Installing Falco

The Falco Project provides runtime security for Linux-based operating systems.

The Falco application can:

• Parse Linux kernel system calls at runtime.
• Analyze signals using a configurable set of rules.
• Send an alert if the rules are violated.

Getting startedGetting started

Make sure the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If a rule is missing, add it.

Installation from Yandex Cloud MarketplaceInstallation from Yandex Cloud Marketplace

1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
3. Under Application available for installation, select Falco and click Go to install.
4. Configure the application:
   • Namespace: Create a new namespace, e.g., falco-space. If you leave the default namespace, Falco may work incorrectly.
   • Application name: Specify the application name.
5. Click Install.
6. Wait for the application to change its status to Deployed.

Installation using a Helm chartInstallation using a Helm chart

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. To install a Helm chart with Falco, run this command:

   helm pull oci://cr.yandex/yc-marketplace/falco \
     --version 2.2.5 \
     --untar && \
   helm install \
     --namespace <namespace> \
     --create-namespace \
     falco ./falco
   

   If you set namespace to the default namespace, Falco may work incorrectly. We recommend specifying a value different from all the existing namespaces, e.g., falco-space.

   Note

   If you are using a Helm version below 3.8.0, add the export HELM_EXPERIMENTAL_OCI=1 && \ string at the beginning of the command to enable Open Container Initiative (OCI) support in the Helm client.

See alsoSee also

• Falco documentation