Skip to main content
Version: v4.11

Deploy a sidecar

To protect your repositories, you'll deploy a Cyral sidecar that intercepts traffic to and from the data repository. One sidecar can protect many repositories.

note

Refer to the Sidecar upgrade procedures page if you are upgrading an existing sidecar.

Prerequisites

  • If using SSO, set up the database accounts.
  • If custom sidecar certificates are required, refer to the sidecar certificates page.
  • The host machine where the sidecar will run must have network connectivity to the Cyral control plane (outbound HTTPS and gRPC traffic using port 443) and to the database you plan to protect with the sidecar.

Step 1: Creating a sidecar

Select Sidecars in the menu on the left and click the ➕ (plus sign). A dialog box will appear, prompting you to provide a name for your sidecar. Enter a unique and descriptive name and confirm the creation.

Step 2: Choosing your deployment

Once the sidecar is created, navigate to the Deployment tab of the sidecar details page.

Here, you will find several deployment options: Express, Cyral Templates and Custom Deployment (DIY). See a detailed description of each of these options below:

Express

Choose this option for a quick and simple deployment.

The prerequisites are: a Linux machine with at least 1 CPU, 4GB of RAM and 5GB of available disk space.

info

In order to deploy the Express sidecar, click the button Generate Install Command in the Deployment tab of your sidecar and run the command shown on the Linux CLI.

Cyral Templates

Choose this option if you need a more comprehensive deployment support and use one of the Cyral sidecar deployment templates.

All of these templates are open source and you can modify them to fit your needs. They are listed in the Sidecar Deployment section of our Cyral Quickstart page and each of them link to a specific quickstart repositories where the template and the instructions are stored.

We have deployment templates available to help you deploy on Kubernetes, AWS EC2 (using Terraform or CloudFormation), AWS ECS and others. Each of the template repositories have a README.md with detailed information about the deployment template, including the deployment architecture, examples for an easy quickstart, recommendation for production use cases and more.

info

In order to deploy a sidecar using a Cyral Template, click the button Generate Deployment Parameters in the Deployment tab of your sidecar, assign to the proper parameters of the chosen template and follow the instructions to deploy it.

DIY (Custom Deployment)

Choose this option for custom dodeploy-it-yourself configurations in any containerization platform.

Copy the parameters shown when you click Generate Deployment Parameters from the DIY option of the Deployment tab of your sidecar, assign to the proper parameters of the sidecar container and run it.

See more details in the DIY (Custom) page.

Step 3: Monitoring your deployment

Monitoring your deployment involves logging, metrics and health checks. Use the associated links for more details.

Once your sidecar instances are running, you can easily monitor their health in the Instances tab. Basic health diagnostics are shown in the control plane.

Next steps

Once you successfully deployed your sidecar, follow the steps below: