feat: added the ability to filter sysdig metrics using new variable `…

…sysdig_metrics_filter` (#196)
terraform-ibm-modules · Oct 4, 2023 · 1e46628 · 1e46628
1 parent 68ef437
commit 1e46628
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -134,6 +134,7 @@ No modules.
 | <a name="input_sysdig_agent_version"></a> [sysdig\_agent\_version](#input\_sysdig\_agent\_version) | IBM Cloud Monitoring Agent Version. To lookup version run: `ibmcloud cr images --restrict ext/sysdig/agent`. If null, the default value is used. | `string` | `"12.16.2"` | no |
 | <a name="input_sysdig_enabled"></a> [sysdig\_enabled](#input\_sysdig\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no |
 | <a name="input_sysdig_instance_name"></a> [sysdig\_instance\_name](#input\_sysdig\_instance\_name) | The name of the IBM Cloud Monitoring instance to use. Required if Sysdig is enabled | `string` | `null` | no |
+| <a name="input_sysdig_metrics_filter"></a> [sysdig\_metrics\_filter](#input\_sysdig\_metrics\_filter) | To filter custom metrics, specify the Sysdig metrics to include or to exclude. See  https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | <pre>list(object({<br>    type = string<br>    name = string<br>  }))</pre> | `[]` | no |
 | <a name="input_sysdig_resource_group_id"></a> [sysdig\_resource\_group\_id](#input\_sysdig\_resource\_group\_id) | Resource group that the IBM Cloud Monitoring is in. Defaults to Clusters group | `string` | `null` | no |
 
 ### Outputs

diff --git a/chart/sysdig-agent/templates/configmap.yaml b/chart/sysdig-agent/templates/configmap.yaml
@@ -14,6 +14,10 @@ metadata:
 data:
   dragent.yaml: |
     configmap: true
+
+    new_k8s: true
+    k8s_cluster_name: {{ .Values.config.clustername }}
+
     ### Agent tags
     tags: ibm.containers-kubernetes.cluster.name:{{ .Values.config.clustername }}
 
@@ -31,6 +35,10 @@ data:
     # collector certificate validation
     ssl_verify_certificate: true
 
-    #######################################
-    new_k8s: true
-    k8s_cluster_name: {{ .Values.config.clustername }}
+    {{ if .Values.metrics_filter -}}
+    # metrics that must be included/excluded during the metrics collection
+    metrics_filter:
+      {{ range $v := .Values.metrics_filter -}}
+      - {{ $v.type }}: {{ $v.name }}
+      {{ end }}
+    {{- end -}}
diff --git a/chart/sysdig-agent/values.yaml b/chart/sysdig-agent/values.yaml
@@ -5,6 +5,15 @@ config:
   region: "us-south"
 secret:
   key: ""
+metrics_filter: []
+# example:
+# metrics_filter:
+#  - type: "include"
+#    name: "metricA.*"
+#  - type: "exclude"
+#    name: "metricB.*"
+#  - type: "include"
+#    name: "metricC.*"
 checkov_skips:
   - checkov.io/skip1: CKV_K8S_21
   - checkov.io/skip2: CKV_K8S_30

diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -112,4 +112,6 @@ module "observability_agents" {
   sysdig_access_key         = module.observability_instances.cloud_monitoring_access_key
   logdna_agent_tags         = var.logdna_agent_tags
   logdna_add_cluster_name   = true
+  # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics
+  sysdig_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }]
 }
diff --git a/main.tf b/main.tf
@@ -130,6 +130,7 @@ resource "helm_release" "sysdig_agent" {
   wait             = true
   recreate_pods    = true
   force_update     = true
+  reset_values     = true
 
   set {
     name  = "image.version"
@@ -157,6 +158,10 @@ resource "helm_release" "sysdig_agent" {
     value = var.sysdig_access_key
   }
 
+  values = [yamlencode({
+    metrics_filter = var.sysdig_metrics_filter
+  })]
+
   provisioner "local-exec" {
     command     = "${path.module}/scripts/confirm-rollout-status.sh sysdig-agent ${local.sysdig_agent_namespace}"
     interpreter = ["/bin/bash", "-c"]

diff --git a/module-metadata.json b/module-metadata.json
@@ -164,6 +164,19 @@
         "line": 68
       }
     },
+    "sysdig_metrics_filter": {
+      "name": "sysdig_metrics_filter",
+      "type": "list(object({\n    type = string\n    name = string\n  }))",
+      "description": "To filter custom metrics, specify the Sysdig metrics to include or to exclude. See  https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics.",
+      "default": [],
+      "source": [
+        "helm_release.sysdig_agent.values"
+      ],
+      "pos": {
+        "filename": "variables.tf",
+        "line": 95
+      }
+    },
     "sysdig_resource_group_id": {
       "name": "sysdig_resource_group_id",
       "type": "string",
@@ -213,7 +226,8 @@
       "type": "helm_release",
       "name": "sysdig_agent",
       "attributes": {
-        "count": "sysdig_enabled"
+        "count": "sysdig_enabled",
+        "values": "sysdig_metrics_filter"
       },
       "provider": {
         "name": "helm"

diff --git a/variables.tf b/variables.tf
@@ -92,4 +92,17 @@ variable "sysdig_access_key" {
   default     = null
 }
 
+variable "sysdig_metrics_filter" {
+  type = list(object({
+    type = string
+    name = string
+  }))
+  description = "To filter custom metrics, specify the Sysdig metrics to include or to exclude. See  https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics."
+  default     = []
+  validation {
+    condition     = length(var.sysdig_metrics_filter) == 0 || can(regex("^(include|exclude)$", var.sysdig_metrics_filter[0].type))
+    error_message = "Invalid input for `sysdig_metrics_filter`. Valid options for 'type' are: `include` and `exclude`. If empty, no metrics are included or excluded."
+  }
+}
+
 ##############################################################################