Terraform module that deploys the Sysdig Secure Agents in Oracle Kubernetes Engine (OKE) Cluster.
- An OCI account, the Oracle CLI (Resource Manager) and Terraform installed and configured. Find the step by step instructions in hte Oracle QuickStart Prerequisites.
- A Sysdig account. Configuration parameters
- Sysdig Access Key: From Sysdig panel go to Settings > Agent installation and copy the alphanumeric string.
- Agent Collector url, port and Sysdig Secure endpoint. Make sure to choose the right ones matching your SaaS region.
- If the Snyk integration is enabled, you need the Snyk monitor configured and running on the same cluster.
There are three ways to deploy this in your OCI infrastructure
- Using the magic button.
- Deploy using Terraform CLI.
- Upload the module to the Oracle Resource Manager.
- Click the button to go to the OCI deployment wizard.
- Provide configuration parameters and credentials explained in the requirements section above.
- Follow the wizard isntructions and run Plan check the stack.
- Go to Stack Page > Terraform Actions > Apply to deploy the infrastructure.
- If no longer need the infrastructure, run Stack Page > Terraform Actions > Destroy
Using Terraform (locally or via CloudShell), copy the file terraform.tfvars.example
to terraform.tfvars
and configure the variables. Make sure you have the OCI CLI installed and configured, then go ahead with terraform init, plan and apply.
Basic configuration example
# OCI authentication
tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaahpra2di6l4levg7gtrb7w25xplkrba3dkclhcff48vofxuvv36pd"
# Deployment compartment
compartment_ocid = "ocid1.compartment.oc1..aaaaaaaatd5ktvvwe1r4mybei7nfqvcwfdsepggun4kvojgeh5mbibryy22tq"
# region
region = "us-sanjose-1"
# Sysdig
sysdig_access_key = "3e43321c-45ee-423d-b243-fab4d40cc87a"
sysdig_settings_collector = "ingest-us2.app.sysdig.com" # us-west
sysdig_settings_collector_port = "6443"
sysdig_secure_api_endpoint = "us2.app.sysdig.com" # us-west
Once the OKE cluster is provisioned it is strongly recommended to set up an egress rule allowing port 6443 so that the sysdig-agent can reach Sysdig APIs and Collectors.
Read more about VNC security lists: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm
Sysdig IPs and regions: https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges
https://docs.sysdig.com/en/docs/sysdig-secure/getting-started-with-sysdig-secure