Airgapped Agent Installation

Airgapped environments are those that do not have the network access to pull images from the container repository. Agent installation requires sysdigcloud-probe and you cannot download a pre-compiled module in an airgapped environment. Therefore, ensure that you compile your own sysdigcloud-probe before installing the agent.

Prepare the Sysdig Probe Builder Images

On a machine with internet connectivity, build the Sysdig probe container and create a tar file of the image.

  1. Get the probe builder artifacts from the repository:

    $ git clone https://github.com/draios/sysdig
$ git checkout probe-builder
$ cd sysdig

  2. Build the container image:

    $ docker build -t airgap/sysdig-probe-builder probe-builder/

  3. Create the container and run:

    $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock airgap/sysdig-probe-builder:latest -P -b airgap/

  4. Save the images to a tar archive:

    $ docker save airgap/sysdig-probe-builder | gzip > builders.tar.gz

    Ensure that you make this tar available to the airgapped machines where you intend to install the Sysdig agent.

Set Up Kernel Module

  1. Set up a local repository to host the pre-compiled kernel module:

    $ kubectl run my-nginx --image=nginx --port=80
$ kubectl expose deployment my-nginx --port=80 --type=NodePort

  2. Copy sysdigcloud-probe to the repository you have created:

    $ kubectl cp sysdigcloud-probe-<version> my-nginx-xxxxxxxx-xxxx:/usr/share/nginx

Install Agent in Docker Environment

  1. Install Sysdig agent by pointing SYSDIG_PROBE_URL to the local repository:

    For docker-based installations:

    $ docker run -d --name sysdig-agent --restart always --privileged --net host --pid host -e ACCESS_KEY=WWWWW-YYYY-XXXX-ZZZZ-123456789 -e SECURE=true -e SYSDIG_PROBE_URL=http://www.mywebserver.net:80/ -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --shm-size=512m sysdig/agent

    Where -e SYSDIG_PROBE_URL=http://www.mywebserver:80/ is the local nginx pod with the loaded module.

    Note

    To use secure communication with a self-signed or untrusted certificate, apply the -e SYSDIG_PROBE_INSECURE_DOWNLOAD=true environment variable.

  2. Check the agent log. You will see a similar message:

    Found custom module URL http://mywebserver:80/, will use it * Trying to download precompiled module from http://mywebserver:80/sysdigcloud-probe-<version>

  3. Continue with the instructions in Agent Install: Non-Orchestrated.

Install Agent in Kubernetes Environment

  1. Open your agent daemonset and update the SYSDIG_PROBE_URL to point to the local repository:

    - name: SYSDIG_PROBE_URL
  value: http://www.mywebserver:80/

    If you would like to use secure communication with a self-signed or untrusted certificate, apply the SYSDIG_PROBE_INSECURE_DOWNLOAD environment variable.

    - name: SYSDIG_PROBE_INSECURE_DOWNLOAD
  value: true

  2. Continue with the instructions in Agent Install: Kubernetes.