Installing Falco with Kubernetes for Container Runtime Scanning 🚀

AWS | KOps | Private Topology | Grafana | Loki @AppddictionStudio

O the issues I encountered with this one. I started with using their “Official” docker image and that was no good out of the box on my Windows Docker Desktop PC. This is because the installation requires a particular version of the Kernel. Docker Desktop utilizes a particular version so therefore you will not be able to run this locally. In order to run this; the HOST machine must contain the correct kernel version. Trust me I even tried to build a custom image on an AWS EC2, push to an image repository, and try to build locally. That failed. The Kubernetes way is the way to go with Falco. So Falco was actually super easy to install on our cluster. I am not a very big fan of running helm right out of the box as I like to know the in and outs of what is going on prior to just running a package. So let's begin!

Roles, Bindings, and Service Accounts

We first want to set up the ClusterRoleBindings, ClusterRoles, and Services Accounts that Falco will use. In this example, we will associate them with a namespace to separate them from the default. I think it is good practice to move as much as possible into a namespace and away from default.