]: /getting_started/tagging/unified_service_tagging/?tab=kubernetes
[9]: /tracing/trace_collection/automatic_instrumentation/single-step-apm/compatibility/#tracer-libraries
[10]: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements
+[11]: /profiler/
+[12]: /security/application_security/
+[14]: /tracing/trace_collection/library_config/
{{% /tab %}}