Cluster Shield

The Sysdig Cluster Shield streamlines the deployment, management, and configuration of the Sysdig suite of security and compliance tools at the cluster level. By consolidating multiple agent deployments into a single containerized component, Cluster Shield simplifies operations for Kubernetes environments to enable you to maintain the security and compliance posture of your system.

The Cluster Shield replaces the following individual components:

Kubernetes Audit Logging (Admission Controller)
Secure Admission Controller (KSPM + Vulnerability Management)
Cluster Scanner (supersedes the Runtime Scanner)
KSPM Collector

These components remain supported individually and deployable as part of the existing sysdig-deploy Helm chart.

Benefits

Simplified Installation and Upgrades

Unified installation process: A single artifact for installation simplifies Sysdig onboarding.
Streamlined upgrade paths: Reduced complexity and consistency across environments through simplified upgrade processes.

Unified Versioning

Single source: Centralized versioning information and release notes for the consolidated components.
Easier tracking: Simplified monitoring of new features, defect fixes, and performance enhancements.

Improved Compatibility and Support

Enhanced compatibility: Improved support across Sysdig suite of tools.
Streamlined support process: A unified agent approach simplifies troubleshooting and resolution efforts.

Installation

If you are installing Cluster Shield from scratch rather than migrating from a previously installed Sysdig component, follow the instructions below:

Prerequisites

Install Cluster Shield

### create a values.yaml file. Set your values and decide which features you would like to enable.

cluster_shield:
  cluster_config:
    name: <your-cluster-name>
  features:
    admission_control:
      enabled: true
    audit:
      enabled: true
    container_vulnerability_management:
      enabled: true
    posture:
      enabled: true
  sysdig_endpoint:
    api_url: <your-api-url>
    secure_api_token: <your-secure-api-token>
    access_key: <your-access-key>

## Install by running the following:

helm repo add sysdig https://charts.sysdig.com
helm repo update
helm upgrade --install --atomic --create-namespace \
  -n sysdig-agent \
  -f values.yaml \
  sysdig-cluster-shield \
  sysdig/cluster-shield

For information on configuration parameters, see Configuration Library.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.