Configuration Library

The Sysdig configuration library lists all the major configurations supported by Sysdig agent components. This document is evolving and will be updated as new configurations are added to the product.

Generic Configuration

Configuration	dragent.yaml	Helm	Description	Default and Example
Cluster	`k8s_cluster_name`	`global.clusterConfig.name`	Identifier for the Kubernetes cluster where you install the agent. For more information, see Agent Configuration.	For example, `ec2_cluster`
Access Key	`customerid`	global.sysdig.accessKey	See Sysdig Agent Access Keys to learn how to retrieve the agent keys.
Secret	N/A	`global.sysdig.accessKeySecret`	The name of a Kubernetes secret containing an access-key entry.
Region	N/A	`global.sysdig.region`	The SaaS region where the agent is installed. Possible values include: `us1`, `us2`, `us3`, `us4`, `eu1`, `au1`, and `custom`. See Regions and IP Ranges for more information.	`us1`
Global Tags	`tags`	`global.sysdig.tags`	Sets the global tags which can override agent tags. See Quick Install Sysdig Agent for more information
Agent Tags	`tags`		The list of tags to identify the host where the agent is installed. For example: `role:webserver`, `location:europe`, `role:webserver`. See Quick Install Sysdig Agent for more information.
Proxy	`http_proxy`	`global.proxy.httpProxy`	Allows the agent to communicate with Sysdig collector through a `http_proxy`. See Enable HTTP Proxy for Agents for more information.
HTTP Proxy Host	`http_proxy.proxy_host`		The host IP of the proxy server.
HTTP Proxy Port	`http_proxy.proxy_port`		See Enable HTTP Proxy for Agents for more information.
	`http_proxy.proxy_user`		See Enable HTTP Proxy for Agents for more information.
	`http_proxy.proxy_password`		See Enable HTTP Proxy for Agents for more information.
	`http_proxy.ssl`		See Enable HTTP Proxy for Agents for more information.
	`http_proxy.ssl_verify_certificate`		See Enable HTTP Proxy for Agents for more information.
	`http_proxy.ca_certificate`		See Enable HTTP Proxy for Agents for more information.
Collector		`collectorSettings.collectorHost`	Enter the hostname or IP address of the Sysdig collector service. Note that when used within `dragent.yaml`, must be lowercase collector. See On-Premises Installation for more information.
Collector Port			On-prem only. The port used by the Sysdig collector service.	6443
eBPF	N/A	`ebpf.enabled`	Set to `true` to enable the agent Universal eBPF (Technical Preview) or the current eBPF driver.	The default is `false`.
	N/A	`ebpf.kind`	Set to `universal_ebpf` to enable the Universal eBPF (Technical Preview) driver. Set to `legacy_ebpf` to enable the eBPF driver. *Note:* `ebpf.enabled` must also be set to `true` for this configuration to work.
FIPS mode	`fips_mode`		Optional. Set to `true` for the agent to use a FIPS-validated crypto module to encrypt the communication between the agent and the Sysdig backend. The agent will log `FIPS mode is enabled` if a FIPS-validated crypto module was successfully loaded.	The default is `false`.
OpenSSL Library Location	`openssl_lib`		Version 12.16.x: Required when `fips_mode` is set to `true`. Path to the directory containing user-provided OpenSSL v1.1.1 shared library files: `libcrypto.so.1`, and `libssl.so.1`. User-provided OpenSSL libraries must contain a FIPS-validated crypto module if setting `fips_mode` to `true`. Version 12.17.0 and newer: Optional. Path to the directory containing user-provided OpenSSL v3.x shared library files: `libcrypto.so.3`, and `libssl.so.3`. User-provided OpenSSL libraries must contain a FIPS-validated crypto module if setting `fips_mode` to `true`.	By default, the agent uses bundled OpenSSL shared libraries.
OpenSSL Configuration File Location	`openssl_conf`		Version 13.0 and newer: Required when `openssl_lib` is used to point the agent to a custom OpenSSL v3.x library. If `fips_mode` is set to `true`, the configuration file specified by `openssl_conf` must contain the properties specified in the "Making all applications use the FIPS module by default" section of fips_module(7) man page. If the `OPENSSL_CONF` environment variable is also set, it will take precedence over the `openssl_conf` value.	By default, the agent uses OpenSSL configuration files included with its bundled libraries.
Instance Metadata Service (IMDS)	`imds_version`		Optional. Enables token-based communication with the Amazon Web Service (AWS) metadata service IMDSv2.	The default is `1`. However, the agent internally upgrades the IMDS version to IMDSv2 when the IMDSv1 API call returns a "Not Authorized" error. You can ignore the INFO level message stating to change the configuration to 2.

Learn More

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.