terraform-ibm-modules · ocofaigh · Jul 10, 2025 · Jul 9, 2025 · Jul 9, 2025 · Jul 9, 2025
@@ -1,12 +1,18 @@
-When attempting to deploy the agents to cluster nodes on RH CoreOS that have no public gateways enabled (and/or have outbound traffic disabled), the pods fail to come up with the error:
-```
-Download of sysdigcloud-probe for version 13.9.2 failed.
-curl: (28) Failed to connect to download.sysdig.com port 443: Connection timed out
-Cannot load the probe
-```
-
-This happens because the agent tries to connect to the kernel and for that it needs a kernel module (default behaviour):
-- If not available in the machine already, it tries to build it with the kernel headers
-- if kernel headers not available, it tries to download it
-
-To fix this, we need the ability to set the helm values `agent.ebpf.enabled` and `agent.ebpf.kind` if cluster is using nodes based on RHCOS by setting the terraform boolean input variable called `enable_universal_ebpf` to true. Enabling universal ebpf needs kernel version to be `5.8` or higher. RHEL8 already has the kernel headers and enabling `ebpf` will not cause any impact even though kernel version is `4.18`.
+## When to Enable `enable_universal_ebpf`
+
+For Clusters using Red Hat CoreOS (RHCOS) or RHEL 9 nodes with restricted outbound internet access, the monitoring agent pods may fail to start due to the inability to retrieve kernel modules which are necessary for the agent to connect with kernel.
+
+Setting the Terraform variable `enable_universal_ebpf` to `true` ensures the agent uses eBPF-based instrumentation, which avoids the need for external downloads and allows successful deployment in restricted environments.
+
+### When Should You Enable It?
+
+Set `enable_universal_ebpf` to true if:
+
+- Your cluster nodes run on RHCOS or RHEL 9 and do not have public or outbound internet access.
+- You want to avoid relying on dynamic downloads for kernel modules.
+
+### Kernel Compatibility
+
+- **RHCOS and RHEL9**: Since kernel version **5.14** is used. Default value for variable has been set to true.
+- **RHEL 8**: Although it uses kernel version **4.18**, the necessary kernel headers are pre-installed, so enabling eBPF is safe and has no impact.
+
@@ -235,6 +235,6 @@ variable "agent_limits_memory" {
 
 variable "enable_universal_ebpf" {
   type        = bool
-  description = "Deploy sysdig agent with universal eBPF enabled. It requires kernel version 5.8+. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/solutions/fully-configurable/DA-docs.md)."
+  description = "Deploy monitoring agent with universal eBPF enabled. It requires kernel version 5.8+. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/solutions/fully-configurable/DA-docs.md)."
   default     = true
 }
@@ -259,6 +259,6 @@ variable "agent_limits_memory" {
 
 variable "enable_universal_ebpf" {
   type        = bool
-  description = "Deploy sysdig agent with universal eBPF enabled. It requires kernel version 5.8+."
+  description = "Deploy monitoring agent with universal eBPF enabled. It requires kernel version 5.8+. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/tree/main/solutions/fully-configurable/DA-docs.md)."
   default     = true
 }