feat: add configuration options to enable/disable app checks and JMX features using new input enable_app_checks and enable_jmx (both true by default). (#265)

Author: jor2

README.md

@@ -133,7 +133,9 @@ No modules.
 | <a name="input_cluster_shield_requests_memory"></a> [cluster\_shield\_requests\_memory](#input\_cluster\_shield\_requests\_memory) | Specify memory resource requests for the cluster shield pods. | `string` | `"512Mi"` | no |
 | <a name="input_container_filter"></a> [container\_filter](#input\_container\_filter) | Customize the agent to exclude containers from metrics collection. For more info, see https://cloud.ibm.com/docs/monitoring?topic=monitoring-change_kube_agent#change_kube_agent_filter_data | <pre>list(object({<br/>    type      = string<br/>    parameter = string<br/>    name      = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_deployment_tag"></a> [deployment\_tag](#input\_deployment\_tag) | Sets a global tag that will be included in the components. It represents the mechanism from where the components have been installed (terraform, local...). | `string` | `"terraform"` | no |
+| <a name="input_enable_app_checks"></a> [enable\_app\_checks](#input\_enable\_app\_checks) | Enable application checks to collect metrics from specific applications like MongoDB, Redis, etc. Set to false to reduce error logs in environments where these applications are not present or monitored. | `bool` | `true` | no |
 | <a name="input_enable_host_scanner"></a> [enable\_host\_scanner](#input\_enable\_host\_scanner) | Enable host scanning to detect vulnerabilities and identify the resolution priority based on available fixed versions and severity. Requires a Security and Compliance Center Workload Protection instance to view results. | `bool` | `true` | no |
+| <a name="input_enable_jmx"></a> [enable\_jmx](#input\_enable\_jmx) | Enable JMX metrics collection from Java Virtual Machines. Set to false to reduce resource usage and error logs in environments without Java applications. | `bool` | `true` | no |
 | <a name="input_enable_kspm_analyzer"></a> [enable\_kspm\_analyzer](#input\_enable\_kspm\_analyzer) | Enable Kubernetes Security Posture Management (KSPM) analyzer. Requires a Security and Compliance Center Workload Protection instance to view results. | `bool` | `true` | no |
 | <a name="input_enable_universal_ebpf"></a> [enable\_universal\_ebpf](#input\_enable\_universal\_ebpf) | Deploy monitoring agent with universal extended Berkeley Packet Filter (eBPF) enabled. It requires kernel version 5.8+. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-monitoring-agent/blob/main/solutions/fully-configurable/DA-docs.md#when-to-enable-enable_universal_ebpf) | `bool` | `true` | no |
 | <a name="input_existing_access_key_secret_name"></a> [existing\_access\_key\_secret\_name](#input\_existing\_access\_key\_secret\_name) | An alternative to using `access_key`. Specify the name of an existing Kubernetes secret containing the access key in the same namespace that is defined in the `namespace` input. Either `access_key` or `existing_access_key_secret_name` is required. | `string` | `null` | no |

ibm_catalog.json

@@ -348,6 +348,12 @@
               "key": "enable_kspm_analyzer",
               "required": true
             },
+            {
+              "key": "enable_app_checks"
+            },
+            {
+              "key": "enable_jmx"
+            },
             {
               "key": "use_private_endpoint"
             },

main.tf

@@ -210,6 +210,9 @@ resource "helm_release" "cloud_monitoring_agent" {
         "enabled": ${var.enable_host_scanner}
       "kspm_analyzer":
         "enabled": ${var.enable_kspm_analyzer}
+      "app_checks_enabled": ${var.enable_app_checks}
+      "jmx":
+        "enabled": ${var.enable_jmx}
       "sysdig_api_endpoint": ${local.api_host}
       "blacklisted_ports":
 %{for port in var.blacklisted_ports~}

solutions/fully-configurable/main.tf

@@ -65,6 +65,8 @@ module "monitoring_agent" {
   deployment_tag                  = var.deployment_tag
   enable_host_scanner             = var.enable_host_scanner
   enable_kspm_analyzer            = var.enable_kspm_analyzer
+  enable_app_checks               = var.enable_app_checks
+  enable_jmx                      = var.enable_jmx
   cluster_shield_deploy           = var.cluster_shield_deploy
   cluster_shield_image_tag_digest = var.cluster_shield_image_tag_digest
   cluster_shield_image_repository = var.cluster_shield_image_repository

solutions/fully-configurable/variables.tf

@@ -352,6 +352,18 @@ variable "enable_kspm_analyzer" {
   default     = true
 }
 
+variable "enable_app_checks" {
+  type        = bool
+  description = "Enable application checks to collect metrics from specific applications like MongoDB, Redis, etc. Set to false to reduce error logs in environments where these applications are not present or monitored."
+  default     = true
+}
+
+variable "enable_jmx" {
+  type        = bool
+  description = "Enable JMX metrics collection from Java Virtual Machines. Set to false to reduce resource usage and error logs in environments without Java applications."
+  default     = true
+}
+
 variable "cluster_shield_deploy" {
   type        = bool
   description = "Deploy the Cluster Shield component to provide runtime detection and policy enforcement for Kubernetes workloads. If enabled, a Kubernetes Deployment will be deployed to your cluster using helm."

variables.tf

@@ -357,6 +357,18 @@ variable "enable_kspm_analyzer" {
   default     = true
 }
 
+variable "enable_app_checks" {
+  type        = bool
+  description = "Enable application checks to collect metrics from specific applications like MongoDB, Redis, etc. Set to false to reduce error logs in environments where these applications are not present or monitored."
+  default     = true
+}
+
+variable "enable_jmx" {
+  type        = bool
+  description = "Enable JMX metrics collection from Java Virtual Machines. Set to false to reduce resource usage and error logs in environments without Java applications."
+  default     = true
+}
+
 variable "cluster_shield_deploy" {
   type        = bool
   description = "Deploy the Cluster Shield component to provide runtime detection and policy enforcement for Kubernetes workloads. If enabled, a Kubernetes Deployment will be deployed to your cluster using helm."