Installation Requirements

You can install the Cluster Shield and Host Shield on a wide array of hosts and orchestrators. Before you begin, determine the deployment method you want to use. You can install the Host Shield as a Kubernetes DaemonSet, a standalone binary on Linux, or as a container. Check your environment to ensure that it meets the minimum requirements and uses the appropriate installation instructions.

Installation Requirements

Before installing the Host Shield:

  • A supported distribution or Kubernetes platform

  • A Sysdig account and agent access key

  • Port 6443 open for outbound traffic

    The Host Shield communicates with the collector on port 6443. If you’re using a firewall, make sure to open port 6443 for outbound traffic so that the agent can communicate with the collector.

Container Platforms

  • Kubernetes v1.11 and above

    • Google Kubernetes Engine (GKE)
    • Amazon Elastic Kubernetes Service (EKS)

    Note: AWS Fargate is not supported on EKS

    • Azure Kubernetes Service (AKS)
    • IBM Cloud Kubernetes Service (IKS)

  • RedHat OpenShift Kubernetes Service (ROKS) 4 and above

  • Amazon ECS on EC2

Linux Distributions

  • Debian v10 and above
  • Ubuntu v18 and above
  • Ubuntu (Amazon) v18 and above
  • CentOS v7 and above
  • Red Hat Enterprise Linux (RHEL) v7 and above
  • SuSE Linux Enterprise Server v15 SP4 and above
  • RHEL CoreOS (RHCOS)
  • Fedora v36 and above
  • Fedora CoreOS
  • Linux Mint
  • Amazon Linux
  • Amazon Linux v2
  • Amazon Linux v3
  • Amazon Bottlerocket
  • Google Container Optimized OS (COS)
  • Oracle Linux (UEH)
  • Oracle Linux (RHCK)
  • EulerOS

* Linux service install is not supported on SuSE Linux Enterprise Server.

Container Runtimes

  • Docker
  • LXC
  • CRI-O
  • containerd
  • Podman
  • Mesos

CPU Architectures

  • X86
  • ARM
  • ppc64le (IBM Power)
  • s390x (zLinux)**

** Prebuilt probes, Captures and agent installation using the agent container are not supported.

** Supports only RHEL and OpenShift.

Next Steps