Agent Installation
Sysdig agents are delivered as either a container or a service and can be deployed with or without an orchestrator such as Kubernetes or Mesos.
A quick install involves just a few lines of code from the Getting Started wizard copied into a shell. The complete install instructions address checking for and installing kernel headers if needed, any prerequisite permissions settings for particular environments, and tips about updating the configuration files after initial installation.
Plan the Installation
Topic | Description |
|---|---|
Review the platforms, runtimes, Linux distributions, orchestration, browsers, etc. that are supported. | |
An agent access key is provided with a Sysidg trial | |
Different ways in which you can install Sysdig agent. | |
Troubleshooting tips for agent installation, tuning agents, and compiling kernel modules. |
Installation Options
In the default mode of agent installation, you install the agent package as two containers, each container responsible for different functions as given below. The agent-slim reduces the surface area of attack for potential vulnerabilities and is, therefore, more secure.
agent-kmodule: Responsible for downloading and building the kernel module. The image is short-lived. The container exits after the kernel module is loaded. The transient nature of the container reduces the time and opportunities for exploiting any potential vulnerabilities present in the container image.Prerequisites: The package depends on Dynamic Kernel Module Support (DKMS) and requires the compiler and kernel headers installed if you are using the
agent-kmoduleto build the kernel probe. Alternatively, you can use it without the kernel headers. In such cases, theagent-kmodulewill attempt to download a pre-built kernel probe if it is present in the Sysdig probe repository.The module contains:
The driver sources
A post-install script that builds the module upon installation
agent-slim: Responsible for running the agent module once the kernel module has been loaded. Slim agent functions the same way as the regular agent and retains the feature parity.
Use the instruction below to install agent on your chosen environment:
| Environment | Flavor | Installation | Install Instructions |
|---|---|---|---|
| Kubernetes | Open Source | Helm and manual | Install Agent on Kubernetes |
| OpenShift | Helm and manual | Install Agent on OpenShift | |
| GKE | Helm and manual | Install Agent on GKE | |
| Rancher | Helm and manual | Install Agent on Rancher | |
| OKE | Helm and manual | Install Agent on OKE | |
| Non-Orchestrated | Manual | Install Agent on Non-Orchestrated Environment |
Legacy Agent: The legacy agent can be run as a single container or a service. It includes the components for downloading and building the kernel module, as well as for gathering and reporting on a wide variety of pre-defined metrics. For more information, see Installing Agent as a Single Container.
Helm
Helm is the preferred way of installing Sysdig agent. It is used in most cloud environments, for example, Amazon EKS or EC2 on AWS Cloud or AWS Outpost, EC2, and Azure AKS.
- Deploy Agent on Kubernetes Using Helm Charts
- Deploy Agent on OpenShift Using Helm Charts
- Deploy Agent on GKE Using Helm Charts
- Deploy Agent on Rancher Using Helm Charts
- Deploy Agent on OKE Using Helm Charts
Manual
With the Getting Started wizard, you can copy a simple line of code to deploy agents in a variety of environments.
Behind the scenes, the wizard auto-detects and completes configuration items such as the required access key and port information. The wizard can also be launched from the Start a Free Trial button at sysdig.com.
After the first install, Sysdig Secure and Monitor users can access the wizard at any time from the Rocket icon on the navigation bar.
| Environment | Flavor | Install Instructions |
|---|---|---|
| Kubernetes | Open Source | Helm is the preferred way of installing Sysdig agent. It is used in most cloud environments, for example, Amazon EKS or EC2 on AWS Cloud or AWS Outpost, EC2, and Azure AKS. |
| OpenShift | ||
| GKE | Used for Google Kubernetes Service environment. | |
| Rancher | ||
| OKE | ||
| IKS | IBM manages and documents Sysdig installs as part of IKS. IBM Cloud Monitoring | |
| Non-Orchestrated | Used when there is no orchestrator such as Kubernetes. Install Agent on Non-Orchestrated Environment. | |
| Linux | Rare, used with custom kernel headers, unique use cases Agent Install: Manual Linux Installation. | |
| Mesos |Marathon|DCOS | Agent Install: Mesos |Marathon |DCOS. |
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified May 17, 2022