Install Windows Nodes
In addition to providing instructions for freshly installing the shield chart, this topic also guides you through migrating from previously installed Sysdig components deployed with the sysdig-deploy chart to the Host Shield and Cluster Shield components.
Prerequisites
Kubectl
installed- Helm version 3.10 and later
- Your agent access key
- Sysdig Secure Endpoint for your Sysdig SaaS region
- Windows Server 2019 and above
- Administrator permissions to perform the operations
Coverage Map
Platform | Threat Detection and Response | Vulnerability Management | Posture Management |
---|---|---|---|
EKS | ✅ | ✅ (Hosts Only) | ❌ |
AKS | ✅ | ✅ (Hosts Only) | ❌ |
GKE | ✅ | ✅ (Hosts Only) | ❌ |
Openshift (OCP4) | ✅ | ✅ (Hosts Only) | ❌ |
Migrate to the Shield Chart
Sysdig introduces a new chart, shield, to install Host Shield components. If you have previously installed Sysdig components in your cluster or are considering a fresh installation, use the shield chart instead of sysdig-deploy
.
Since the Host Shield replace all the components previously deployed using the sysdig-deploy
chart, uninstall any existing installations before proceeding. This will prevent encountering duplicate entity errors.
Before uninstalling, make sure to take a backup of your Sysdig deployment to preserve configurations and data.
helm get values {RELEASE_NAME} -n {NAMESPACE} > sysdig-agent-backup.yaml
To remove an existing installation, run the following command:
helm uninstall sysdig-agent --namespace sysdig-agent
If you are doing a fresh installation, you can ignore this requirement.
Install Using Helm
Configuration File
To install Host Shield and Cluster Shield, you can use the following values.yaml
file:
cluster_config:
# The name of the cluster
name: <your-cluster-name>
sysdig_endpoint:
# Sysdig Secure instance location region
region: <your-sysdig-region>
# Access key for Sysdig Secure instance
access_key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
features:
kubernetes_metadata:
# Enable Kubernetes metadata collection for the cluster
enabled: true
posture:
host_posture:
# Enable host posture assessment
enabled: true
cluster_posture:
# Enable cluster posture assessment
enabled: true
vulnerability_management:
host_vulnerability_management:
# Enable host vulnerability management
enabled: true
container_vulnerability_management:
# Enable container vulnerability management
enabled: true
in_use:
# Enable retrieval of in-use packages
enabled: true
detections:
drift_control:
# Enable drift control detection
enabled: true
malware_control:
# Enable malware control detection
enabled: true
ml_policies:
# Enable machine learning policies
enabled: true
kubernetes_audit:
# Enable Kubernetes audit logging
enabled: true
investigations:
activity_audit:
# Enable activity audit
enabled: true
live_logs:
# Enable Kubernetes live logs
enabled: true
captures:
enabled: true
host:
# Linux Host settings
driver: universal_ebpf
# Linux Driver for the host agent (Accepted Values: kmod, legacy_ebpf, universal_ebpf (Linux Kernel ≥ 5. 8))
host_windows:
# Windows Host settings
enabled: true
#Enable Windows Host Shield deployment
Installation
helm repo add sysdig https://charts.sysdig.com
helm repo update
helm upgrade --install --atomic --create-namespace \
-n sysdig \
-f values.yaml \
shield \
sysdig/shield
Parameters:
http_proxy
: Specifies the URL for the HTTP proxy server.https_proxy
: Specifies the URL for the HTTPS proxy server.no_proxy
: A comma-separated list of hosts or domains to bypass the proxy. For example:localhost,127.0.0.1,. my-cluster.local
Feature Management
Feature management in Sysdig Host and Cluster Shield is handled through a values.yaml configuration file, where you can enable or disable specific features like posture, vulnerability management and detection capabilities. Each feature has associated options, allowing customization to fit your environment’s security and compliance needs.
For example, you can enable host scanning with the following snippet:
features:
vulnerability_management:
host_vulnerability_management:
enabled: true
This setup activates host vulnerability scanning, allowing you to identify and address potential security risks on your cluster’s nodes.
Additional Features
To enable the additional features, edit the values.yaml
file to use the following configuration:
Posture Management
features:
posture:
host_posture:
enabled: true
Proxy Settings
If your environment requires internet access through a proxy server, you can configure proxy settings in the values.yaml file. These settings ensure that Sysdig Host and Cluster Shield can communicate with Sysdig.
Add the following configuration under the proxy section:
proxy:
http_proxy: http://customer-proxy
https_proxy: http://customer-proxy
no_proxy: <comma-separated-list-of-hosts-or-domains>
Advanced Settings
You can use the additional_settings
section to configure advanced debugging options, such as log levels. It is recommended to use these settings with caution and contact Sysdig Support for guidance.
For the detailed information on configuring the shield
chart, see shield.
Scan Directory Configuration
The dirs_to_scan
sets the list of folders to be included in the scan.
host_windows:
additional_settings:
vulnerability_management:
host_vulnerability_management:
enabled: true
# The maximum size of a file considered for VM analysis
max_file_size_bytes: 104857600
# The maximum size for in-memory evaluation, larger files will be offloaded to disk
max_in_memory_file_size_bytes: 26214400
# The maximum number of (image) layers being analyzed in parallel
max_parallel_layers: 5
# host-scanning feature
host:
enabled: true
# folders to be included in the analysis
dirs_to_scan:
- C:\Users
Setting Log Level
The log_level
sets the minimum log level for messages displayed in the console.
host_windows:
additional_settings:
log_level: warn # or debug, info, warn, err
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.