diff --git a/README.md b/README.md
index 1a77ec8..77458f6 100644
--- a/README.md
+++ b/README.md
@@ -143,9 +143,13 @@ No modules.
| [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no |
| [kernal\_module\_image\_repository](#input\_kernal\_module\_image\_repository) | The image repository to pull the agent kernal module initContainer image from. | `string` | `"agent-kmodule"` | no |
| [kernel\_module\_image\_tag\_digest](#input\_kernel\_module\_image\_tag\_digest) | The image tag or digest to use for the agent kernel module used by the initContainer. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx` | `string` | `"14.2.0@sha256:3be3966e2bef75364f55d248156a568a222afaba3067f43c5c642c46b690cca9"` | no |
+| [max\_surge](#input\_max\_surge) | The number of pods that can be created above the desired amount of daemonset pods during an update. If `max_surge` is set to null, the `max_surge` setting is ignored. The variable accepts absolute number or percentage value(e.g., '1' or '10%'). | `string` | `null` | no |
+| [max\_unavailable](#input\_max\_unavailable) | The maximum number of pods that can be unavailable during a DaemonSet rolling update. Accepts absolute number or percentage (e.g., '1' or '10%'). | `string` | `"1"` | no |
| [metrics\_filter](#input\_metrics\_filter) | To filter custom metrics you can specify which metrics to include and exclude. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics | list(object({
include = optional(string)
exclude = optional(string)
})) | `[]` | no |
| [name](#input\_name) | The name to give the agent helm release. | `string` | `"sysdig-agent"` | no |
| [namespace](#input\_namespace) | Namespace to deploy the agent to. | `string` | `"ibm-observe"` | no |
+| [priority\_class\_name](#input\_priority\_class\_name) | The priority class name for the PriorityClasses assigned to the monitoring agent daemonset. If no value is passed, priority class is not used. | `string` | `null` | no |
+| [priority\_class\_value](#input\_priority\_class\_value) | The numerical priority assigned to PriorityClass, which determines the importance of monitoring agent daemonset pod within the cluster for both scheduling and eviction decisions. The value only applies if a value was passed for `priority_class_name` | `number` | `10` | no |
| [prometheus\_config](#input\_prometheus\_config) | Prometheus configuration for the agent. If you want to enable Prometheus configuration provide the prometheus.yaml file content in `hcl` format. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/blob/main/solutions/fully-configurable/DA-types.md#prometheus_config). | `map(any)` | `{}` | no |
| [tolerations](#input\_tolerations) | List of tolerations to apply to the agent. | list(object({
key = optional(string)
operator = optional(string)
value = optional(string)
effect = optional(string)
tolerationSeconds = optional(number)
})) | [
{
"operator": "Exists"
},
{
"effect": "NoSchedule",
"key": "node-role.kubernetes.io/master",
"operator": "Exists"
}
]
| no |
| [use\_private\_endpoint](#input\_use\_private\_endpoint) | Whether send data over a private endpoint or not. To use a private endpoint, you must enable virtual routing and forwarding (VRF) for your account. See https://cloud.ibm.com/docs/account?topic=account-vrf-service-endpoint. | `bool` | `true` | no |
diff --git a/examples/obs-agent-iks/main.tf b/examples/obs-agent-iks/main.tf
index cc0ccbe..874ceed 100644
--- a/examples/obs-agent-iks/main.tf
+++ b/examples/obs-agent-iks/main.tf
@@ -145,6 +145,7 @@ module "monitoring_agents" {
is_vpc_cluster = var.is_vpc_cluster
access_key = module.cloud_monitoring.access_key
instance_region = var.region
+ priority_class_name = "sysdig-daemonset-priority"
prometheus_config = {
scrape_configs = [
{
diff --git a/ibm_catalog.json b/ibm_catalog.json
index 1a7e965..3e5893f 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -265,6 +265,32 @@
{
"key": "agent_limits_memory"
},
+ {
+ "key": "max_surge",
+ "value_constraints": [
+ {
+ "type": "regex",
+ "description": "The value provided for 'max_surge' must be a positive integer (e.g., '1') or a percentage (e.g., '10%'), or null.",
+ "value": "^__NULL__$|^\\d+%?$"
+ }
+ ]
+ },
+ {
+ "key": "max_unavailable",
+ "value_constraints": [
+ {
+ "type": "regex",
+ "description": "The value provided for 'max_unavailable' must be a positive integer (e.g., '1') or a percentage (e.g., '10%').",
+ "value": "^\\d+%?$"
+ }
+ ]
+ },
+ {
+ "key": "priority_class_name"
+ },
+ {
+ "key": "priority_class_value"
+ },
{
"key": "tolerations",
"type": "array",
diff --git a/main.tf b/main.tf
index 6dc9b87..cd74211 100644
--- a/main.tf
+++ b/main.tf
@@ -252,6 +252,19 @@ resource "helm_release" "cloud_monitoring_agent" {
%{for line in split("\n", yamlencode(var.prometheus_config))~}
${line}
%{endfor~}
+%{if var.priority_class_name != null}
+ "createPriorityClass": true
+ "priorityClassName": ${var.priority_class_name}
+ "priorityClassValue": ${var.priority_class_value}
+%{endif}
+ "daemonset":
+ "updateStrategy":
+ "type": "RollingUpdate"
+ "rollingUpdate":
+ "maxUnavailable": ${var.max_unavailable}
+%{if var.max_surge != null}
+ "maxSurge": ${var.max_surge}
+%{endif}
EOT
]
diff --git a/solutions/fully-configurable/main.tf b/solutions/fully-configurable/main.tf
index 1bdf8ae..7098259 100644
--- a/solutions/fully-configurable/main.tf
+++ b/solutions/fully-configurable/main.tf
@@ -53,4 +53,8 @@ module "monitoring_agent" {
cluster_shield_limits_cpu = var.cluster_shield_limits_cpu
cluster_shield_requests_memory = var.cluster_shield_requests_memory
cluster_shield_limits_memory = var.cluster_shield_limits_memory
+ max_unavailable = var.max_unavailable
+ max_surge = var.max_surge
+ priority_class_name = var.priority_class_name
+ priority_class_value = var.priority_class_value
}
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index e50c15d..fd709cb 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -245,6 +245,32 @@ variable "deployment_tag" {
default = "terraform"
}
+variable "max_unavailable" {
+ type = string
+ description = "The maximum number of pods that can be unavailable during a DaemonSet rolling update. Accepts absolute number or percentage (e.g., '1' or '10%')."
+ default = "1"
+ nullable = false
+}
+
+variable "max_surge" {
+ type = string
+ description = "The number of pods that can be created above the desired amount of daemonset pods during an update. If `max_surge` is set to null, the `max_surge` setting is ignored. The variable accepts absolute number or percentage value(e.g., '1' or '10%')."
+ default = null
+}
+
+variable "priority_class_name" {
+ type = string
+ description = "The priority class name for the PriorityClasses assigned to the monitoring agent daemonset. If no value is passed, priority class is not used."
+ default = null
+}
+
+variable "priority_class_value" {
+ type = number
+ nullable = false
+ description = "The numerical priority assigned to PriorityClass, which determines the importance of monitoring agent daemonset pod within the cluster for both scheduling and eviction decisions. The value only applies if a value was passed for `priority_class_name`"
+ default = 10
+}
+
##############################################################################
# Metrics related variables
##############################################################################
diff --git a/tests/pr_test.go b/tests/pr_test.go
index ebc529e..388c4a3 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -118,6 +118,7 @@ func TestFullyConfigurableSolution(t *testing.T) {
{Name: "cluster_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_id"), DataType: "string"},
{Name: "cluster_resource_group_id", Value: terraform.Output(t, existingTerraformOptions, "cluster_resource_group_id"), DataType: "string"},
{Name: "access_key", Value: terraform.Output(t, existingTerraformOptions, "access_key"), DataType: "string", Secure: true},
+ {Name: "priority_class_name", Value: "sysdig-daemonset-priority", DataType: "string"},
}
err := options.RunSchematicTest()
diff --git a/variables.tf b/variables.tf
index 0f0471b..12529e8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -246,6 +246,43 @@ variable "deployment_tag" {
default = "terraform"
}
+variable "max_unavailable" {
+ type = string
+ description = "The maximum number of pods that can be unavailable during a DaemonSet rolling update. Accepts absolute number or percentage (e.g., '1' or '10%')."
+ default = "1"
+ nullable = false
+ validation {
+ condition = can(regex("^\\d+%?$", var.max_unavailable))
+ error_message = "max_unavailable must be a positive integer (e.g., '1') or a percentage (e.g., '10%')."
+ }
+}
+
+variable "max_surge" {
+ type = string
+ description = "The number of pods that can be created above the desired amount of daemonset pods during an update. If `max_surge` is set to null, the `max_surge` setting is ignored. The variable accepts absolute number or percentage value(e.g., '1' or '10%')."
+ default = null
+ validation {
+ condition = (
+ var.max_surge == null ||
+ can(regex("^\\d+%?$", var.max_surge))
+ )
+ error_message = "max_surge must be a positive integer (e.g., '1') or a percentage (e.g., '10%'), or null."
+ }
+}
+
+variable "priority_class_name" {
+ type = string
+ description = "The priority class name for the PriorityClasses assigned to the monitoring agent daemonset. If no value is passed, priority class is not used."
+ default = null
+}
+
+variable "priority_class_value" {
+ type = number
+ nullable = false
+ description = "The numerical priority assigned to PriorityClass, which determines the importance of monitoring agent daemonset pod within the cluster for both scheduling and eviction decisions. The value only applies if a value was passed for `priority_class_name`"
+ default = 10
+}
+
##############################################################################
# Metrics related variables
##############################################################################