Agent Installation Requirements
Sysdig agents can be installed on a wide array of Linux hosts. Check your environment to ensure it meets the minimum supported platform, operating system, runtime, and orchestration requirements and uses the appropriate installation instructions.
Versioning Scheme
We recommend that you use the latest version of the agent. Sysdig supports n-3 versions back based on the minor number. For example, if the latest release is v12.0.0, we will support n-3 versions back, up to v11.2.0.
End of Support
Sysdig agents that are older than version 0.85.1, released October 1, 2018, will no longer connect to the Sysdig US-East SaaS platform with default agent values.
Going forward all the agent releases will have a 3-year deprecation policy. This implies:
Sysdig Support might not be able to help you troubleshoot or address the problems with agents past the deprecation date.
Sysdig will no longer provide prebuilt kernel probe binaries for these agent releases. You need to build the kernel probe binaries on the fly by using the hosts kernel headers.
These changes is effective starting Sysdig agent v12.1.0.
Agent Installation Requirements
Orchestration Platforms
Support Matrix for Kubernetes
Sysdig agent version 12.8.1 has been tested on the following list of latest Kubernetes versions. The matrix provides a single view into the supported operating systems, architecture, and runtime versions for different flavors of Kubernetes orchestrators.
| Cluster | Operating System | Kubernetes Version | Architecture | Runtime |
|---|---|---|---|---|
| RedHat OpenShift Kubernetes Service (ROKS) | Red Hat | v1.22 | x86_64 | cri-o |
| Rancher | SUSE Linux Enterprise Server 15 SP2 | v1.20 | x86_64 | docker |
| OpenShift (okd4) 4.8 | Red Hat Enterprise Linux CoreOS 48 | v1.21 | zlinux | cri-o |
| OpenShift (okd4) 4.10 NOTE: OpenShift versions 4.10+ cannot be used with the new Vulnerability Management component. This means that if installing the agent on OCP4.10+, the following option should not be used or be set to false(Helm): set nodeAnalyzer.secure.vulnerabilityManagement.newEngineOnly=false \ | Red Hat Enterprise Linux CoreOS 410 | v1.23 | x86_64 | cri-o |
| OpenShift (okd3) | CentOS Linux 7 (Core) | v1.11.0+d4cacc0 | x86_64 | docker |
| Kubernetes Operations (kops) | Ubuntu 20.04.4 LTS | v1.21 | x86_64, arm64 | containerd |
| Kubernetes Operations (kops) | Ubuntu 20.04.4 LTS | v1.24 | x86_64, arm64 | containerd |
| Kubernetes | Ubuntu 20.04.2 LTS | v1.23 | x86_64 | docker |
| IBM Cloud Kubernetes Service (IKS) | Ubuntu 18.04.6 LTS | v1.23 | x86_64 | containerd |
| Google Kubernetes Engine (GKE) | Container-Optimized OS from Google | v1.22 | x86_64 | containerd |
| Amazon Elastic Kubernetes Service (EKS) | Bottlerocket OS 1.9 | v1.22 | x86_64, arm64 | containerd |
(Beta) Additional Orchestration Platforms
| Orchestration Platforms | Documentation |
|---|---|
| Oracle Kubernetes Engine (OKE) | Steps for OKE |
| Microsoft Azure Cloud Services | Agent Install: Non-Orchestrated |
| Microsoft Azure Kubernetes Service (AKS) | Agent Install: Kubernetes |
| Amazon Elastic Container Service (Amazon ECS) | Agent Install: Non-Orchestrated + AWS Integration Instructions |
| RancherOS | Agent Install: Non-Orchestrated |
| Mesos/Marathon | Agent Install: Mesos/Marathon |
| Docker Datacenter (DDC) | Agent Install: Non-Orchestrated |
If you are not using an orchestrator in your environment, follow the instructions for Agent Install Non-Orchestrated.
Note: Installing the Sysdig agent into a namespace managed by Istio and configured for sidecar auto-injection is not supported. For example, setting kubectl label namespace sysdig-agent istio-injection=enabled. Because the agent behaves more like a host component, it is required to be part of the host PID and network namespace to function correctly. Due to this requirement, deploying the Sysdig agent in Istio with an Envoy sidecar is not supported. However, running the Sysdig agent in a non-injected namespace where Istio is installed and managing other namespaces is fully supported. See Istio integration for more details on using the Sysdig agent to monitor Istio control plane and sidecar metrics.
Linux Distributions and Kernels
Support Matrix for Linux Distributions
Sysdig agent version 12.8.1 (installed as a service) has been tested on the following list of latest linux distros:
| Operating System | Architecture |
|---|---|
| Amazon Linux 2 | x86_64 |
| Fedora Linux 36 (Cloud Edition) | x86_64 |
| Red Hat Enterprise Linux 8.6 (Ootpa) | x86_64 |
| Ubuntu 18.04.6 LTS (Bionic Beaver) | x86_64 |
| Ubuntu 20.04.4 LTS (Focal Fossa) | x86_64 |
| Ubuntu 22.04 LTS (Jammy Jellyfish) | x86_64 |
(Beta) Linux Distributions
Sysdig agent is supported on the following Linux distributions:
Platforms | Linux Distribution |
|---|---|
Core Set |
|
AWS EC2 |
|
GCP |
|
Azure |
|
Container Runtimes
Sysdig agent supports the detection of the following:
- Docker
- LXC
- CRI-O
- containerd
- Podman
- Mesos
Support Matrix for Docker
Sysdig agent version 12.8.1 has been tested on the following list of latest linux distros:
| Operating System | Architecture |
|---|---|
| Amazon Linux 2 | x86_64, arm64 |
| Amazon Linux 2022 | x86_64, arm64 |
| Debian GNU/Linux 10 (buster) | x86_64, arm64 |
| Debian GNU/Linux 11 (bullseye) | x86_64, arm64 |
| Fedora Linux 35 (Cloud Edition) | x86_64, arm64 |
| Fedora Linux 36 (Cloud Edition) | x86_64, arm64 |
| Red Hat Enterprise Linux 8.6 (Ootpa) | x86_64, arm64 |
| Red Hat Enterprise Linux 9.0 (Plow) | x86_64, arm64 |
| SLES_15 SP4 | x86_64 |
| Red Hat Enterprise Linux 9.0 (Plow) | x86_64, arm64 |
| Ubuntu 18.04.6 LTS (Bionic Beaver) | x86_64, arm64 |
| Ubuntu 20.04.4 LTS (Focal Fossa) | x86_64, arm64 |
| Ubuntu 22.04.4 LTS (Jammy Jellyfish) | x86_64, arm64 |
Prerequisites for Podman Environments
Sysdig agent supports running as a Podman container.
Enable Podman API Service for all the users.
The agent will not able to collect Podman-managed container metadata, such as the container name, if the API service is not enabled.
Secure rules and policies that depend on container metadata other than the container ID will not work.
Pausing and terminating containers will not work because Policy actions for Podman are not supported.
The containers started as a non-root user will have the
podman_owner_uidlabel associated with it if the API service is enabled for that user. The value ofpodman_owner_uidwill be the numeric user ID corresponding to the user that started the container.
Container Registries
For example, to pull the latest agent container from Quay.io:
docker pull quay.io/sysdig/agent
CPU Architectures
x86
Supported Agent Containers
agentagent-slimagent-kmodule
ARM (aarch64)
Supported kernel versions are v4.17 and above
Unsupported Features
- Pre-built probes
- Activity Audit
- Sysdig agent installation using the
agentcontainer
s390x (zLinux)
Unsupported Features
Probes
No support for pre-built probes on zLinux. For kernel instrumentation, use the kernel module. eBPF probes are not supported on zLinux.
Captures
Capture is not supported on zLinux.
Legacy Agent Installation
Sysdig agent installation using agent container is not supported.
Java Versions and Vendors
Sysdig agent supports the following:
- Java versions: v7 and above
- Vendors: Oracle, OpenJDK
For Java-based applications (Cassandra, Elasticsearch, Kafka, Tomcat, Zookeeper and etc.), the Sysdig agent requires the Java runtime environment (JRE) to be installed to poll for metrics (beans).
If the Docker-container-based Sysdig agent is installed, the JRE is
installed alongside the agent binaries and no further dependencies
exist. However, if you are installing the service-based agent
(non-container) and you do not see the JVM/JMX metrics reporting, your
host may not have the JRE installed or it may not be installed in the
expected location: usr/bin/java
Minimum Resource Requirements
The resource requirements of the agent are subjective to the size and load of the host— more activity equates to more resources required.
It is typical to see between 5-20KiB/s of bandwidth consumed—different variables can increase the throughput required such as the number of metrics, events, Kubernetes objects, and which products and features are enabled. When a Sysdig Capture is being collected, you can expect to see a spike in bandwidth while the capture file is being ingested.
We do not recommend placing bandwidth shaping or caps on the agent to ensure data can be sent to our collection service. For more information, see Tuning Sysdig Agent.
Additional Requirements
Access key
The installation of the Sysdig agent requires an access key.
This key and the agent installation instructions are presented to you after activating your account and using a web-based wizard upon initial login.
The same information can also be found in the
Settings > Agent Installation menu of the web interface after logging
in. See Agent Installation: Overview and
Key for details.
Network connection
A Sysdig agent (containerized or native) is installed into each host
being monitored and will need to be able to connect to the Sysdig
Monitor backend servers to report host metrics. The agent must be able
to reach the Sysdig Collector addresses. For example, for US East, it is
‘collector.sysdigcloud.com’ (via
multiple IPs) over port tcp/6443 . See Sysdig Collector
Ports for supported ports
for other regions.
The agent supports the HTTP proxy for communicating with Sysdig backend components. For more information, see Enable HTTP Proxy for Agents.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.