Security and Compliance Center Workload Protection Agent module
A module for provisioning an IBM Cloud Security and Compliance Center Workload Protection agent. The module uses sysdig-deploy charts which deploys the following components into your cluster:
- Agent
- Node Analyzer
- KSPM Collector
Overview
terraform-ibm-scc-workload-protection-agent
Prerequisite
Security and Compliance Center Workload Protection Instance must be provision beforehand. Instance can be deployed with terraform-ibm-scc-workload-protection module.
Usage
module "scc_wp_agent {
source = "terraform-ibm-modules/scc-workload-protection-agent/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
access_key = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
cluster_name = "example-cluster-name"
region = "example-region"
endpoint_type = "public"
name = "example-name"
}
Required IAM access policies
You need the following permissions to run this module.
- Account Management
- IAM Services
- IBM Cloud Security and Compliance Center Workload Protection service
Editor
platform access
- IBM Cloud Security and Compliance Center Workload Protection service
- Kubernetes service
Viewer
platform accessManager
service access
- IAM Services
Requirements
Name | Version |
---|---|
terraform | >= 1.3.0, < 1.6.0 |
helm | >= 2.8.0 |
Modules
No modules.
Resources
Name | Type |
---|---|
helm_release.scc_wp_agent | resource |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_key | Security and Compliance Workload Protection instance access key. | string |
n/a | yes |
cluster_name | Cluster name to add Security and Compliance Workload Protection agent to. | string |
n/a | yes |
endpoint_type | Specify the endpoint (public or private) for the IBM Cloud Security and Compliance Center Workload Protection service. | string |
"private" |
no |
name | Helm release name. | string |
n/a | yes |
namespace | Namespace of the Security and Compliance Workload Protection agent. | string |
"ibm-scc-wp" |
no |
region | Region where Security and Compliance Workload Protection instance is created. | string |
n/a | yes |
Outputs
Name | Description |
---|---|
name | Helm chart release name. |
Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.