Sysdig Install: OpenShift

Sysdig Monitor is the first and only monitoring, alerting, and troubleshooting solution designed from the ground up to provide unprecedented visibility into containerized infrastructures.

Sysdig Monitor comes with built-in, first class support for monitoring OpenShift, including the underlying Kubernetes orchestration. Once installed, the Sysdig agent container will automatically begin monitoring all of your hosts, apps, containers, and services, and will also automatically connect to the Kubernetes API to pull relevant metadata about your environment.

 

Example YAML files

Example files for this install method are available on github:

For the OpenShift please add "serviceAccount: sysdigcloud"  entry to the DaemonSet YAML file

 

Installation

Step 1: Configure a new OpenShift project

Note: Plese make sure every node has kernel headers package installed
Debian-like distributions:  apt-get -y install linux-headers-$(uname -r)
RHEL-like distributions:     yum -y install kernel-devel-$(uname -r)
 

First you'll need to create a new OpenShift project for your Sysdig Monitor deployment. We suggest "sysdigcloud", but you can name it whatever you want.

$oc new-project sysdigcloud

Now, in order to allow Sysdig Monitor to pull metrics and metadata from the Kubernetes API endpoint, you need to create a serviceaccount which has access to the `privileged` scc in openshift, and also had the cluster-reader role (replace sysdigcloud as needed with your project name):

oc project sysdigcloud
oc create serviceaccount sysdigcloud
oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:sysdigcloud:sysdigcloud
oadm policy add-scc-to-user privileged system:serviceaccount:sysdigcloud:sysdigcloud

See the OpenShift documentation on Security Context Constraints for more info.

Step 2: Deploy the Sysdig agent as a Daemon Set

The recommended way to install Sysdig across your OpenShift cluster is using a Kubernetes Daemon Set. A Daemon Set will automatically place a single Sysdig agent container on each node in your cluster. Every OpenShift project on your cluster will be monitored by this Daemon Set.

Deploy your Sysdig Daemon Set into your new project using this example sysdig.yaml file. Be sure to add your Sysdig Monitor Access Key and any other customizations needed.

You can do the deployment directly from the the CLI:

$oc create -f sysdigcloud_daemonset.yaml​

Or from the OpenShift management console here: 

For general instructions on deploying the Sysdig agent container as a Daemon Set, see here: Sysdig Install: Kubernetes Daemon Set

Have more questions? Submit a request