diff --git a/README.md b/README.md
index a80e0daa..9d6086ec 100644
--- a/README.md
+++ b/README.md
@@ -125,6 +125,7 @@ You need the following permissions to run this module.
| [cloud\_monitoring\_agent\_namespace](#input\_cloud\_monitoring\_agent\_namespace) | Namespace where to deploy the Cloud Monitoring agent. Default value is 'ibm-observe' | `string` | `"ibm-observe"` | no |
| [cloud\_monitoring\_agent\_tags](#input\_cloud\_monitoring\_agent\_tags) | List of tags to associate to all matrics that the agent collects. NOTE: Use the 'cloud\_monitoring\_add\_cluster\_name' variable to add the cluster name as a tag. | `list(string)` | `[]` | no |
| [cloud\_monitoring\_agent\_tolerations](#input\_cloud\_monitoring\_agent\_tolerations) | List of tolerations to apply to Cloud Monitoring agent. | list(object({
key = optional(string)
operator = optional(string)
value = optional(string)
effect = optional(string)
tolerationSeconds = optional(number)
})) | [
{
"operator": "Exists"
},
{
"effect": "NoSchedule",
"key": "node-role.kubernetes.io/master",
"operator": "Exists"
}
]
| no |
+| [cloud\_monitoring\_container\_filter](#input\_cloud\_monitoring\_container\_filter) | To filter custom containers, specify the Cloud Monitoring containers to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data. | list(object({
type = string
parameter = string
name = string
})) | `[]` | no |
| [cloud\_monitoring\_enabled](#input\_cloud\_monitoring\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no |
| [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no |
| [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no |
diff --git a/chart/sysdig-agent/templates/configmap.yaml b/chart/sysdig-agent/templates/configmap.yaml
index cf046eb9..ce76334c 100644
--- a/chart/sysdig-agent/templates/configmap.yaml
+++ b/chart/sysdig-agent/templates/configmap.yaml
@@ -41,3 +41,15 @@ data:
- {{ $v.type }}: {{ $v.name }}
{{ end }}
{{- end -}}
+
+ {{ if .Values.container_filter -}}
+ # Enable the feature
+ use_container_filter: true
+
+ # Include or exclude conditions
+ container_filter:
+ {{ range $c := .Values.container_filter -}}
+ - {{ $c.type }}:
+ {{ $c.parameter }}: {{ $c.name }}
+ {{ end }}
+ {{- end -}}
diff --git a/chart/sysdig-agent/values.yaml b/chart/sysdig-agent/values.yaml
index 033bd197..cad5f0e8 100644
--- a/chart/sysdig-agent/values.yaml
+++ b/chart/sysdig-agent/values.yaml
@@ -22,3 +22,13 @@ metrics_filter: []
psp:
# true here enables creation of Pod Security Policy to allow the agent run with the required permissions
create: true
+
+container_filter: []
+# example:
+# container_filter:
+# - include:
+# container.image: appdomain/my-app-image
+# - include:
+# container.name: my-java-app
+# - exclude:
+# kubernetes.namespace.name: kube-system
diff --git a/examples/obs-agent-ocp/main.tf b/examples/obs-agent-ocp/main.tf
index 84b8d50e..be31e6e1 100644
--- a/examples/obs-agent-ocp/main.tf
+++ b/examples/obs-agent-ocp/main.tf
@@ -197,7 +197,8 @@ module "observability_agents" {
# Monitoring agent
cloud_monitoring_access_key = module.observability_instances.cloud_monitoring_access_key
# example of how to include / exclude metrics - more info https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_log_metrics
- cloud_monitoring_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }]
- cloud_monitoring_agent_tags = var.resource_tags
- cloud_monitoring_instance_region = module.observability_instances.region
+ cloud_monitoring_metrics_filter = [{ type = "exclude", name = "metricA.*" }, { type = "include", name = "metricB.*" }]
+ cloud_monitoring_container_filter = [{ type = "exclude", parameter = "kubernetes.namespace.name", name = "kube-system" }]
+ cloud_monitoring_agent_tags = var.resource_tags
+ cloud_monitoring_instance_region = module.observability_instances.region
}
diff --git a/main.tf b/main.tf
index df0f7eea..155c2d50 100644
--- a/main.tf
+++ b/main.tf
@@ -106,6 +106,8 @@ resource "helm_release" "cloud_monitoring_agent" {
metrics_filter = var.cloud_monitoring_metrics_filter
}), yamlencode({
tolerations = var.cloud_monitoring_agent_tolerations
+ }), yamlencode({
+ container_filter = var.cloud_monitoring_container_filter
})]
provisioner "local-exec" {
diff --git a/variables.tf b/variables.tf
index 005f2536..aa446330 100644
--- a/variables.tf
+++ b/variables.tf
@@ -82,6 +82,20 @@ variable "cloud_monitoring_metrics_filter" {
}
}
+variable "cloud_monitoring_container_filter" {
+ type = list(object({
+ type = string
+ parameter = string
+ name = string
+ }))
+ description = "To filter custom containers, specify the Cloud Monitoring containers to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data."
+ default = []
+ validation {
+ condition = length(var.cloud_monitoring_container_filter) == 0 || can(regex("^(include|exclude)$", var.cloud_monitoring_container_filter[0].type))
+ error_message = "Invalid input for `cloud_monitoring_container_filter`. Valid options for 'type' are: `include` and `exclude`. If empty, no containers are included or excluded."
+ }
+}
+
variable "cloud_monitoring_agent_tags" {
type = list(string)
description = "List of tags to associate to all matrics that the agent collects. NOTE: Use the 'cloud_monitoring_add_cluster_name' variable to add the cluster name as a tag."