Steps for Rancher

Preparation

General Requirements

You can review Agent Install: Kubernetes | GKE | OpenShift | IBM and the Agent Installation Requirements for additional context, if desired.

Kernel Headers

The Sysdig agent requires a kernel module in order to be installed successfully on a host. On RancherOS distributions, the Unix version does not match the provided headers, and the agent might fail to install correctly. Therefore, you must install the kernel headers manually.

For RancherOS distributions, the kernel headers are available in the form of a system service and therefore are enabled using the ros service command:

$ sudo ros service enable kernel-headers-system-docker
$ sudo ros service up -d kernel-headers-system-docker

Some cloud hosting service providers supply pre-configured Linux instances with customized kernels. You may need to contact your provider’s support desk for instructions on obtaining appropriate header files, or for installing the distribution’s default kernel.

Installation

Helm

Sysdig recommends using helm charts to install Sysdig agent in Kubernetes environments. For the latest chart and installation instructions, see sysdig-deploy.

Manifests

To deploy agents using Kubernetes manifests, you can download the manifest files, edit them as required, and deploy them using kubectl.

Download the sample files:
- sysdig-agent-clusterrole.yaml
- sysdig-agent-daemonset-v2.yaml
- sysdig-agent-configmap.yaml
- sysdig-agent-service.yaml
Create a namespace to use for the Sysdig agent.
You can use whatever naming you prefer. This document uses sysdig-agent for both the namespace and the service account.
The default service account name was automatically defined in sysdig-agent-daemonset-v2.yaml, at the line: serviceAccount: sysdig-agent.
```
kubectl create ns sysdig-agent
```

Create a secret key:

kubectl create secret generic sysdig-agent --from-literal=access-key=<your sysdig access key> -n sysdig-agent

Create a cluster role and service account, and define the cluster role binding that grants the Sysdig agent rules in the cluster role:

kubectl apply -f sysdig-agent-clusterrole.yaml -n sysdig-agent
kubectl create serviceaccount sysdig-agent -n sysdig-agent
kubectl create clusterrolebinding sysdig-agent --clusterrole=sysdig-agent --serviceaccount=sysdig-agent:sysdig-agent

Edit sysdig-agent-configmap.yaml to add the collector address , port , and the SSL/TLS information:
```
collector:
collector_port:
ssl: #true or false
check_certificate: #true or false
```
- For SaaS, find the collector address for your region.
- For On-prem, enter the collector endpoint defined in your environment.
- check_certificate should be set to false if a self-signed certificate or private, CA-signed cert is used. See also Set Up SSL Connectivity to the Backend.

Apply the sysdig-agent-configmap.yaml file:

 kubectl apply -f sysdig-agent-configmap.yaml -n sysdig-agent

Apply the sysdig-agent-service.yaml file:

kubectl apply -f sysdig-agent-service.yaml -n sysdig-agent

This allows the agent to receive Kubernetes audit events from the Kubernetes API server. See Kubernetes Audit Logging for information on enabling Kubernetes audit logging.

Apply the daemonset-v2.yaml file :

kubectl apply -f sysdig-agent-daemonset-v2.yaml -n sysdig-agent

The agents will be deployed and you can see some metrics in the Sysdig Monitor UI.

Next Steps

You can continue with instructions in Additional Options.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.