Installing Falco
The Falco Project
The Falco application:
- Parses Linux kernel system calls at runtime.
- Analyzes signals using a configurable set of rules.
- Sends an alert if the rules are violated.
Warning
To use Falco, install Kyverno or another product that supports writing results to wg-policy-prototypes
Getting started
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
Installation using Yandex Cloud Marketplace
- Go to the folder page
and select Managed Service for Kubernetes. - Click the Managed Service for Kubernetes cluster name and select the
Marketplace tab. - Under Application available for installation, select Falco and click Go to install.
- Configure the application:
- Namespace: Select or create a namespace for Falco.
- Application name: Enter a name for the application.
- Click Install.
- Wait for the application to change its status to
Deployed
.
Installation using a Helm chart
-
Install Helm
v3.7.0 or higher. -
Install kubectl
and configure it to work with the created cluster. -
To install a Helm chart
with Falco, run the following command:export HELM_EXPERIMENTAL_OCI=1 && \ helm pull oci://cr.yandex/yc-marketplace/falco \ --version 2.2.5 \ --untar && \ helm install \ --namespace <namespace> \ --create-namespace \ falco ./falco