Falco is a cloud-native runtime security toolset. Falco gains deep insight into system behavior through its runtime rule engine. It is used to detect intrusions and abnormalities in applications, containers, hosts, and the Kubernetes orchestrator.
In this section, we will cover the installation and basic usage of Falco on Kubernetes.
Clone the k8sdevopscookbook/src repository to your workstation to use the manifest files in the chapter9 directory, as follows:
$ git clone https://github.com/k8sdevopscookbook/src.git
$ cd src/chapter9
Make sure you have a Kubernetes cluster ready and kubectl and helm configured to manage the cluster resources.
How to do it…
This section will show you how to configure and run Falco. This section is further divided into the following subsections to make this process easier:
- Installing Falco on Kubernetes
- Detecting anomalies using Falco
- Defining custom rules