From 1e466285b5778c81344dbae4b91f381c9ed8f529 Mon Sep 17 00:00:00 2001
From: rajatagarwal-ibm <108140212+rajatagarwal-ibm@users.noreply.github.com>
Date: Wed, 4 Oct 2023 15:59:55 +0100
Subject: [PATCH] feat: added the ability to filter sysdig metrics using new
variable `sysdig_metrics_filter` (#196)
---
README.md | 1 +
chart/sysdig-agent/templates/configmap.yaml | 14 +++++++++++---
chart/sysdig-agent/values.yaml | 9 +++++++++
examples/basic/main.tf | 2 ++
main.tf | 5 +++++
module-metadata.json | 16 +++++++++++++++-
variables.tf | 13 +++++++++++++
7 files changed, 56 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 23ff68c6..51f8bd18 100644
--- a/README.md
+++ b/README.md
@@ -134,6 +134,7 @@ No modules.
| [sysdig\_agent\_version](#input\_sysdig\_agent\_version) | IBM Cloud Monitoring Agent Version. To lookup version run: `ibmcloud cr images --restrict ext/sysdig/agent`. If null, the default value is used. | `string` | `"12.16.2"` | no |
| [sysdig\_enabled](#input\_sysdig\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no |
| [sysdig\_instance\_name](#input\_sysdig\_instance\_name) | The name of the IBM Cloud Monitoring instance to use. Required if Sysdig is enabled | `string` | `null` | no |
+| [sysdig\_metrics\_filter](#input\_sysdig\_metrics\_filter) | To filter custom metrics, specify the Sysdig metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | list(object({
type = string
name = string
})) | `[]` | no |
| [sysdig\_resource\_group\_id](#input\_sysdig\_resource\_group\_id) | Resource group that the IBM Cloud Monitoring is in. Defaults to Clusters group | `string` | `null` | no |
### Outputs
diff --git a/chart/sysdig-agent/templates/configmap.yaml b/chart/sysdig-agent/templates/configmap.yaml
index 9d079cd0..2f632055 100644
--- a/chart/sysdig-agent/templates/configmap.yaml
+++ b/chart/sysdig-agent/templates/configmap.yaml
@@ -14,6 +14,10 @@ metadata:
data:
dragent.yaml: |
configmap: true
+
+ new_k8s: true
+ k8s_cluster_name: {{ .Values.config.clustername }}
+
### Agent tags
tags: ibm.containers-kubernetes.cluster.name:{{ .Values.config.clustername }}
@@ -31,6 +35,10 @@ data:
# collector certificate validation
ssl_verify_certificate: true
- #######################################
- new_k8s: true
- k8s_cluster_name: {{ .Values.config.clustername }}
+ {{ if .Values.metrics_filter -}}
+ # metrics that must be included/excluded during the metrics collection
+ metrics_filter:
+ {{ range $v := .Values.metrics_filter -}}
+ - {{ $v.type }}: {{ $v.name }}
+ {{ end }}
+ {{- end -}}
diff --git a/chart/sysdig-agent/values.yaml b/chart/sysdig-agent/values.yaml
index 584d98e3..6bc86f09 100644
--- a/chart/sysdig-agent/values.yaml
+++ b/chart/sysdig-agent/values.yaml
@@ -5,6 +5,15 @@ config:
region: "us-south"
secret:
key: ""
+metrics_filter: []
+# example:
+# metrics_filter:
+# - type: "include"
+# name: "metricA.*"
+# - type: "exclude"
+# name: "metricB.*"
+# - type: "include"
+# name: "metricC.*"
checkov_skips:
- checkov.io/skip1: CKV_K8S_21
- checkov.io/skip2: CKV_K8S_30
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index cd1d6b94..3f7a50ed 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -112,4 +112,6 @@ module "observability_agents" {
sysdig_access_key = module.observability_instances.cloud_monitoring_access_key
logdna_agent_tags = var.logdna_agent_tags
logdna_add_cluster_name = true
+ # example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics
+ sysdig_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }]
}
diff --git a/main.tf b/main.tf
index 601c84d5..08889e27 100644
--- a/main.tf
+++ b/main.tf
@@ -130,6 +130,7 @@ resource "helm_release" "sysdig_agent" {
wait = true
recreate_pods = true
force_update = true
+ reset_values = true
set {
name = "image.version"
@@ -157,6 +158,10 @@ resource "helm_release" "sysdig_agent" {
value = var.sysdig_access_key
}
+ values = [yamlencode({
+ metrics_filter = var.sysdig_metrics_filter
+ })]
+
provisioner "local-exec" {
command = "${path.module}/scripts/confirm-rollout-status.sh sysdig-agent ${local.sysdig_agent_namespace}"
interpreter = ["/bin/bash", "-c"]
diff --git a/module-metadata.json b/module-metadata.json
index 08428421..a05e70ac 100644
--- a/module-metadata.json
+++ b/module-metadata.json
@@ -164,6 +164,19 @@
"line": 68
}
},
+ "sysdig_metrics_filter": {
+ "name": "sysdig_metrics_filter",
+ "type": "list(object({\n type = string\n name = string\n }))",
+ "description": "To filter custom metrics, specify the Sysdig metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics.",
+ "default": [],
+ "source": [
+ "helm_release.sysdig_agent.values"
+ ],
+ "pos": {
+ "filename": "variables.tf",
+ "line": 95
+ }
+ },
"sysdig_resource_group_id": {
"name": "sysdig_resource_group_id",
"type": "string",
@@ -213,7 +226,8 @@
"type": "helm_release",
"name": "sysdig_agent",
"attributes": {
- "count": "sysdig_enabled"
+ "count": "sysdig_enabled",
+ "values": "sysdig_metrics_filter"
},
"provider": {
"name": "helm"
diff --git a/variables.tf b/variables.tf
index df20d9b8..e6ec5c16 100644
--- a/variables.tf
+++ b/variables.tf
@@ -92,4 +92,17 @@ variable "sysdig_access_key" {
default = null
}
+variable "sysdig_metrics_filter" {
+ type = list(object({
+ type = string
+ name = string
+ }))
+ description = "To filter custom metrics, specify the Sysdig metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics."
+ default = []
+ validation {
+ condition = length(var.sysdig_metrics_filter) == 0 || can(regex("^(include|exclude)$", var.sysdig_metrics_filter[0].type))
+ error_message = "Invalid input for `sysdig_metrics_filter`. Valid options for 'type' are: `include` and `exclude`. If empty, no metrics are included or excluded."
+ }
+}
+
##############################################################################