Installing Falco

The Falco Project is intended to secure the operation of Linux-based operating systems.

The Falco application:

• Parses Linux kernel system calls at runtime.
• Analyzes signals using a configurable set of rules.
• Sends an alert if the rules are violated.

Getting startedGetting started

Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.

Installation using Yandex Cloud MarketplaceInstallation using Yandex Cloud Marketplace

1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
3. Under Application available for installation, select Falco and click Go to install.
4. Configure the application:
   • Namespace: Create a new namespace, e.g., falco-space. If you leave the default namespace, Falco may work incorrectly.
   • Application name: Specify the application name.
5. Click Install.
6. Wait for the application to change its status to Deployed.

Installation using a Helm chartInstallation using a Helm chart

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with Falco, run the following command:

   helm pull oci://cr.yandex/yc-marketplace/falco \
     --version 2.2.5 \
     --untar && \
   helm install \
     --namespace <namespace> \
     --create-namespace \
     falco ./falco
   

   If you set namespace to the default namespace, Falco may work incorrectly. We recommend that you specify a value different from all existing namespaces (e.g., falco-space).

   Note

   If you are using a Helm version below 3.8.0, append the export HELM_EXPERIMENTAL_OCI=1 && \ string to the command to enable Open Container Initiative (OCI) support in the Helm client.

See alsoSee also

• Falco documentation