Host Requirements for Agent Installation
Sysdig agents can be installed on a wide array of Linux hosts. Check your environment to ensure it meets the minimum supported platform, operating system, runtime, and orchestration requirements and uses the appropriate installation instructions.
We recommend that you use the latest version of the agent. Sysdig supports n-3 versions back based on the minor number. For example, if the latest release is
v12.0.0, we will support n-3 versions back, up to
End of Support
Sysdig agents that are older than version 0.85.1, released October 1, 2018, will no longer connect to the Sysdig US-East SaaS platform with default agent values.
Going forward all the agent releases will have a 3-year deprecation policy. This implies:
Sysdig Support might not be able to help you troubleshoot or address the problems with agents past the deprecation date.
Sysdig will no longer provide prebuilt kernel probe binaries for these agent releases. You need to build the kernel probe binaries on the fly by using the hosts kernel headers.
These changes is effective starting Sysdig agent v12.1.0.
Agent Installation Requirements
Sysdig agent is supported on the following Orchestration platforms:
|Kubernetes v1.9+||Agent Install: Kubernetes|
|Oracle Kubernetes Engine (OKE)||Steps for OKE|
|Google Kubernetes Engine (GKE)||Steps for GKE|
|OpenShift||Steps for OpenShift|
|IBM Cloud Kubernetes Service (IKS)||Agent Install: IKS (IBM Cloud with Sysdig)|
|Microsoft Azure Cloud Services||Agent Install: Non-Orchestrated|
|Microsoft Azure Kubernetes Service (AKS)||Agent Install: Kubernetes|
|Amazon Elastic Kubernetes Service (Amazon EKS)||Agent Install: Kubernetes|
|Amazon Elastic Container Service (Amazon ECS)||Agent Install: Non-Orchestrated|
+ AWS Integration Instructions
|Rancher||Steps for Rancher|
|RancherOS||Agent Install: Non-Orchestrated|
|Mesos/Marathon||Agent Install: Mesos/Marathon|
|Docker Datacenter (DDC)||Agent Install: Non-Orchestrated|
If you are not using an orchestrator in your environment, follow the instructions for Agent Install Non-Orchestrated .
Linux Distributions and Kernels
Sysdig agent is supported on the following Linux distributions:
Sysdig agent supports the detection of the following:
Prerequisites for Podman Environments
Sysdig agent supports running as a Podman container.
Enable Podman API Service for all the users.
The agent will not able to collect Podman-managed container metadata, such as the container name, if the API service is not enabled.
Secure rules and policies that depend on container metadata other than the container ID will not work.
Pausing and terminating containers will not work because Policy actions for Podman are not supported.
The containers started as a non-root user will have the
podman_owner_uidlabel associated with it if the API service is enabled for that user. The value of
podman_owner_uidwill be the numeric user ID corresponding to the user that started the container.
For example, to pull the latest agent container from Quay.io:
docker pull quay.io/sysdig/agent
Java Versions and Vendors
Sysdig agent supports the following:
- Java versions: v7 and above
- Vendors: Oracle, OpenJDK
For Java-based applications (Cassandra, Elasticsearch, Kafka, Tomcat, Zookeeper and etc.), the Sysdig agent requires the Java runtime environment (JRE) to be installed to poll for metrics (beans).
If the Docker-container-based Sysdig agent is installed, the JRE is
installed alongside the agent binaries and no further dependencies
exist. However, if you are installing the service-based agent
(non-container) and you do not see the JVM/JMX metrics reporting, your
host may not have the JRE installed or it may not be installed in the
Minimum Resource Requirements
The resource requirements of the agent are subjective to the size and load of the host— more activity equates to more resources required. At a minimum, the agent requires 2% of the total CPU and 512MiB of memory.
It is typical to see between 5-20KiB/s of bandwidth consumed—different variables can increase the throughput required such as the number of metrics, events, Kubernetes objects, and which products and features are enabled. When a Sysdig Capture is being collected, you can expect to see a spike in bandwidth while the capture file is being ingested.
We do not recommend placing bandwidth shaping or caps on the agent to ensure data can be sent to our collection service. For more information, see Tuning Sysdig Agent.
The installation of the Sysdig agent requires an access key.
This key and the agent installation instructions are presented to you after activating your account and using a web-based wizard upon initial login.
The same information can also be found in the
Settings > Agent Installation menu of the web interface after logging
in. See Agent Installation: Overview and
Key for details.
A Sysdig agent (containerized or native) is installed into each host
being monitored and will need to be able to connect to the Sysdig
Monitor backend servers to report host metrics. The agent must be able
to reach the Sysdig Collector addresses. For example, for US East, it is
multiple IPs) over
port tcp/6443 . See Sysdig Collector
Ports for supported ports
for other regions.
The agent supports the HTTP proxy for communicating with Sysdig backend components. For more information, see Enable HTTP Proxy for Agents.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.