feat: support prometheus scrape configuration in sysdig-agent

README.md

@@ -129,6 +129,7 @@ You need the following permissions to run this module.
 | <a name="input_cloud_monitoring_enabled"></a> [cloud\_monitoring\_enabled](#input\_cloud\_monitoring\_enabled) | Deploy IBM Cloud Monitoring agent | `bool` | `true` | no |
 | <a name="input_cloud_monitoring_endpoint_type"></a> [cloud\_monitoring\_endpoint\_type](#input\_cloud\_monitoring\_endpoint\_type) | Specify the IBM Cloud Monitoring instance endpoint type (public or private) to use. Used to construct the ingestion endpoint. | `string` | `"private"` | no |
 | <a name="input_cloud_monitoring_instance_region"></a> [cloud\_monitoring\_instance\_region](#input\_cloud\_monitoring\_instance\_region) | The IBM Cloud Monitoring instance region. Used to construct the ingestion endpoint. | `string` | `null` | no |
+| <a name="input_cloud_monitoring_prometheus_scrape_configs"></a> [cloud_monitoring_prometheus_scrape_configs](#input_cloud_monitoring_prometheus_scrape_configs) | Optional multi-line YAML string to customize Prometheus scraping behavior, including relabeling, TLS settings, and target selection. Provide the full `scrape_configs` YAML block as a string. | `string` | `""` | no |
 | <a name="input_cloud_monitoring_metrics_filter"></a> [cloud\_monitoring\_metrics\_filter](#input\_cloud\_monitoring\_metrics\_filter) | To filter custom metrics, specify the Cloud Monitoring metrics to include or to exclude. See https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_inc_exc_metrics. | <pre>list(object({<br/>    type = string<br/>    name = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_cloud_monitoring_secret_name"></a> [cloud\_monitoring\_secret\_name](#input\_cloud\_monitoring\_secret\_name) | The name of the secret which will store the access key. | `string` | `"sysdig-agent"` | no |
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |

chart/sysdig-agent/templates/configmap.yaml

@@ -53,3 +53,8 @@ data:
             {{ $c.parameter }}: {{ $c.name }}
       {{ end }}
     {{- end -}}
+
+  {{- if .Values.prometheus_scrape_configs }}
+  prometheus.yaml: |
+{{ .Values.prometheus_scrape_configs | indent 4 }}
+  {{- end }}

chart/sysdig-agent/values.yaml

@@ -32,3 +32,25 @@ container_filter: []
 #         container.name: my-java-app
 #   - exclude:
 #         kubernetes.namespace.name: kube-system
+
+# Prometheus scrape_configs override
+prometheus_scrape_configs: ""
+# example Prometheus scrape_configs YAML
+# scrape_configs:
+# - job_name: 'k8s-pods'
+#   tls_config:
+#     insecure_skip_verify: true
+#   kubernetes_sd_configs:
+#   - role: pod
+#   relabel_configs:
+#   - action: keep
+#     source_labels: [__meta_kubernetes_pod_host_ip]
+#     regex: __HOSTIPS__
+#   - action: keep
+#     source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
+#     regex: true
+#   metric_relabel_configs:
+#   - source_labels: [__name__]
+#     regex: (ClickHouseMetrics_DistributedFilesToInsert)
+#     action: keep
+

main.tf

@@ -98,8 +98,11 @@ resource "helm_release" "cloud_monitoring_agent" {
     tolerations = var.cloud_monitoring_agent_tolerations
     }), yamlencode({
     container_filter = var.cloud_monitoring_container_filter
+    }), yamlencode({
+    prometheus_scrape_configs = var.cloud_monitoring_prometheus_scrape_configs
   })]
 
+
   provisioner "local-exec" {
     command     = "${path.module}/scripts/confirm-rollout-status.sh ${var.cloud_monitoring_agent_name} ${var.cloud_monitoring_agent_namespace}"
     interpreter = ["/bin/bash", "-c"]

variables.tf

@@ -112,6 +112,13 @@ variable "cloud_monitoring_metrics_filter" {
   }
 }
 
+variable "cloud_monitoring_prometheus_scrape_configs" {
+  description = "Optional multi-line YAML string defining Prometheus scrape_configs to be injected into the Sysdig agent's configuration ConfigMap under prometheus.yaml. This allows customization of Prometheus scraping behavior, including relabeling, TLS settings, and target selection. Provide the full scrape_configs YAML block as a string."
+  type        = string
+  default     = ""
+}
+
+
 variable "cloud_monitoring_container_filter" {
   type = list(object({
     type      = string