Agent Installation Requirements

Sysdig agents can be installed on a wide array of Linux hosts. Check your environment to ensure it meets the minimum supported platform, operating system, runtime, and orchestration requirements and uses the appropriate installation instructions.

Versioning Scheme

We recommend that you use the latest version of the agent. Sysdig supports n-3 versions back based on the minor number. For example, if the latest release is v12.0.0, we will support n-3 versions back, up to v11.2.0.

End of Support

Sysdig agents that are older than version 0.85.1, released October 1, 2018, will no longer connect to the Sysdig US-East SaaS platform with default agent values.

Going forward all the agent releases will have a 3-year deprecation policy. This implies:

  • Sysdig Support might not be able to help you troubleshoot or address the problems with agents past the deprecation date.

  • Sysdig will no longer provide prebuilt kernel probe binaries for these agent releases. You need to build the kernel probe binaries on the fly by using the hosts kernel headers.

    These changes is effective starting Sysdig agent v12.1.0.

Agent Installation Requirements

Orchestration Platforms

Support Matrix for Kubernetes

Sysdig agent versions 12.4.0 and above has been tested on the following list of latest Kubernetes versions. The matrix provides a single view into the supported operating systems, architecture, and runtime versions for different flavors of Kubernetes orchestrators.

ClusterOperating SystemKubernetes VersionArchitectureRuntime
RedHat OpenShift Kubernetes Service (ROKS)Ubuntu 18.04.6 LTSv1.22.7+IKSx86_64containerd
RancherSUSE Linux Enterprise Server 15 SP2v1.20.4x86_64docker
OpenShift (okd4)Red Hat Enterprise Linux CoreOS 46.82.202110110956-0 (Ootpa)v1.19.14+fcff70ax86_64cri-o
OpenShift (okd4)Red Hat Enterprise Linux CoreOS 47.84.202202070903-0 (Ootpa)v1.20.11+e880017x86_64cri-o
OpenShift (okd4)Red Hat Enterprise Linux CoreOS 48.84.202202142303-0 (Ootpa)v1.21.6+4b61f94x86_64cri-o
OpenShift (okd4)Red Hat Enterprise Linux CoreOS 49.84.202202230006-0 (Ootpa)v1.22.3+b93fd35x86_64cri-o
OpenShift (okd4)Red Hat Enterprise Linux CoreOS 49.84.202203081945-0 (Ootpa)v1.22.5+5c84e52x86_64cri-o
OpenShift (okd3)CentOS Linux 7 (Core)v1.11.0+d4cacc0x86_64docker
Kubernetes Operations (kops)Ubuntu 20.04.4 LTSv1.20.0x86_64, arm64containerd
Kubernetes Operations (kops)Ubuntu 20.04.4 LTSv1.21.0x86_64, arm64containerd
Kubernetes Operations (kops)Ubuntu 20.04.4 LTSv1.22.0x86_64, arm64containerd
Kubernetes Operations (kops)Ubuntu 20.04.4 LTSv1.21.9x86_64containerd
KubernetesUbuntu 20.04.2 LTSv1.23.0x86_64docker
KubernetesUbuntu 20.04.2 LTSv1.21.0x86_64docker
IBM Cloud Kubernetes Service (IKS)Ubuntu 18.04.6 LTSv1.22.7+IKSx86_64containerd
Google Kubernetes Engine (GKE)Container-Optimized OS from Googlev1.21.6-gke.1503x86_64containerd
Google Kubernetes Engine (GKE)Container-Optimized OS from Googlev1.21.9-gke.1002x86_64containerd
Amazon Elastic Kubernetes Service (EKS)Amazon Linux 2v1.21.5-eks-9017834x86_64docker

(Beta) Additional Orchestration Platforms

Orchestration PlatformsDocumentation
Oracle Kubernetes Engine (OKE)Steps for OKE
Microsoft Azure Cloud ServicesAgent Install: Non-Orchestrated
Microsoft Azure Kubernetes Service (AKS)Agent Install: Kubernetes
Amazon Elastic Container Service (Amazon ECS)Agent Install: Non-Orchestrated
+ AWS Integration Instructions
RancherOSAgent Install: Non-Orchestrated
Mesos/MarathonAgent Install: Mesos/Marathon
Docker Datacenter (DDC)Agent Install: Non-Orchestrated

If you are not using an orchestrator in your environment, follow the instructions for Agent Install Non-Orchestrated .

Linux Distributions and Kernels

Support Matrix for Linux Distributions

Sysdig agent has been tested on the following linux destros:

Operating SystemArchitecture
Amazon Linux 2x86_64
CentOS Linux 7 (Core)x86_64
Fedora 33 (Cloud Edition)x86_64
Fedora 34 (Cloud Edition)x86_64
Red Hat Enterprise Linux 8.5 (Ootpa)x86_64
Red Hat Enterprise Linux Server 7.9 (Maipo)x86_64
Ubuntu 16.04.7 LTS (Xenial Xerus)x86_64
Ubuntu 18.04.6 LTS (Bionic Beaver)x86_64
Ubuntu 20.04.4 LTSx86_64

(Beta) Linux Distributions

Sysdig agent is supported on the following Linux distributions:

Platforms

Linux Distribution

Core Set

  • Debian

  • Ubuntu

  • Ubuntu (Amazon)

  • CentOS

  • Red Hat Enterprise Linux (RHEL)

  • SuSE Linux Enterprise Server

  • RHEL CoreOS (RHCOS)

  • Fedora

  • Fedora CoreOS

  • Linux Mint

  • Amazon Linux

  • Amazon Linux v2

  • Amazon Bottlerocket

  • Google Container Optimized OS (COS)

  • Oracle Linux (UEH)

  • Oracle Linux (RHCK)

AWS EC2

  • Amazon Linux 2

  • Amazon Bottlerocket

  • Core set (see above)

GCP

  • Core set (see above)

  • COS

Azure

  • Core set (see above)

Container Runtimes

Sysdig agent supports the detection of the following:

  • Docker
  • LXC
  • CRI-O
  • containerd
  • Podman
  • Mesos

Support Matrix for Docker

Operating SystemArchitecture
Amazon Linux 2x86_64, arm64
CentOS Linux 7 (Core)x86_64
Debian GNU/Linux 9 (stretch)x86_64
Debian GNU/Linux 9.13 (stretch)x86_64
Fedora 34 (Cloud Edition)x86_64
Fedora Linux 35 (Cloud Edition)x86_64
Red Hat Enterprise Linux 8.5 (Ootpa)x86_64, arm64
Red Hat Enterprise Linux Server 7.9 (Maipo)x86_64
Ubuntu 16.04.7 LTS (Xenial Xerus)x86_64, arm64
Ubuntu 18.04.6 LTS (Bionic Beaver)x86_64, arm64
Ubuntu 20.04.4 LTS (Focal Fossa)x86_64, arm64

Prerequisites for Podman Environments

Sysdig agent supports running as a Podman container.

  • Enable Podman API Service for all the users.

    The agent will not able to collect Podman-managed container metadata, such as the container name, if the API service is not enabled.

  • Secure rules and policies that depend on container metadata other than the container ID will not work.

  • Pausing and terminating containers will not work because Policy actions for Podman are not supported.

  • The containers started as a non-root user will have the podman_owner_uid label associated with it if the API service is enabled for that user. The value of podman_owner_uid will be the numeric user ID corresponding to the user that started the container.

Container Registries

Quay.io

For example, to pull the latest agent container from Quay.io:

docker pull quay.io/sysdig/agent

CPU Architectures

x86

Supported Agent Containers
  • agent
  • agent-slim
  • agent-kmodule

ARM (aarch64)

Unsupported Features
  • Pre-built probes
  • Activity Audit
  • Sysdig agent installation using the agent container

s390x (zLinux)

Unsupported Features
Probes

No support for pre-built probes on zLinux. For kernel instrumentation, use the kernel module. eBPF probes are not supported on zLinux.

Captures

Capture is not supported on zLinux.

Legacy Agent Installation

Sysdig agent installation using agent container is not supported.

Java Versions and Vendors

Sysdig agent supports the following:

  • Java versions: v7 and above
  • Vendors: Oracle, OpenJDK

For Java-based applications (Cassandra, Elasticsearch, Kafka, Tomcat, Zookeeper and etc.), the Sysdig agent requires the Java runtime environment (JRE) to be installed to poll for metrics (beans).

If the Docker-container-based Sysdig agent is installed, the JRE is installed alongside the agent binaries and no further dependencies exist. However, if you are installing the service-based agent (non-container) and you do not see the JVM/JMX metrics reporting, your host may not have the JRE installed or it may not be installed in the expected location: usr/bin/java

Minimum Resource Requirements

The resource requirements of the agent are subjective to the size and load of the host— more activity equates to more resources required.

It is typical to see between 5-20KiB/s of bandwidth consumed—different variables can increase the throughput required such as the number of metrics, events, Kubernetes objects, and which products and features are enabled. When a Sysdig Capture is being collected, you can expect to see a spike in bandwidth while the capture file is being ingested.

We do not recommend placing bandwidth shaping or caps on the agent to ensure data can be sent to our collection service. For more information, see Tuning Sysdig Agent.

Additional Requirements

Access key

The installation of the Sysdig agent requires an access key.

This key and the agent installation instructions are presented to you after activating your account and using a web-based wizard upon initial login.

The same information can also be found in the Settings > Agent Installation menu of the web interface after logging in. See Agent Installation: Overview and Key for details.

Network connection

A Sysdig agent (containerized or native) is installed into each host being monitored and will need to be able to connect to the Sysdig Monitor backend servers to report host metrics. The agent must be able to reach the Sysdig Collector addresses. For example, for US East, it is ‘collector.sysdigcloud.com’ (via multiple IPs) over port tcp/6443 . See Sysdig Collector Ports for supported ports for other regions.

The agent supports the HTTP proxy for communicating with Sysdig backend components. For more information, see Enable HTTP Proxy for Agents.



Last modified May 20, 2022