Containers

This page describes how to install the Sysdig Host Shield on hosts using non-orchestrated containers.

Migrate to the Host Shield

The Sysdig Agent has evolved to be the Host Shield starting from version 13.6.1.

Prerequisites

Review
- Installation Requirements
- Understand Agent Drivers
Collect the following:
- Sysdig Access Key
- Collector Address and Port for COLLECTOR and PORT
- API Endpoint to use for SYSDIG_API_ENDPOINT

Install the Host Shield

To install the Host Shield as a container using Docker Compose, create a docker-compose.yml file with the following content:

If you are using the eBPF driver, run:

version: '3.8'

services:
  sysdig-agent:
    image: quay.io/sysdig/agent-slim:13.8.0
    container_name: sysdig-host-shield
    restart: always
    privileged: true
    network_mode: host
    pid: host
    shm_size: 512M
    environment:
      ACCESS_KEY: <ACCESS_KEY>
      COLLECTOR: <COLLECTOR_URL>
      COLLECTOR_PORT: <COLLECTOR_PORT>
      SYSDIG_AGENT_DRIVER: # Driver for the host agent (Accepted Values: kmod, legacy_ebpf, universal_ebpf (Linux Kernel ≥ 5. 8))
    volumes:
      - /var/run/docker.sock:/host/var/run/docker.sock
      - /dev:/host/dev
      - /proc:/host/proc:ro
      - /boot:/host/boot:ro
      - /sys/kernel/debug:/sys/kernel/debug:ro

If you are using the Legacy eBPF driver update the volumes section as following:

    volumes:
      - /var/run/docker.sock:/host/var/run/docker.sock
      - /dev:/host/dev
      - /proc:/host/proc:ro
      - /boot:/host/boot:ro
      - /sys/kernel/debug:/sys/kernel/debug:ro
      - /root/.sysdig:/root/.sysdig

If you are using the kernel module driver update the volumes section as following:

    volumes:
      - /var/run/docker.sock:/host/var/run/docker.sock
      - /dev:/host/dev
      - /proc:/host/proc:ro 
      - /boot:/host/boot:ro

Parameter Breakdown:

ACCESS_KEY: Your Sysdig Access Key.
COLLECTOR: The Sysdig collector URL for your SaaS region.
COLLECTOR_PORT: The port used by the Sysdig collector.

Deploy the Host Shield

Save the docker-compose.yml file in your working directory.
Replace the following with your actual Sysdig configuration values:
- <ACCESS_KEY>
- <COLLECTOR_URL>
- <COLLECTOR_PORT>
- <API_URL>
Start the container:

docker compose up -d

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.