terraform-ibm-modules · terraform-ibm-modules-dev · Dec 17, 2025 · Dec 16, 2025
@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-ci-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].0
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].1
     secrets: inherit
@@ -8,5 +8,5 @@ on:
 
 jobs:
   call-terraform-release-pipeline:
-    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].0
+    uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/[email protected].1
     secrets: inherit
@@ -111,7 +111,7 @@ No modules.
 | <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Access key used by the agent to communicate with the instance. Either `access_key` or `existing_access_key_secret_name` is required. This value will be stored in a new secret on the cluster if passed. If you want to use this agent for only metrics or metrics with security and compliance, use a manager key scoped to the IBM Cloud Monitoring instance. If you only want to use the agent for security and compliance use a manager key scoped to the Security and Compliance Center Workload Protection instance. | `string` | `null` | no |
 | <a name="input_add_cluster_name"></a> [add\_cluster\_name](#input\_add\_cluster\_name) | If true, configure the agent to associate a tag containing the cluster name. This tag is added in the format `ibm-containers-kubernetes-cluster-name: cluster_name`. | `bool` | `true` | no |
 | <a name="input_agent_image_repository"></a> [agent\_image\_repository](#input\_agent\_image\_repository) | The image repository to pull the agent image from. | `string` | `"agent-slim"` | no |
-| <a name="input_agent_image_tag_digest"></a> [agent\_image\_tag\_digest](#input\_agent\_image\_tag\_digest) | The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`. | `string` | `"14.2.5@sha256:64b9d77bbd1bb22f97a74198144dcfea62bb5cee7629091252694e9040058035"` | no |
+| <a name="input_agent_image_tag_digest"></a> [agent\_image\_tag\_digest](#input\_agent\_image\_tag\_digest) | The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`. | `string` | `"14.3.0@sha256:281da13df130813a4f00171756046ac969150d36a9b0dd32a817d41502f19fe4"` | no |
 | <a name="input_agent_limits_cpu"></a> [agent\_limits\_cpu](#input\_agent\_limits\_cpu) | Specify CPU resource limits for the agent. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-resource_requirements | `string` | `"1"` | no |
 | <a name="input_agent_limits_memory"></a> [agent\_limits\_memory](#input\_agent\_limits\_memory) | Specify memory resource limits for the agent. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-resource_requirements | `string` | `"1024Mi"` | no |
 | <a name="input_agent_mode"></a> [agent\_mode](#input\_agent\_mode) | The operational mode for the monitoring agent. [Learn more](https://docs.sysdig.com/en/docs/administration/configure-agent-modes/). | `string` | `null` | no |
@@ -121,7 +121,7 @@ No modules.
 | <a name="input_blacklisted_ports"></a> [blacklisted\_ports](#input\_blacklisted\_ports) | To block network traffic and metrics from network ports, pass the list of ports from which you want to filter out any data. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_agent#ports | `list(number)` | `[]` | no |
 | <a name="input_chart"></a> [chart](#input\_chart) | The name of the Helm chart to deploy. Use `chart_location` to specify helm chart location. | `string` | `"sysdig-deploy"` | no |
 | <a name="input_chart_location"></a> [chart\_location](#input\_chart\_location) | The location of the agent helm chart. | `string` | `"https://charts.sysdig.com"` | no |
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the agent helm chart to deploy. | `string` | `"1.98.1"` | no |
+| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the agent helm chart to deploy. | `string` | `"1.99.3"` | no |
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agent in. | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The resource group ID of the cluster. | `string` | n/a | yes |
@@ -144,7 +144,7 @@ No modules.
 | <a name="input_image_registry_namespace"></a> [image\_registry\_namespace](#input\_image\_registry\_namespace) | The namespace within the image registry to pull all images from. | `string` | `"ext/sysdig"` | no |
 | <a name="input_instance_region"></a> [instance\_region](#input\_instance\_region) | The region of the IBM Cloud Monitoring instance that you want to send metrics to. The region value is used to construct the ingestion and api endpoints. If you are only using the agent for security and compliance monitoring, set this to the region of your IBM Cloud Security and Compliance Center Workload Protection instance. If you have both Cloud Monitoring and Security and Compliance Center Workload Protection instances, the instances must be connected and must be in the same region to use the same agent. | `string` | n/a | yes |
 | <a name="input_is_vpc_cluster"></a> [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no |
-| <a name="input_kernel_module_image_digest"></a> [kernel\_module\_image\_digest](#input\_kernel\_module\_image\_digest) | The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported. | `string` | `"14.2.5@sha256:0345968a77f8eb64a00f2b06af3c40bf3df78d34125b46c9788a9e73f8ddbb1a"` | no |
+| <a name="input_kernel_module_image_digest"></a> [kernel\_module\_image\_digest](#input\_kernel\_module\_image\_digest) | The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported. | `string` | `"14.3.0@sha256:dd3279359d296e5e210ecca1287a8da3bf43d9fbb396f519bc7ec14f9126bf52"` | no |
 | <a name="input_kernel_module_image_repository"></a> [kernel\_module\_image\_repository](#input\_kernel\_module\_image\_repository) | The image repository to pull the agent kernel module initContainer image from. | `string` | `"agent-kmodule"` | no |
 | <a name="input_max_surge"></a> [max\_surge](#input\_max\_surge) | The number of pods that can be created above the desired amount of daemonset pods during an update. If `max_surge` is set to null, the `max_surge` setting is ignored. The variable accepts absolute number or percentage value(e.g., '1' or '10%'). | `string` | `null` | no |
 | <a name="input_max_unavailable"></a> [max\_unavailable](#input\_max\_unavailable) | The maximum number of pods that can be unavailable during a DaemonSet rolling update. Accepts absolute number or percentage (e.g., '1' or '10%'). | `string` | `"1"` | no |

@@ -4,7 +4,7 @@
 
 module "resource_group" {
   source  = "terraform-ibm-modules/resource-group/ibm"
-  version = "1.4.0"
+  version = "1.4.6"
   # if an existing resource group is not set (null) create a new one using prefix
   resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
   existing_resource_group_name = var.resource_group
@@ -108,7 +108,7 @@ resource "time_sleep" "wait_operators" {
 
 module "cloud_monitoring" {
   source            = "terraform-ibm-modules/cloud-monitoring/ibm"
-  version           = "1.11.0"
+  version           = "1.12.1"
   instance_name     = "${var.prefix}-cloud-monitoring"
   resource_group_id = module.resource_group.resource_group_id
   resource_tags     = var.resource_tags
@@ -122,7 +122,7 @@ module "cloud_monitoring" {
 
 module "scc_wp" {
   source                        = "terraform-ibm-modules/scc-workload-protection/ibm"
-  version                       = "1.16.4"
+  version                       = "1.16.5"
   name                          = "${var.prefix}-scc-wp"
   resource_group_id             = module.resource_group.resource_group_id
   region                        = var.region

@@ -4,7 +4,7 @@
 
 module "resource_group" {
   source  = "terraform-ibm-modules/resource-group/ibm"
-  version = "1.4.0"
+  version = "1.4.6"
   # if an existing resource group is not set (null) create a new one using prefix
   resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
   existing_resource_group_name = var.resource_group
@@ -71,7 +71,7 @@ locals {
 
 module "ocp_base" {
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version              = "3.73.5"
+  version              = "3.75.3"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
   tags                 = var.resource_tags
@@ -95,7 +95,7 @@ data "ibm_container_cluster_config" "cluster_config" {
 
 module "cloud_monitoring" {
   source            = "terraform-ibm-modules/cloud-monitoring/ibm"
-  version           = "1.11.0"
+  version           = "1.12.1"
   instance_name     = "${var.prefix}-cloud-monitoring"
   resource_group_id = module.resource_group.resource_group_id
   resource_tags     = var.resource_tags
@@ -109,7 +109,7 @@ module "cloud_monitoring" {
 
 module "scc_wp" {
   source                        = "terraform-ibm-modules/scc-workload-protection/ibm"
-  version                       = "1.16.4"
+  version                       = "1.16.5"
   name                          = "${var.prefix}-scc-wp"
   resource_group_id             = module.resource_group.resource_group_id
   region                        = var.region

@@ -16,7 +16,7 @@ locals {
 
 module "instance_crn_parser" {
   source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
-  version = "1.3.0"
+  version = "1.3.5"
   crn     = var.instance_crn
 }
 

@@ -186,7 +186,7 @@ variable "chart_version" {
   description = "The version of the agent helm chart to deploy."
   type        = string
   # This version is automatically managed by renovate automation - do not remove the registryUrl comment on next line
-  default  = "1.98.1" # registryUrl: charts.sysdig.com
+  default  = "1.99.3" # registryUrl: charts.sysdig.com
   nullable = false
 }
 
@@ -215,15 +215,15 @@ variable "agent_image_tag_digest" {
   description = "The image tag or digest of agent image to use. If using digest, it must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `kernel_module_image_digest`."
   type        = string
   # This version is automatically managed by renovate automation - do not remove the datasource comment on next line
-  default  = "14.2.5@sha256:64b9d77bbd1bb22f97a74198144dcfea62bb5cee7629091252694e9040058035" # datasource: icr.io/ext/sysdig/agent-slim
+  default  = "14.3.0@sha256:281da13df130813a4f00171756046ac969150d36a9b0dd32a817d41502f19fe4" # datasource: icr.io/ext/sysdig/agent-slim
   nullable = false
 }
 
 variable "kernel_module_image_digest" {
   description = "The image digest to use for the agent kernel module used by the initContainer. Must be in the format of `X.Y.Z@sha256:xxxxx`. This version must match the version being used in the `agent_image_tag_digest`. Note: Only digest format is supported; image tag is not supported."
   type        = string
   # This version is automatically managed by renovate automation - do not remove the datasource comment on next line
-  default  = "14.2.5@sha256:0345968a77f8eb64a00f2b06af3c40bf3df78d34125b46c9788a9e73f8ddbb1a" # datasource: icr.io/ext/sysdig/agent-kmodule
+  default  = "14.3.0@sha256:dd3279359d296e5e210ecca1287a8da3bf43d9fbb396f519bc7ec14f9126bf52" # datasource: icr.io/ext/sysdig/agent-kmodule
   nullable = false
   validation {
     condition     = can(regex("^\\d+\\.\\d+\\.\\d+@sha256:[a-f0-9]{64}$", var.kernel_module_image_digest))

@@ -6,15 +6,15 @@ terraform {
     # Lock DA into an exact provider version - renovate automation will keep it updated
     ibm = {
       source  = "ibm-cloud/ibm"
-      version = "1.85.0"
+      version = "1.86.1"
     }
     helm = {
       source  = "hashicorp/helm"
       version = "3.1.1"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "2.38.0"
+      version = "3.0.1"
     }
   }
 }
@@ -1,22 +1,20 @@
 module github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent
 
-go 1.24.0
-
-toolchain go1.25.4
+go 1.25.5
 
 require (
 	github.com/gruntwork-io/terratest v0.54.0
 	github.com/stretchr/testify v1.11.1
-	github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.34
+	github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.64.0
 )
 
 require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be // indirect
-	github.com/IBM-Cloud/power-go-client v1.14.3 // indirect
+	github.com/IBM-Cloud/power-go-client v1.14.4 // indirect
 	github.com/IBM/cloud-databases-go-sdk v0.8.1 // indirect
 	github.com/IBM/go-sdk-core/v5 v5.21.2 // indirect
-	github.com/IBM/platform-services-go-sdk v0.90.4 // indirect
+	github.com/IBM/platform-services-go-sdk v0.91.0 // indirect
 	github.com/IBM/project-go-sdk v0.4.0 // indirect
 	github.com/IBM/schematics-go-sdk v0.4.0 // indirect
 	github.com/IBM/vpc-go-sdk v1.0.2 // indirect
@@ -37,7 +35,7 @@ require (
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
-	github.com/go-openapi/errors v0.22.4 // indirect
+	github.com/go-openapi/errors v0.22.5 // indirect
 	github.com/go-openapi/jsonpointer v0.21.1 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/loads v0.22.0 // indirect
@@ -90,13 +88,13 @@ require (
 	go.opentelemetry.io/otel/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/mod v0.30.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+4 −0		commonRenovateConfig.json
+2 −2		da-assets/da-dependency-updater/requirements.txt
+1 −1		examples/Dockerfile
+1 −1		module-assets/.pre-commit-config.yaml
+8 −8		module-assets/ci/install-deps.sh
+12 −10		module-assets/ci/validateIbmCatalogJson.py
+1 −1		stack-assets/stack-updater/requirements.txt
+1 −1		tests/go.mod