From 20db792da3161224d639f5cde14033e3700cfd1f Mon Sep 17 00:00:00 2001
From: Yuvraj Singh <Yuvraj.Singh3@ibm.com>
Date: Mon, 21 Jul 2025 16:21:53 +0530
Subject: [PATCH] add support for prometheus scrape config

add support for prometheus scrape config in sysdig agent configmap
---
 README.md                                   |  1 +
 chart/sysdig-agent/templates/configmap.yaml |  5 +++++
 chart/sysdig-agent/values.yaml              | 22 +++++++++++++++++++++
 main.tf                                     |  3 +++
 variables.tf                                |  7 +++++++
 5 files changed, 38 insertions(+)

diff --git a/README.md b/README.md
index a8bd86c2..7a834436 100644
--- a/README.md
+++ b/README.md
@@ -129,6 +129,7 @@ You need the following permissions to run this module.
 | <a name="input_cloud_monitoring_enabled"></a> [cloud\_monitoring\_enabled](#input\_cloud\_monitoring\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no |
 | <a name="input_cloud_monitoring_endpoint_type"></a> [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no |
 | <a name="input_cloud_monitoring_instance_region"></a> [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no |
+| <a name="input_cloud_monitoring_prometheus_scrape_configs"></a> [cloud_monitoring_prometheus_scrape_configs](#input_cloud_monitoring_prometheus_scrape_configs) | Optional multi-line YAML string to customize Prometheus scraping behavior, including relabeling, TLS settings, and target selection. Provide the full `scrape_configs` YAML block as a string. | `string` | `""` | no |
 | <a name="input_cloud_monitoring_metrics_filter"></a> [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | <pre>list(object({<br/>    type = string<br/>    name = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_cloud_monitoring_secret_name"></a> [cloud\_monitoring\_secret\_name](#input\_cloud\_monitoring\_secret\_name) | The name of the secret which will store the access key. | `string` | `"sysdig-agent"` | no |
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |
diff --git a/chart/sysdig-agent/templates/configmap.yaml b/chart/sysdig-agent/templates/configmap.yaml
index ce76334c..00b9e351 100644
--- a/chart/sysdig-agent/templates/configmap.yaml
+++ b/chart/sysdig-agent/templates/configmap.yaml
@@ -53,3 +53,8 @@ data:
             {{ $c.parameter }}: {{ $c.name }}
       {{ end }}
     {{- end -}}
+
+  {{- if .Values.prometheus_scrape_configs }}
+  prometheus.yaml: |
+{{ .Values.prometheus_scrape_configs | indent 4 }}
+  {{- end }}
diff --git a/chart/sysdig-agent/values.yaml b/chart/sysdig-agent/values.yaml
index cad5f0e8..4efa5591 100644
--- a/chart/sysdig-agent/values.yaml
+++ b/chart/sysdig-agent/values.yaml
@@ -32,3 +32,25 @@ container_filter: []
 #         container.name: my-java-app
 #   - exclude:
 #         kubernetes.namespace.name: kube-system
+
+# Prometheus scrape_configs override
+prometheus_scrape_configs: ""
+# example Prometheus scrape_configs YAML
+# scrape_configs:
+# - job_name: 'k8s-pods'
+#   tls_config:
+#     insecure_skip_verify: true
+#   kubernetes_sd_configs:
+#   - role: pod
+#   relabel_configs:
+#   - action: keep
+#     source_labels: [__meta_kubernetes_pod_host_ip]
+#     regex: __HOSTIPS__
+#   - action: keep
+#     source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
+#     regex: true
+#   metric_relabel_configs:
+#   - source_labels: [__name__]
+#     regex: (ClickHouseMetrics_DistributedFilesToInsert)
+#     action: keep
+
diff --git a/main.tf b/main.tf
index fbfe8faa..fac2d564 100644
--- a/main.tf
+++ b/main.tf
@@ -98,8 +98,11 @@ resource "helm_release" "cloud_monitoring_agent" {
     tolerations = var.cloud_monitoring_agent_tolerations
     }), yamlencode({
     container_filter = var.cloud_monitoring_container_filter
+    }), yamlencode({
+    prometheus_scrape_configs = var.cloud_monitoring_prometheus_scrape_configs
   })]
 
+
   provisioner "local-exec" {
     command     = "${path.module}/scripts/confirm-rollout-status.sh ${var.cloud_monitoring_agent_name} ${var.cloud_monitoring_agent_namespace}"
     interpreter = ["/bin/bash", "-c"]
diff --git a/variables.tf b/variables.tf
index f01b85f9..bc66d2b1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -112,6 +112,13 @@ variable "cloud_monitoring_metrics_filter" {
   }
 }
 
+variable "cloud_monitoring_prometheus_scrape_configs" {
+  description = "Optional multi-line YAML string defining Prometheus scrape_configs to be injected into the Sysdig agent's configuration ConfigMap under prometheus.yaml. This allows customization of Prometheus scraping behavior, including relabeling, TLS settings, and target selection. Provide the full scrape_configs YAML block as a string."
+  type        = string
+  default     = ""
+}
+
+
 variable "cloud_monitoring_container_filter" {
   type = list(object({
     type      = string