Installing Falco
The Falco Project is intended to secure the operation of Linux-based operating systems.
The Falco application:
- Parses Linux kernel system calls at runtime.
- Analyzes signals using a configurable set of rules.
- Sends an alert if the rules are violated.
Warning
To use Falco, install Kyverno or another product that supports writing results to wg-policy-prototypes.
Getting started
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
Installation using Yandex Cloud Marketplace
- Go to the folder page and select Managed Service for Kubernetes.
- Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
- Under Application available for installation, select Falco and click Go to install.
- Configure the application:
- Namespace: Select or create a namespace for Falco.
- Application name: Specify the app name.
- Click Install.
- Wait for the application to change its status to
Deployed.
Installation using a Helm chart
-
Install Helm v3.8.0 or higher.
-
Install kubectl and configure it to work with the created cluster.
-
To install a Helm chart with Falco, run the following command:
helm pull oci://cr.yandex/yc-marketplace/falco \ --version 2.2.5 \ --untar && \ helm install \ --namespace <namespace> \ --create-namespace \ falco ./falcoNote
If you are using a Helm version below 3.8.0, append the
export HELM_EXPERIMENTAL_OCI=1 && \string to the command to enable Open Container Initiative (OCI) support in the Helm client.