This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Post-Install Configuration

    Sysdig will deprecate support for Replicated installs in the coming months. If you are a new customer considering installing with Replicated, please contact Sysdig support.

    These configurations are optional.

    Replace a Self-Signed Cert with Custom Cert

    This process differs depending on how you installed the Sysdig Platform.

    For Kubernetes Installer Installs

    If you installed the Sysdig Platform on Kubernetes or OpenShift using the Installer, the Installer automatically generates a self-signed cert on the fly. To use a different certificate you would:

    • Add your cert and key to the /certs directory ex: (server.crt, server.key)

    • Update values.yaml:

          crt: certs/server.crt
          key: certs/server.key
    • Rerun the Installer.

    The Readme gives full details on sysdig.certificate.crt and sysdig.certificate.key.

    For Kubernetes Manual Installs

    If you installed the Sysdig Platform manually on Kubernetes or OpenShift, the steps for managing the certs are described in Step 5 of the installation procedures:

    For Replicated Installs

    If you installed the Sysdig Platform using Replicated and you accepted the self-signed certificate for SSL/TLS communication when installing the Sysdig components (see Define Basic Settings & License Info ), you can exchange for a custom certificate as follows:

    • Log in to the Replicated Management Console and select the Gear icon > Console Settings.

    • Click Upload certificate and it will automatically replace the original self-signed certificate.

    Optional: Custom Self-Signed Certificat

    Sysdig Monitor/Cloud/etc uses a self-signed SSL/TLS security certificate, unless a custom certificate is provided.

    The example command below creates a custom, unsigned certificate called MyCert.pem; the certificate has a private key called MyCert.key, and is valid for five years:

    sudo openssl req -new -x509 -sha256 -days 1825 -nodes -out ./MyCert.pem -keyout ./MyCert.key