Cluster Shield
The Sysdig Cluster Shield streamlines the deployment, management, and configuration of the Sysdig suite of security and compliance tools at the cluster level. By consolidating multiple agent deployments into a single containerized component, Cluster Shield simplifies operations for Kubernetes environments to enable you to maintain the security and compliance posture of your system.
The Cluster Shield replaces the following individual components:
Kubernetes Audit Logging (Admission Controller)
Secure Admission Controller (KSPM + Vulnerability Management)
Cluster Scanner (supersedes the Runtime Scanner)
KSPM Collector
These components remain supported individually and deployable as part of the existing sysdig-deploy
Helm chart.
Benefits
Simplified Installation and Upgrades
- Unified installation process: A single artifact for installation simplifies Sysdig onboarding.
- Streamlined upgrade paths: Reduced complexity and consistency across environments through simplified upgrade processes.
Unified Versioning
- Single source: Centralized versioning information and release notes for the consolidated components.
- Easier tracking: Simplified monitoring of new features, defect fixes, and performance enhancements.
Improved Compatibility and Support
- Enhanced compatibility: Improved support across Sysdig suite of tools.
- Streamlined support process: A unified agent approach simplifies troubleshooting and resolution efforts.
Installation
If you are installing Cluster Shield from scratch rather than migrating from a previously installed Sysdig component, follow the instructions below:
Prerequisites
Install Cluster Shield
### create a values.yaml file. Set your values and decide which features you would like to enable.
cluster_shield:
cluster_config:
name: <your-cluster-name>
features:
admission_control:
enabled: true
audit:
enabled: true
container_vulnerability_management:
enabled: true
posture:
enabled: true
sysdig_endpoint:
api_url: <your-api-url>
secure_api_token: <your-secure-api-token>
access_key: <your-access-key>
## Install by running the following:
helm repo add sysdig https://charts.sysdig.com
helm repo update
helm upgrade --install --atomic --create-namespace \
-n sysdig-agent \
-f values.yaml \
sysdig-cluster-shield \
sysdig/cluster-shield
For information on configuration parameters, see Configuration Library.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.