Skip to content

Sysdig Secure: Unified security and compliance for containers, Kubernetes and cloud

License

Notifications You must be signed in to change notification settings

oracle-quickstart/oke-sysdig

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Sysdig LogoSysdig Logo - Dark Mode Deploy to Oracle Cloud

Terraform module that deploys the Sysdig Secure Agents in Oracle Kubernetes Engine (OKE) Cluster.

Requirements

  • An OCI account, the Oracle CLI (Resource Manager) and Terraform installed and configured. Find the step by step instructions in hte Oracle QuickStart Prerequisites.
  • A Sysdig account. Configuration parameters
  • If the Snyk integration is enabled, you need the Snyk monitor configured and running on the same cluster.

Usage options

There are three ways to deploy this in your OCI infrastructure

  • Using the magic button.
  • Deploy using Terraform CLI.
  • Upload the module to the Oracle Resource Manager.

Using the magic button

  1. Click the button Deploy to Oracle Cloud to go to the OCI deployment wizard.
  2. Provide configuration parameters and credentials explained in the requirements section above.
  3. Follow the wizard isntructions and run Plan check the stack.
  4. Go to Stack Page > Terraform Actions > Apply to deploy the infrastructure.
  5. If no longer need the infrastructure, run Stack Page > Terraform Actions > Destroy

Using Terraform Scripts

Using Terraform (locally or via CloudShell), copy the file terraform.tfvars.example to terraform.tfvars and configure the variables. Make sure you have the OCI CLI installed and configured, then go ahead with terraform init, plan and apply.

Basic configuration example

# OCI authentication
tenancy_ocid     = "ocid1.tenancy.oc1..aaaaaaaahpra2di6l4levg7gtrb7w25xplkrba3dkclhcff48vofxuvv36pd"

# Deployment compartment
compartment_ocid = "ocid1.compartment.oc1..aaaaaaaatd5ktvvwe1r4mybei7nfqvcwfdsepggun4kvojgeh5mbibryy22tq"

# region
region = "us-sanjose-1"

# Sysdig
sysdig_access_key = "3e43321c-45ee-423d-b243-fab4d40cc87a"
sysdig_settings_collector = "ingest-us2.app.sysdig.com" # us-west
sysdig_settings_collector_port = "6443"
sysdig_secure_api_endpoint = "us2.app.sysdig.com" # us-west

Start using Sysdig + OKE

OCI VNC egress rules

Once the OKE cluster is provisioned it is strongly recommended to set up an egress rule allowing port 6443 so that the sysdig-agent can reach Sysdig APIs and Collectors.

Read more about VNC security lists: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm
Sysdig IPs and regions: https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges

Documentation & training

https://docs.sysdig.com/en/docs/sysdig-secure/getting-started-with-sysdig-secure

https://learn.sysdig.com

https://sysdig.com