Install Shield on Kubernetes
Sysdig Shield provides runtime detection and policy enforcement for Kubernetes workloads by leveraging Falco to enhance security and compliance. The Cluster Shield collects data from the Kubernetes nodes where it is installed, sending it to the Sysdig backend while synchronizing runtime policies and rules.
For detailed installation instructions based on your node type, see:
Before installing Sysdig Shield, ensure that your system meets the following requirements."
System Requirements
A supported distribution or Kubernetes platform.
A Sysdig account and agent access key.
Ports 443 and 6443 open for outbound traffic
The Host Shield communicates to Sysdig APIs on port 443 and with the collector on port 6443. If you’re using a firewall, make sure to open port 443 and 6443 for outbound traffic so that the Host Shield can communicate with the Sysdig APIs and collector.
Allow traffic on port
12000
to communicate within the cluster (same namespace) for Kubernetes Security Posture Management (KSPM).Allow traffic on port
4222
to communicate within the cluster (same namespace) for Container Vulnerability Management.
Kubernetes Platforms
Kubernetes (Vanilla)
Amazon Elastic Kubernetes Service (EKS)
Note: AWS Fargate is not supported on EKS
Google Kubernetes Engine (GKE)
Azure Kubernetes Service (AKS)
RedHat Openshift
IBM Kubernetes Service (IKS)
RKE Government (RKE2)
Linux Distributions
- Debian
- Ubuntu 18.04 and above
- Ubuntu (Amazon)
- CentOS 7 and above
- Alma Linux
- Rocky Linux
- Red Hat Enterprise Linux (RHEL) 7 and above
- SuSE Linux Enterprise Server*
- RHEL CoreOS (RHCOS)
- Fedora
- Fedora CoreOS
- Linux Mint
- Amazon Linux (Original)
- Amazon Linux 2 (AL2)
- Amazon Linux 2023 (AL2023)
- Amazon Bottlerocket
- Google Container Optimized OS (COS)
- Oracle Linux (UEH)
- Oracle Linux (RHCK)
- Azure Linux (CBL-Mariner)
- EulerOS
- ArchLinux
- Alpine Linux 3.20 and above
CPU Architectures
- X86
- ARM
- ppc64le (IBM Power)
- s390x (zLinux)
We support additional Linux distributions depending on the feature required.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.