Install Shield on Kubernetes
Sysdig Shield provides runtime detection and policy enforcement for Kubernetes workloads by leveraging Falco to enhance security and compliance. The Cluster Shield collects data from the Kubernetes nodes where it is installed, sending it to the Sysdig backend while synchronizing runtime policies and rules.
For detailed installation instructions based on your node type, see:
Before installing Sysdig Shield, ensure that your system meets the following requirements."
System Requirements
A supported distribution or Kubernetes platform.
A Sysdig account and agent access key.
Port 6443 open for outbound traffic
The Host Shield communicates with the collector on port 6443. If you’re using a firewall, make sure to open port 6443 for outbound traffic so that the Host Shield can communicate with the collector.
Allow traffic on port
12000to communicate within the cluster for Kubernetes Security Posture Management (KSPM).
Kubernetes Platforms
Kubernetes (Vanilla)
Amazon Elastic Kubernetes Service (EKS)
Note: AWS Fargate is not supported on EKS
Google Kubernetes Engine (GKE)
Azure Kubernetes Service (AKS)
RedHat Openshift
IBM Kubernetes Service (IKS)
RKE Government (RKE2)
Linux Distributions
- Debian
- Ubuntu 18.04 and above
- Ubuntu (Amazon)
- CentOS 7 and above
- Alma Linux
- Rocky Linux
- Red Hat Enterprise Linux (RHEL) 7 and above
- SuSE Linux Enterprise Server*
- RHEL CoreOS (RHCOS)
- Fedora
- Fedora CoreOS
- Linux Mint
- Amazon Linux (Original)
- Amazon Linux 2 (AL2)
- Amazon Linux 2023 (AL2023)
- Amazon Bottlerocket
- Google Container Optimized OS (COS)
- Oracle Linux (UEH)
- Oracle Linux (RHCK)
- Azure Linux (CBL-Mariner)
- EulerOS
- ArchLinux
- Alpine Linux 3.20 and above
CPU Architectures
- X86
- ARM
- ppc64le (IBM Power)
- s390x (zLinux)
We support additional Linux distributions depending on the feature required.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
