Embedded Container Image
Prerequisites
You will need to have deployed the orchestrator agent, as explained in the CloudFormation and Terraform Installation section.
Deployment Steps
Update your Dockerfile to copy the Sysdig Workload Agent files into your container image. Use the
COPY
command to copy the files from the Sysdig Workload Agent image into your container image. For example:ARG sysdig_agent_version=latest FROM quay.io/sysdig/workload-agent:$sysdig_agent_version AS workload-agent FROM my_original_base COPY --from=workload-agent /opt/draios /opt/draios
In this example, the
ARG
command specifies the version of the Sysdig Workload Agent to use, which defaults to the latest version if not specified. TheFROM
command pulls the Sysdig Workload Agent image, and theCOPY
command copies the /opt/draios directory from the image into your container image.Modify the
ENTRYPOINT
of your container to prepend the/opt/draios/bin/instrument
command to the original entrypoint. This ensures that the Sysdig instrumentation is run before the original entrypoint.For example:
ENTRYPOINT ["/opt/draios/bin/instrument", "my", "original", "entry", "point"]
Replace
my
,original
,entry
, andpoint
with the appropriate values for your container’s original entrypoint.Specify the Sysdig orchestrator you want to use by setting the
SYSDIG_ORCHESTRATOR
andSYSDIG_ORCHESTRATOR_PORT
environment variables in your Dockerfile.For example:
ENV SYSDIG_ORCHESTRATOR=orchestrator.elb.us-east-1.amazonaws.com \ SYSDIG_ORCHESTRATOR_PORT=6667
Replace
orchestrator.elb.us-east-1.amazonaws.com
and6667
with the appropriate values for your Sysdig orchestrator.Build and push the instrumented container image to your container registry, just like you would with any other container image.
For example:
docker build -t my_instrumented_image . docker push my_instrumented_image
Ensure that the architecture of the image matches the CPU architecture of your Fargate RuntimePlatform. For example, if you’re using an
X86_64
Fargate RuntimePlatform, you’ll need to build your image using anX86_64
system, or use the Docker experimental feature for building for different platforms.
With these steps, you can instrument your container image with the Sysdig Workload Agent at build time, instead of using serverless-patcher
to instrument your CloudFormation template.
Next Steps
After the deployment completes, security-related events will be visible in the Sysdig Secure Events feed.
Optionally, you can perform advanced Configuration steps.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.