Embedded Container Image
You will need to have deployed the orchestrator agent, as explained in the CloudFormation and Terraform Installation section.
Update your Dockerfile to copy the Sysdig Workload Agent files into your container image. Use the
COPYcommand to copy the files from the Sysdig Workload Agent image into your container image. For example:
ARG sysdig_agent_version=latest FROM quay.io/sysdig/workload-agent:$sysdig_agent_version AS workload-agent FROM my_original_base COPY --from=workload-agent /opt/draios /opt/draios
In this example, the
ARGcommand specifies the version of the Sysdig Workload Agent to use, which defaults to the latest version if not specified. The
FROMcommand pulls the Sysdig Workload Agent image, and the
COPYcommand copies the /opt/draios directory from the image into your container image.
ENTRYPOINTof your container to prepend the
/opt/draios/bin/instrumentcommand to the original entrypoint. This ensures that the Sysdig instrumentation is run before the original entrypoint.
ENTRYPOINT ["/opt/draios/bin/instrument", "my", "original", "entry", "point"]
pointwith the appropriate values for your container’s original entrypoint.
Specify the Sysdig orchestrator you want to use by setting the
SYSDIG_ORCHESTRATOR_PORTenvironment variables in your Dockerfile.
ENV SYSDIG_ORCHESTRATOR=orchestrator.elb.us-east-1.amazonaws.com \ SYSDIG_ORCHESTRATOR_PORT=6667
6667with the appropriate values for your Sysdig orchestrator.
Build and push the instrumented container image to your container registry, just like you would with any other container image.
docker build -t my_instrumented_image . docker push my_instrumented_image
Ensure that the architecture of the image matches the CPU architecture of your Fargate RuntimePlatform. For example, if you’re using an
X86_64Fargate RuntimePlatform, you’ll need to build your image using an
X86_64system, or use the Docker experimental feature for building for different platforms.
With these steps, you can instrument your container image with the Sysdig Workload Agent at build time, instead of using
serverless-patcher to instrument your CloudFormation template.
After the deployment completes, security-related events will be visible in the Sysdig Secure Events feed.
Optionally, you can perform advanced Configuration steps.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.