Airgapped Agent Installation

Airgapped environments are those that do not have the network access to pull images from the container repository. Agent installation requires sysdigcloud-probe and you cannot download a pre-compiled module in an airgapped environment. Therefore, ensure that you compile your own sysdigcloud-probe before installing the agent.

Prepare the Sysdig Probe Builder Images

On a machine with internet connectivity, build the Sysdig probe container and create a tar file of the image.

  1. Get the probe builder artifacts from the repository:

    $ git clone
    $ git checkout probe-builder
    $ cd sysdig
  2. Build the container image:

    $ docker build -t airgap/sysdig-probe-builder probe-builder/
  3. Create the container and run:

    $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock airgap/sysdig-probe-builder:latest -P -b airgap/
  4. Save the images to a tar archive:

    $ docker save airgap/sysdig-probe-builder | gzip > builders.tar.gz

    Ensure that you make this tar available to the airgapped machines where you intend to install the Sysdig agent.

Set Up Kernel Module

  1. Set up a local repository to host the pre-compiled kernel module:

    $ kubectl run my-nginx --image=nginx --port=80
    $ kubectl expose deployment my-nginx --port=80 --type=NodePort
  2. Copy sysdigcloud-probe to the repository you have created:

    $ kubectl cp sysdigcloud-probe-<version> my-nginx-xxxxxxxx-xxxx:/usr/share/nginx

Install Agent in Docker Environment

  1. Install Sysdig agent by pointing SYSDIG_PROBE_URL to the local repository:

    For docker-based installations:

    $ docker run -d --name sysdig-agent --restart always --privileged --net host --pid host -e ACCESS_KEY=WWWWW-YYYY-XXXX-ZZZZ-123456789 -e SECURE=true -e SYSDIG_PROBE_URL= -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --shm-size=512m sysdig/agent

    Where -e SYSDIG_PROBE_URL=http://www.mywebserver:80/ is the local nginx pod with the loaded module.

    To use secure communication with a self-signed or untrusted certificate, apply the -e SYSDIG_PROBE_INSECURE_DOWNLOAD=true environment variable.

  2. Check the agent log. You will see a similar message:

    Found custom module URL http://mywebserver:80/, will use it * Trying to download precompiled module from http://mywebserver:80/sysdigcloud-probe-<version>
  3. Continue with the instructions in Agent Install: Non-Orchestrated.

Install Agent in Kubernetes Environment

  1. Open your agent daemonset and update the SYSDIG_PROBE_URL to point to the local repository:

    - name: SYSDIG_PROBE_URL
      value: http://www.mywebserver:80/

    If you would like to use secure communication with a self-signed or untrusted certificate, apply the SYSDIG_PROBE_INSECURE_DOWNLOAD environment variable.

      value: true
  2. Continue with the instructions in Agent Install: Kubernetes.

Last modified June 23, 2022