Sysdig Monitor is the first and only monitoring, alerting, and troubleshooting solution designed from the ground up to provide unprecedented visibility into containerized infrastructures.
Sysdig Monitor comes with built-in, first class support for monitoring OpenShift, including the underlying Kubernetes orchestration. Once installed, the Sysdig agent container will automatically begin monitoring all of your hosts, apps, containers, and services, and will also automatically connect to the Kubernetes API to pull relevant metadata about your environment.
Example YAML files
Example files for this install method are available on github:
For the OpenShift please add "serviceAccount: sysdigcloud" entry to the DaemonSet YAML file
Step 1: Configure a new OpenShift project
Note:Plese make sure every node has kernel headers package installed
First you'll need to create a new OpenShift project for your Sysdig Monitor deployment. We suggest "sysdigcloud", but you can name it whatever you want.
oc new-project sysdigcloud
Now, in order to allow Sysdig Monitor to pull metrics and metadata from the Kubernetes API endpoint, you need to create a serviceaccount which has access to the `privileged` scc in openshift, and also had the cluster-reader role (replace sysdigcloud as needed with your project name):
oc project sysdigcloud
oc create serviceaccount sysdigcloud
oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:sysdigcloud:sysdigcloud
oc adm policy add-scc-to-user privileged system:serviceaccount:sysdigcloud:sysdigcloud
See the OpenShift documentation on Security Context Constraints for more info.
Step 2: Deploy the Sysdig agent as a Daemon Set
The recommended way to install Sysdig across your OpenShift cluster is using a Kubernetes Daemon Set. A Daemon Set will automatically place a single Sysdig agent container on each node in your cluster. Every OpenShift project on your cluster will be monitored by this Daemon Set.
Deploy your Sysdig Daemon Set into your new project using this example sysdig.yaml file. Be sure to add your Sysdig Monitor Access Key and any other customizations needed (e.g. uncommenting and setting the "TAGS" section).
You can do the deployment directly from the the CLI:
$oc create -f sysdigcloud_daemonset.yaml
Or from the OpenShift management console here:
For general instructions on deploying the Sysdig agent container as a Daemon Set, see here: Sysdig Install: Kubernetes Daemon Set
Running The Agent On The Master
Best practices are to configure master nodes with
schedulable=false since you do not want all pods to run on the master. Howerver, you may still want to run the Sysdig agent pod on your master. To accomplish this, you should add node labels to all nodes including the masters by configuring (for example) '
oc label node --all "app=sysdig" --overwrite
Then add the nodeSelector section to your Sysdig daemonset:
serviceAccount: sysdigcloud #OPTIONAL - OpenShift service account for OpenShift
- name: sysdig-agent
Lastly, edit your namespace:
oc edit namespace sysdigcloud
At this point your pods with `app=sysdig` (which are your Sysdig agents) should match all of your nodes (app=sysdig) and run in all your nodes including the masters. No other pod will run in the master but Sysdig agents.