https://github.com/oracle-quickstart/oke-sysdig

Sysdig Secure: Unified security and compliance for containers, Kubernetes and cloud
https://github.com/oracle-quickstart/oke-sysdig

sysdig sysdig-agent sysdig-monitor sysdig-secure

Last synced: 7 days ago
JSON representation

Sysdig Secure: Unified security and compliance for containers, Kubernetes and cloud

• Host: GitHub
• URL: https://github.com/oracle-quickstart/oke-sysdig
• Owner: oracle-quickstart
• License: upl-1.0
• Created: 2022-03-15T14:53:38.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2022-10-18T19:36:11.000Z (over 3 years ago)
• Last Synced: 2025-05-21T21:42:39.232Z (9 months ago)
• Topics: sysdig, sysdig-agent, sysdig-monitor, sysdig-secure
• Language: HCL
• Homepage: https://sysdig.com/products/secure/
• Size: 969 KB
• Stars: 2
• Watchers: 5
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# ![Sysdig Logo](./images/sysdig-logo.svg#gh-light-mode-only)![Sysdig Logo - Dark Mode](./images/sysdig-logo-white-text.svg#gh-dark-mode-only)      [![Deploy to Oracle Cloud][magic_button]][magic_sysdig_stack]

Terraform module that deploys the Sysdig Secure Agents in Oracle Kubernetes Engine (OKE) Cluster.

## Requirements

- An OCI account, the Oracle CLI (Resource Manager) and Terraform installed and configured. Find the step by step instructions in hte [Oracle QuickStart Prerequisites](https://github.com/oracle-quickstart/oci-prerequisites).

- A [Sysdig account](https://sysdig.com/company/start-free). Configuration parameters

  - Sysdig Access Key: From Sysdig panel go to Settings > Agent installation and copy the alphanumeric string.

  - [Agent Collector url, port and Sysdig Secure endpoint](https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges). Make sure to choose the right ones matching your SaaS region.

- If the Snyk integration is enabled, you need the Snyk monitor configured and running on the same cluster.

## Usage options

There are three ways to deploy this in your OCI infrastructure

- Using the magic button.

- Deploy using Terraform CLI.

- Upload the module to the Oracle Resource Manager.

### Using the magic button

![](./images/magic-button-screenshot-1.png)

1. Click the button [![Deploy to Oracle Cloud][magic_button]][magic_sysdig_stack] to go to the OCI deployment wizard.

2. Provide configuration parameters and credentials explained in the requirements section above.

3. Follow the wizard isntructions and run **Plan** check the stack.

4. Go to **Stack Page > Terraform Actions > Apply** to deploy the infrastructure.

5. If no longer need the infrastructure, run **Stack Page > Terraform Actions > Destroy**

### Using Terraform Scripts

Using Terraform (locally or via CloudShell), copy the file `terraform.tfvars.example` to `terraform.tfvars` and configure the variables. Make sure you have the OCI CLI installed and configured, then go ahead with terraform init, plan and apply.

Basic configuration example

````

# OCI authentication

tenancy_ocid     = "ocid1.tenancy.oc1..aaaaaaaahpra2di6l4levg7gtrb7w25xplkrba3dkclhcff48vofxuvv36pd"

# Deployment compartment

compartment_ocid = "ocid1.compartment.oc1..aaaaaaaatd5ktvvwe1r4mybei7nfqvcwfdsepggun4kvojgeh5mbibryy22tq"

# region

region = "us-sanjose-1"

# Sysdig

sysdig_access_key = "3e43321c-45ee-423d-b243-fab4d40cc87a"

sysdig_settings_collector = "ingest-us2.app.sysdig.com" # us-west

sysdig_settings_collector_port = "6443"

sysdig_secure_api_endpoint = "us2.app.sysdig.com" # us-west

````

## Start using Sysdig + OKE

### OCI VNC egress rules

Once the OKE cluster is provisioned it is strongly recommended to set up an egress rule allowing port 6443 so that the sysdig-agent can reach Sysdig APIs and Collectors.  

   

Read more about VNC security lists: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm  

Sysdig IPs and regions: https://docs.sysdig.com/en/docs/administration/saas-regions-and-ip-ranges  

### Documentation & training

https://docs.sysdig.com/en/docs/sysdig-secure/getting-started-with-sysdig-secure

https://learn.sysdig.com

https://sysdig.com

## Contributing

This project welcomes contributions from the community. Before submitting a pull request, please [review our contribution guide](./CONTRIBUTING.md)

## Security

Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process

## License

Copyright (c) 2022 Oracle and/or its affiliates.

Released under the Universal Permissive License v1.0 as shown at

.

[magic_button]: https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg

[magic_sysdig_stack]: https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/oke-sysdig/releases/latest/download/oke-sysdig-stack.zip