/terraform-ibm-scc-workload-protection-agent

A module that supports deploying the Security and Compliance Center Workload Protection agent

Primary LanguageHCLApache License 2.0Apache-2.0

Security and Compliance Center Workload Protection Agent module

Stable (With quality checks) latest release pre-commit Renovate enabled semantic-release

A module for provisioning an IBM Cloud Security and Compliance Center Workload Protection agent. The module uses sysdig-deploy charts which deploys the following components into your cluster:

  • Agent
  • Node Analyzer
  • KSPM Collector

Overview

terraform-ibm-scc-workload-protection-agent

Prerequisite

Security and Compliance Center Workload Protection Instance must be provision beforehand. Instance can be deployed with terraform-ibm-scc-workload-protection module.

Usage

module "scc_wp_agent {
    source             = "terraform-ibm-modules/scc-workload-protection-agent/ibm"
    version            = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
    access_key         = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
    cluster_name       = "example-cluster-name"
    region             = "example-region"
    endpoint_type      = "public"
    name               = "example-name"
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • IAM Services
      • IBM Cloud Security and Compliance Center Workload Protection service
        • Editor platform access
    • Kubernetes service
      • Viewer platform access
      • Manager service access

Requirements

Name Version
terraform >= 1.3.0, < 1.6.0
helm >= 2.8.0

Modules

No modules.

Resources

Name Type
helm_release.scc_wp_agent resource

Inputs

Name Description Type Default Required
access_key Security and Compliance Workload Protection instance access key. string n/a yes
cluster_name Cluster name to add Security and Compliance Workload Protection agent to. string n/a yes
endpoint_type Specify the endpoint (public or private) for the IBM Cloud Security and Compliance Center Workload Protection service. string "private" no
name Helm release name. string n/a yes
namespace Namespace of the Security and Compliance Workload Protection agent. string "ibm-scc-wp" no
region Region where Security and Compliance Workload Protection instance is created. string n/a yes

Outputs

Name Description
name Helm chart release name.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.