Migrate to Cluster Shield
sysdig-deploy
Helm chart.For fresh installation using sysdig-deploy
, see Linux on Kubernetes.
You can also check out the improved shield
chart, which is in Technical Preview.
You need a Secure API Token to enable the audit
feature and if you are running an on-premises version older than 6.12.0.
Migrate to Cluster Shield
If you have previously installed Sysdig components in your cluster, follow the instruction given in this topic to migrate to the Cluster Shield and deploy using the sysdig-deploy
chart.
Instructions given in this section are only relevant to the existing users.
The Cluster Shield replaces the following individual components:
Kubernetes Audit Logging (Admission Controller)
Secure Admission Controller (KSPM + Vulnerability Management)
Cluster Scanner (supersedes the Runtime Scanner)
KSPM Collector
To migrate to the Sysdig Cluster Shield:
- Disable the components you have already installed by using the
sysdig-deploy
chart. - Install the Sysdig Cluster Shield.
Disable the Sysdig Components
If you have any of the following components deployed, disable the following components in the sysdig-deploy
chart:
- Kubernetes Audit Logging (Admission Controller)
- KSPM Collector
- Runtime Scanner
- Cluster Scanner
Add the following configuration to your values.yaml
or edit your existing installation by using the upgrade command for the sysdig-deploy
chart.
Kubernetes Audit Logging (Admission Controller)
admissionController:
enabled: false
Disable KSPM Collector
kspmCollector:
enabled: false
Disable Runtime Scanner
nodeAnalyzer:
nodeAnalyzer:
runtimeScanner:
deploy: false
Disable Cluster Scanner
clusterScanner:
enabled: false
Install Cluster Shield
If you are a new user, see installation instruction for Kubernetes.
If you have an existing installation of Sysdig Agent you can use the usual command to enable the Cluster Shield and related features:
helm upgrade .... \
--set clusterShield.enabled=true \
--set clusterShield.cluster_shield.features.container_vulnerability_management.enabled=true \
--set clusterShield.cluster_shield.features.audit.enabled=true \
--set clusterShield.cluster_shield.features.posture.enabled=true \
....
Here is the list of features we enable and what they do:
container_vulnerability_management
: replaces the Runtime Scanner or the Cluster Scanner component that you may have enabledaudit
: replaces the Kubernetes Audit Logging (Admission Controller) componentposture
: replaces the KSPM Collector component
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.