Airgapped Agent Installation
Airgapped environments are those that do not have the network access to pull images from the container repository. Agent installation requires sysdigcloud-probe
and you cannot download a pre-compiled module in an airgapped environment. Therefore, ensure that you compile your own sysdigcloud-probe
before installing the agent.
Prepare the Sysdig Probe Builder Images
On a machine with internet connectivity, build the Sysdig probe container and create a tar file of the image.
Get the probe builder artifacts from the repository:
$ git clone https://github.com/draios/sysdig $ git checkout probe-builder $ cd sysdig
Build the container image:
$ docker build -t airgap/sysdig-probe-builder probe-builder/
Create the container and run:
$ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock airgap/sysdig-probe-builder:latest -P -b airgap/
Save the images to a tar archive:
$ docker save airgap/sysdig-probe-builder | gzip > builders.tar.gz
Ensure that you make this tar available to the airgapped machines where you intend to install the Sysdig agent.
Set Up Kernel Module
Set up a local repository to host the pre-compiled kernel module:
$ kubectl run my-nginx --image=nginx --port=80 $ kubectl expose deployment my-nginx --port=80 --type=NodePort
Copy
sysdigcloud-probe
to the repository you have created:$ kubectl cp sysdigcloud-probe-<version> my-nginx-xxxxxxxx-xxxx:/usr/share/nginx
Install Agent in Docker Environment
Install Sysdig agent by pointing
SYSDIG_PROBE_URL
to the local repository:For docker-based installations:
$ docker run -d --name sysdig-agent --restart always --privileged --net host --pid host -e ACCESS_KEY=WWWWW-YYYY-XXXX-ZZZZ-123456789 -e SECURE=true -e SYSDIG_PROBE_URL=http://www.mywebserver.net:80/ -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --shm-size=512m sysdig/agent
Where
-e SYSDIG_PROBE_URL=http://www.mywebserver:80/
is the localnginx
pod with the loaded module.Note
To use secure communication with a self-signed or untrusted certificate, apply the
-e SYSDIG_PROBE_INSECURE_DOWNLOAD=true
environment variable.Check the agent log. You will see a similar message:
Found custom module URL http://mywebserver:80/, will use it * Trying to download precompiled module from http://mywebserver:80/sysdigcloud-probe-<version>
Continue with the instructions in Agent Install: Non-Orchestrated.
Install Agent in Kubernetes Environment
Open your agent daemonset and update the
SYSDIG_PROBE_URL
to point to the local repository:- name: SYSDIG_PROBE_URL value: http://www.mywebserver:80/
If you would like to use secure communication with a self-signed or untrusted certificate, apply the
SYSDIG_PROBE_INSECURE_DOWNLOAD
environment variable.- name: SYSDIG_PROBE_INSECURE_DOWNLOAD value: true
Continue with the instructions in Agent Install: Kubernetes.