Skip to content

Commit b46b5cf

Browse files
jor2jor2
authored
feat: A fix was added which was preventing the image_registry value from being passed to the helm chart, meaning the image was being pulled from quay.io (which would fail if cluster does not have public gateway enabled on all nodes). As part of this fix, the following new variables have been exposed: image_registry_base_url, image_registry_namespace, agent_image_repository, agent_image_tag_digest, kernel_module_image_tag_digest, and kernal_module_image_repository. The image_registry input has been removed.<br>- A fix was added to fix the public ingest endpoint (#64)
1 parent 33ce9af commit b46b5cf

File tree

11 files changed

+163
-89
lines changed

11 files changed

+163
-89
lines changed

.secrets.baseline

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"files": "go.sum|^.secrets.baseline$",
44
"lines": null
55
},
6-
"generated_at": "2025-03-24T23:50:52Z",
6+
"generated_at": "2025-03-24T23:50:51Z",
77
"plugins_used": [
88
{
99
"name": "AWSKeyDetector"

README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,8 @@ No modules.
103103
| Name | Description | Type | Default | Required |
104104
|------|-------------|------|---------|:--------:|
105105
| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Access key used by the IBM Cloud Monitoring agent to communicate with the instance | `string` | n/a | yes |
106+
| <a name="input_agent_image_repository"></a> [agent\_image\_repository](#input\_agent\_image\_repository) | The image repository to pull the Cloud Monitoring agent image from. | `string` | `"agent-slim"` | no |
107+
| <a name="input_agent_image_tag_digest"></a> [agent\_image\_tag\_digest](#input\_agent\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.9.1@sha256:14860d181a8b712c4150bb59e3ba0ff4be08959e2c45376b32c8eb7ff70461f9"` | no |
106108
| <a name="input_chart"></a> [chart](#input\_chart) | The name of the Helm chart to deploy. | `string` | `"sysdig-deploy"` | no |
107109
| <a name="input_chart_location"></a> [chart\_location](#input\_chart\_location) | The location of the Cloud Monitoring agent helm chart. | `string` | `"https://charts.sysdig.com"` | no |
108110
| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the Cloud Monitoring agent helm chart to deploy. | `string` | `"1.83.1"` | no |
@@ -112,9 +114,11 @@ No modules.
112114
| <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in | `string` | n/a | yes |
113115
| <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes |
114116
| <a name="input_container_filter"></a> [container\_filter](#input\_container\_filter) | To filter custom containers, specify which containers to include or exclude from metrics collection for the cloud monitoring agent. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | <pre>list(object({<br/> type = string<br/> parameter = string<br/> name = string<br/> }))</pre> | `[]` | no |
115-
| <a name="input_image_registry"></a> [image\_registry](#input\_image\_registry) | The image registry to use for the Cloud Monitoring agent. | `string` | `"icr.io/ext/sysdig/agent"` | no |
116-
| <a name="input_image_tag_digest"></a> [image\_tag\_digest](#input\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent. | `string` | `"13.9.1@sha256:3193987f77dba930cb22c200df9981afcd097e7cd5885b77d13e20ef353dc5b8"` | no |
117+
| <a name="input_image_registry_base_url"></a> [image\_registry\_base\_url](#input\_image\_registry\_base\_url) | The image registry base URL to pull the Cloud Monitoring agent images from. For example `icr.io`, `quay.io`, etc. | `string` | `"icr.io"` | no |
118+
| <a name="input_image_registry_namespace"></a> [image\_registry\_namespace](#input\_image\_registry\_namespace) | The namespace within the image registry to pull the Cloud Monitoring agent images from. | `string` | `"ext/sysdig"` | no |
117119
| <a name="input_is_vpc_cluster"></a> [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the monitoring agent is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no |
120+
| <a name="input_kernal_module_image_repository"></a> [kernal\_module\_image\_repository](#input\_kernal\_module\_image\_repository) | The image repository to pull the Cloud Monitoring agent kernal module initContainer image from. | `string` | `"agent-kmodule"` | no |
121+
| <a name="input_kernel_module_image_tag_digest"></a> [kernel\_module\_image\_tag\_digest](#input\_kernel\_module\_image\_tag\_digest) | The image tag digest to use for the Cloud Monitoring agent kernel module used by the initContainer. | `string` | `"13.9.1@sha256:0eef614a5988f6979d487f949b3cb1212f8253433057894b5583bf01bf378fb3"` | no |
118122
| <a name="input_metrics_filter"></a> [metrics\_filter](#input\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | <pre>list(object({<br/> type = string<br/> name = string<br/> }))</pre> | `[]` | no |
119123
| <a name="input_name"></a> [name](#input\_name) | Cloud Monitoring agent name. Used for naming all kubernetes and helm resources on the cluster. | `string` | `"sysdig-agent"` | no |
120124
| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no |

examples/obs-agent-iks/main.tf

Lines changed: 10 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -26,20 +26,12 @@ resource "ibm_is_vpc" "vpc" {
2626
tags = var.resource_tags
2727
}
2828

29-
resource "ibm_is_public_gateway" "gateway" {
30-
name = "${var.prefix}-gateway-1"
31-
vpc = ibm_is_vpc.vpc.id
32-
resource_group = module.resource_group.resource_group_id
33-
zone = "${var.region}-1"
34-
}
35-
3629
resource "ibm_is_subnet" "subnet_zone_1" {
3730
name = "${var.prefix}-subnet-1"
3831
vpc = ibm_is_vpc.vpc.id
3932
resource_group = module.resource_group.resource_group_id
4033
zone = "${var.region}-1"
4134
total_ipv4_address_count = 256
42-
public_gateway = ibm_is_public_gateway.gateway.id
4335
}
4436

4537
########################################################################################################################
@@ -69,17 +61,16 @@ locals {
6961
}
7062

7163
module "ocp_base" {
72-
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
73-
version = "3.47.3"
74-
resource_group_id = module.resource_group.resource_group_id
75-
region = var.region
76-
tags = var.resource_tags
77-
cluster_name = var.prefix
78-
force_delete_storage = true
79-
vpc_id = ibm_is_vpc.vpc.id
80-
vpc_subnets = local.cluster_vpc_subnets
81-
worker_pools = local.worker_pools
82-
disable_outbound_traffic_protection = true # set as True to enable outbound traffic
64+
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
65+
version = "3.47.4"
66+
resource_group_id = module.resource_group.resource_group_id
67+
region = var.region
68+
tags = var.resource_tags
69+
cluster_name = var.prefix
70+
force_delete_storage = true
71+
vpc_id = ibm_is_vpc.vpc.id
72+
vpc_subnets = local.cluster_vpc_subnets
73+
worker_pools = local.worker_pools
8374
}
8475

8576
data "ibm_container_cluster_config" "cluster_config" {

examples/obs-agent-ocp/main.tf

Lines changed: 13 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -26,20 +26,12 @@ resource "ibm_is_vpc" "vpc" {
2626
tags = var.resource_tags
2727
}
2828

29-
resource "ibm_is_public_gateway" "gateway" {
30-
name = "${var.prefix}-gateway-1"
31-
vpc = ibm_is_vpc.vpc.id
32-
resource_group = module.resource_group.resource_group_id
33-
zone = "${var.region}-1"
34-
}
35-
3629
resource "ibm_is_subnet" "subnet_zone_1" {
3730
name = "${var.prefix}-subnet-1"
3831
vpc = ibm_is_vpc.vpc.id
3932
resource_group = module.resource_group.resource_group_id
4033
zone = "${var.region}-1"
4134
total_ipv4_address_count = 256
42-
public_gateway = ibm_is_public_gateway.gateway.id
4335
}
4436

4537
########################################################################################################################
@@ -69,20 +61,19 @@ locals {
6961
}
7062

7163
module "ocp_base" {
72-
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
73-
version = "3.47.3"
74-
resource_group_id = module.resource_group.resource_group_id
75-
region = var.region
76-
tags = var.resource_tags
77-
cluster_name = var.prefix
78-
force_delete_storage = true
79-
vpc_id = ibm_is_vpc.vpc.id
80-
vpc_subnets = local.cluster_vpc_subnets
81-
ocp_version = var.ocp_version
82-
worker_pools = local.worker_pools
83-
access_tags = var.access_tags
84-
ocp_entitlement = var.ocp_entitlement
85-
disable_outbound_traffic_protection = true # set as True to enable outbound traffic
64+
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
65+
version = "3.47.4"
66+
resource_group_id = module.resource_group.resource_group_id
67+
region = var.region
68+
tags = var.resource_tags
69+
cluster_name = var.prefix
70+
force_delete_storage = true
71+
vpc_id = ibm_is_vpc.vpc.id
72+
vpc_subnets = local.cluster_vpc_subnets
73+
ocp_version = var.ocp_version
74+
worker_pools = local.worker_pools
75+
access_tags = var.access_tags
76+
ocp_entitlement = var.ocp_entitlement
8677
}
8778

8879
data "ibm_container_cluster_config" "cluster_config" {

ibm_catalog.json

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -126,10 +126,22 @@
126126
"required": true
127127
},
128128
{
129-
"key": "image_registry"
129+
"key": "image_registry_base_url"
130130
},
131131
{
132-
"key": "image_tag_digest"
132+
"key": "image_registry_namespace"
133+
},
134+
{
135+
"key": "agent_image_repository"
136+
},
137+
{
138+
"key": "agent_image_tag_digest"
139+
},
140+
{
141+
"key": "kernal_module_image_repository"
142+
},
143+
{
144+
"key": "kernel_module_image_tag_digest"
133145
},
134146
{
135147
"key": "chart"

main.tf

Lines changed: 34 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ data "ibm_container_cluster_config" "cluster_config" {
3030
locals {
3131
# LOCALS
3232
cluster_name = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
33-
collector_host = var.cloud_monitoring_instance_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com"
33+
collector_host = var.cloud_monitoring_instance_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "ingest.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com"
3434
}
3535

3636
resource "helm_release" "cloud_monitoring_agent" {
@@ -51,6 +51,20 @@ resource "helm_release" "cloud_monitoring_agent" {
5151
type = "string"
5252
value = local.collector_host
5353
}
54+
set {
55+
name = "agent.slim.image.repository"
56+
type = "string"
57+
value = var.agent_image_repository
58+
}
59+
set {
60+
name = "agent.slim.kmoduleImage.repository"
61+
type = "string"
62+
value = var.kernal_module_image_repository
63+
}
64+
set {
65+
name = "agent.slim.enabled"
66+
value = true
67+
}
5468
set {
5569
name = "global.sysdig.accessKey"
5670
type = "string"
@@ -62,14 +76,29 @@ resource "helm_release" "cloud_monitoring_agent" {
6276
value = local.cluster_name
6377
}
6478
set {
65-
name = "image.version"
79+
name = "agent.image.registry"
80+
type = "string"
81+
value = var.image_registry_base_url
82+
}
83+
set {
84+
name = "Values.image.repository"
85+
type = "string"
86+
value = var.image_registry_base_url
87+
}
88+
set {
89+
name = "global.imageRegistry"
90+
type = "string"
91+
value = "${var.image_registry_base_url}/${var.image_registry_namespace}"
92+
}
93+
set {
94+
name = "agent.image.tag"
6695
type = "string"
67-
value = var.image_tag_digest
96+
value = var.agent_image_tag_digest
6897
}
6998
set {
70-
name = "image.registry"
99+
name = "agent.slim.kmoduleImage.digest"
71100
type = "string"
72-
value = var.image_registry
101+
value = regex("@(.*)", var.kernel_module_image_tag_digest)[0]
73102
}
74103
# Specific to SCC WP, enabled by default
75104
set {

solutions/fully-configurable/main.tf

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,10 @@ module "monitoring_agent" {
2828
chart = var.chart
2929
chart_location = var.chart_location
3030
chart_version = var.chart_version
31-
image_registry = var.image_registry
32-
image_tag_digest = var.image_tag_digest
31+
image_registry_base_url = var.image_registry_base_url
32+
image_registry_namespace = var.image_registry_namespace
33+
agent_image_repository = var.agent_image_repository
34+
agent_image_tag_digest = var.agent_image_tag_digest
35+
kernel_module_image_tag_digest = var.kernel_module_image_tag_digest
36+
kernal_module_image_repository = var.kernal_module_image_repository
3337
}

solutions/fully-configurable/variables.tf

Lines changed: 34 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -132,16 +132,44 @@ variable "chart_version" {
132132
nullable = false
133133
}
134134

135-
variable "image_registry" {
136-
description = "The image registry to use for the Cloud Monitoring agent."
135+
variable "image_registry_base_url" {
136+
description = "The image registry base URL to pull the Cloud Monitoring agent images from. For example `icr.io`, `quay.io`, etc."
137137
type = string
138-
default = "icr.io/ext/sysdig/agent"
138+
default = "icr.io"
139139
nullable = false
140140
}
141141

142-
variable "image_tag_digest" {
143-
description = "The image tag digest to use for the Cloud Monitoring agent."
142+
variable "image_registry_namespace" {
143+
description = "The namespace within the image registry to pull the Cloud Monitoring agent images from."
144144
type = string
145-
default = "13.9.1@sha256:3193987f77dba930cb22c200df9981afcd097e7cd5885b77d13e20ef353dc5b8" # datasource: icr.io/ext/sysdig/agent
145+
default = "ext/sysdig"
146+
nullable = false
147+
}
148+
149+
variable "agent_image_repository" {
150+
description = "The image repository to pull the Cloud Monitoring agent image from."
151+
type = string
152+
default = "agent-slim"
153+
nullable = false
154+
}
155+
156+
variable "agent_image_tag_digest" {
157+
description = "The namespace within the image registry to pull the Cloud Monitoring agent images from."
158+
type = string
159+
default = "13.9.1@sha256:14860d181a8b712c4150bb59e3ba0ff4be08959e2c45376b32c8eb7ff70461f9" # datasource: icr.io/ext/sysdig/agent-slim
160+
nullable = false
161+
}
162+
163+
variable "kernel_module_image_tag_digest" {
164+
description = "The image tag digest to use for the Cloud Monitoring agent kernel module used by the initContainer."
165+
type = string
166+
default = "13.9.1@sha256:0eef614a5988f6979d487f949b3cb1212f8253433057894b5583bf01bf378fb3" # datasource: icr.io/ext/sysdig/agent-kmodule
167+
nullable = false
168+
}
169+
170+
variable "kernal_module_image_repository" {
171+
description = "The image repository to pull the Cloud Monitoring agent kernal module initContainer image from."
172+
type = string
173+
default = "agent-kmodule"
146174
nullable = false
147175
}

tests/resources/main.tf

Lines changed: 11 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -26,20 +26,12 @@ resource "ibm_is_vpc" "vpc" {
2626
tags = var.resource_tags
2727
}
2828

29-
resource "ibm_is_public_gateway" "gateway" {
30-
name = "${var.prefix}-gateway-1"
31-
vpc = ibm_is_vpc.vpc.id
32-
resource_group = module.resource_group.resource_group_id
33-
zone = "${var.region}-1"
34-
}
35-
3629
resource "ibm_is_subnet" "subnet_zone_1" {
3730
name = "${var.prefix}-subnet-1"
3831
vpc = ibm_is_vpc.vpc.id
3932
resource_group = module.resource_group.resource_group_id
4033
zone = "${var.region}-1"
4134
total_ipv4_address_count = 256
42-
public_gateway = ibm_is_public_gateway.gateway.id
4335
}
4436

4537
########################################################################################################################
@@ -68,23 +60,18 @@ locals {
6860
]
6961
}
7062

71-
locals {
72-
cluster_name = "${var.prefix}-cluster"
73-
}
74-
7563
module "ocp_base" {
76-
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
77-
version = "3.47.3"
78-
resource_group_id = module.resource_group.resource_group_id
79-
region = var.region
80-
tags = var.resource_tags
81-
cluster_name = local.cluster_name
82-
force_delete_storage = true
83-
vpc_id = ibm_is_vpc.vpc.id
84-
vpc_subnets = local.cluster_vpc_subnets
85-
worker_pools = local.worker_pools
86-
access_tags = []
87-
disable_outbound_traffic_protection = true # set as True to enable outbound traffic
64+
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
65+
version = "3.47.4"
66+
resource_group_id = module.resource_group.resource_group_id
67+
region = var.region
68+
tags = var.resource_tags
69+
cluster_name = "${var.prefix}-cluster"
70+
force_delete_storage = true
71+
vpc_id = ibm_is_vpc.vpc.id
72+
vpc_subnets = local.cluster_vpc_subnets
73+
worker_pools = local.worker_pools
74+
access_tags = []
8875
}
8976

9077
##############################################################################

tests/resources/outputs.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ output "cluster_resource_group_id" {
2323
}
2424

2525
output "cluster_name" {
26-
value = local.cluster_name
26+
value = module.ocp_base.cluster_name
2727
description = "Name of the cluster."
2828
}
2929

0 commit comments

Comments
 (0)