Sysdig Documentation

Install Sysdig Using the Installer

Note

For Sysdig installations on Kubernetes or OpenShift.

The Sysdig Installer tool is a Docker image containing a collection of scripts that help automate the on-premises deployment of the Sysdig platform (Sysdig Monitor and/or Sysdig Secure), for environments using Kubernetes or OpenShift. Use the Installer to install or upgrade your Sysdig platform. It is recommended as a replacement for the earlier manual install and manual upgrade procedures.

Installation Overview

To install, you will log in to quay.io, download a values.yaml file, provide a few basic parameters in it, and launch the Installer. In a normal installation, the rest is automatically configured and deployed.

You can perform a quick install if your environment has access to the internet, or a partial or full airgapped installation, as needed. Each is described below.

Note

To customize or override settings, see Advanced Installer Options.

Prerequisites

The installer must be run from a machine with kubectl / oc configured with access to the target cluster where the Sysdig platform will be installed. Note that this cluster may be different than where the Sysdig agent will be deployed.

Requirements for Installation Machine with Internet Access
  • Network access to Kubernetes cluster

  • Docker

  • Bash

  • jq

  • Network access to quay.io (See Docker Login to quay.io, below.)

  • A domain name you are in control of.

Additional Requirements for Airgapped Environments
  • Edited values.yaml with airgap registry details updated

  • Network and authenticated access to the private registry

Access Requirements
  • Sysdig license key (Monitor and/or Secure)

  • Quay pull secret

  • Anchore license file (if Secure is licensed)

    Note

    If you are running Sysdig Secure, an Anchore license is provided from Sysdig Sales. It must be stored next to the values.yaml file and will be referenced from the sysdig.anchoreLicensePath parameter when filling out the values.yaml configuration.

Storage Requirements

You may use dynamic or static storage on a variety of platforms to store the Sysdig platform components (stateful sets). Different configuration parameters and values are used during the install, depending on which scenario you have.

Use Case 1: Default, undefined (AWS/GKE)

If you will use dynamic storage on AWS or GKE and haven’t configured any storage class there yet, then the Quick Install streamlines the process for you.

  • storageclassProvisioner: Enter aws or gke. The installer will create the appropriate storage class and then use it for all the Sysdig platform stateful sets.

  • storageclassName: Leave empty.

Use Case 2: Dynamic, predefined

It is also possible that you are using dynamic storage but have already created storage classes there. This dynamic storage could be AWS, GKE, or any other functioning dynamic storage you use.  In this case, you would enter: 

  • storageclassProvisioner: Leave empty; anything put here would be ignored.

  • storageclassName: Provide the name of the pre-configured storage class you want to use. The installer will use this storage class for all the Sysdig platform stateful sets.

Use Case 3: Static Storage

In cases where dynamic storage is not available, you can use static storage for the Sysdig stateful sets. In this case, you would use:

  • storageclassProvisioner: Enter hostpath, then define the nodes for the four main Sysdig components: ElasticSearch, Cassandra, MySQL, and Postgres.storageclassProvisioner

  • See Advanced Installer Options for details.

Docker Login to quay.io

  1. Retrieve the Quay username and password from Quay pull secret.

    For example

    AUTH=$(echo <REPLACE_WITH_quaypullsecret> | base64 --decode | jq -r '.auths."quay.io".auth'| base64 --decode)
    QUAY_USERNAME=${AUTH%:*} 
    QUAY_PASSWORD=${AUTH#*:}
    
  2. Log in to quay.io.Use the username and password retrieved above.

    docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io

Quickstart Install

This install assumes the Kubernetes cluster has network access to pull images from quay.io.

  1. Copy the current version values.yaml to your working directory.

    wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
  2. Edit the following values:

    • size: Specifies the size of the cluster. Size defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and large

    • quaypullsecret: quay.io provided with your Sysdig purchase confirmation mail

    • storageClassProvisioner: Review Storage Requirements, above.

      If you have the default use case, enter aws or gke in the storageClassProvisioner field. Otherwise, refer to Use Case 2 or 3.

    • sysdig.license: Sysdig license key provided with your Sysdig purchase confirmation mail

    • sysdig.anchoreLicensePath: The path relative to the values.yaml where the Anchore enterprise license yaml is located. (For Sysdig Secure users only.)

    • sysdig.dnsname: The domain name the Sysdig APIs will be served on. Note that the master node may not be used as the DNS name when using hostNetwork mode.

    • sysdig.collector.dnsName: (OpenShift installs only) Domain name the Sysdig collector will be served on. When not configured it defaults to whatever is configured for sysdig.dnsName. Note that the master node may not be used as the DNS name when using hostNetwork mode.

    • deployment: (OpenShift installs only) Add deployment: openshift to the root of the values.yaml file.

    • sysdig.ingressNetworking: The networking construct used to expose the Sysdig API and collector.Options are:

      • hostnetwork: sets the hostnetworking in the ingress daemonset and opens host ports for api and collector. This does not create a Kubernetes service.

      • loadbalancer: creates a service of type loadbalancer and expects that your Kubernetes cluster can provision a load balancer with your cloud provider.

      • nodeport: creates a service of type nodeport.The node ports can be customized with:

        sysdig.ingressNetworkingInsecureApiNodePort

        sysdig.ingressNetworkingApiNodePort

        sysdig.ingressNetworkingCollectorNodePort

      Note

      If doing an airgapped install , you would also edit the following values:

      (See also Airgapped Installation Options.)

    • airgapped_registry_name: The URL of the airgapped (internal) docker registry. This URL is used for installations where the Kubernetes cluster can not pull images directly from Quay

    • airgapped_registry_password: The password for the configured airgapped_registry_username. Ignore this parameter if the registry does not require authentication.

    • airgapped_registry_username: The username for the configured airgapped_registry_name. Ignore this parameter if the registry does not require authentication.

  3. Run the installer. (Note: This step differs in Airgapped Installation Options.)

    docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \-v ~/.kube:/.kube:Z -v $(pwd):/manifests:Z \quay.io/sysdig/installer:2.5.0-1
  4. See Output to finish.

Note

Save the values.yaml file in a secure location; it will be used for future upgrades.

You can keep or delete the generated directory.

Airgapped Installation Options

The installer can be used to install in airgapped environments, either with a multi-homed installation machine that has internet access, or in an environment with no internet access.

Airgapped with Multi-Homed Installation Machine

This assumes a private docker registry is used and the installation machine has network access to pull from quay.io and push images to the private registry.

The Prerequisites and workflow are the same as in the Quickstart Install (above) with the following exceptions:

  • In step 2, add the airgap registry information

  • In step 3, run the installer as follows:

    docker run -e HOST_USER=$(id -u) -e KUBECONFIG=/.kube/config \
    -v ~/.kube:/.kube:Z \
    -v $(pwd):/manifests:Z \
    -v /var/run/docker.sock:/var/run/docker.sock:Z \
    -v ~/.docker:/root/docker:Z \
    quay.io/sysdig/installer:2.5.0-1

Full Airgap Install

This assumes a private docker registry is used and the installation machine does not have network access to pull from quay.io, but can push images to the private registry.

In this situation, a machine with network access (called the “jump machine”) will pull an image containing a self-extracting tarball which can be copied to the installation machine.

Requirements for jump machine
  • Network access to quay.io

  • Docker

  • jq

Requirements for installation machine
  • Network access to Kubernetes cluster

  • Docker

  • Bash

  • tar

  • Network and authenticated access to the private registry

  • Edited values.yaml with airgap registry details updated

Workflow

On the Jump Machine

  1. Follow the Docker Log In to quay.io steps.

  2. Pull the image containing the self-extracting tar:

    docker pull quay.io/sysdig/installer:2.5.0-1-uber
  3. Extract the tarball:

    docker create --name uber_image quay.io/sysdig/installer:2.5.0-1-uber
    docker cp uber_image:/sysdig_installer.tar.gz .
    docker rm uber_image
  4. Copy the tarball to the installation machine.

On the Installation Machine:

  1. Copy the current version values.yaml to your working directory.

    wget https://raw.githubusercontent.com/draios/sysdigcloud-kubernetes/installer/installer/values.yaml
  2. Edit the following values:

    • size: Specifies the size of the cluster. Size defines CPU, Memory, Disk, and Replicas. Valid options are: small, medium and large

    • quaypullsecret: quay.io provided with your Sysdig purchase confirmation mail

    • storageClassProvisioner: Review Storage Requirements, above.

      If you have the default use case, enter aws or gke in the storageClassProvisioner field. Otherwise, refer to Use Case 2 or 3.

    • sysdig.license: Sysdig license key provided with your Sysdig purchase confirmation mail

    • sysdig.anchoreLicensePath: The path relative to the values.yaml where the Anchore enterprise license yaml is located. (For Sysdig Secure users only.)

    • sysdig.dnsname: The domain name the Sysdig APIs will be served on. Note that the master node may not be used as the DNS name when using hostNetwork mode.

    • sysdig.collector.dnsName: (OpenShift installs only) Domain name the Sysdig collector will be served on. When not configured it defaults to whatever is configured for sysdig.dnsName. Note that the master node may not be used as the DNS name when using hostNetwork mode.

    • deployment: (OpenShift installs only) Add deployment: openshift to the root of the values.yaml file.

    • sysdig.ingressNetworking: The networking construct used to expose the Sysdig API and collector.Options are:

      • hostnetwork: sets the hostnetworking in the ingress daemonset and opens host ports for api and collector. This does not create a Kubernetes service.

      • loadbalancer: creates a service of type loadbalancer and expects that your Kubernetes cluster can provision a load balancer with your cloud provider.

      • nodeport: creates a service of type nodeport.The node ports can be customized with:

        sysdig.ingressNetworkingInsecureApiNodePort

        sysdig.ingressNetworkingApiNodePort

        sysdig.ingressNetworkingCollectorNodePort

    • airgapped_registry_name: The URL of the airgapped (internal) docker registry. This URL is used for installations where the Kubernetes cluster can not pull images directly from Quay

    • airgapped_registry_password: The password for the configured airgapped_registry_username. Ignore this parameter if the registry does not require authentication.

    • airgapped_registry_username: The username for the configured airgapped_registry_name. Ignore this parameter if the registry does not require authentication.

  3. Edit the following:

  4. Copy the tarball file to the directory where you have your values.yaml file.

  5. Run the tar file:

    bash sysdig_installer.tar.gz

  6. See Output to finish.

Note

You can keep or delete the generated directory.

Save the values.yaml file in a secure location; it will be used for future upgrades.

Output

A successful installation should display output in the terminal such as:

All Pods Ready.....Continuing Congratulations, your Sysdig installation was successful! 
You can now login to the UI at "https://awesome-domain.com:443" with:
username: "configured-username@awesome-domain.com"
password: "awesome-password"See Output to finish.

There will also be a generated directory containing various Kubernetes configuration yaml files which were applied by installer against your cluster. It is not necessary to keep the generated directory, as the installer can regenerate consistently with the same values.yaml file.

Additional Installer Resources