What is Falco?

Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.

For more information on the Falco, please refer to the official documentation

How to deploy?

Falco is available as part of the KKP’s default application catalog. It can be deployed to the user cluster either during the cluster creation or after the cluster is ready(existing cluster) from the Applications tab via UI.

• Select the Falco application from the Application Catalog.

• Under the Settings section, select and provide appropriate details and clck -> Next button.

• Under the Application values page section, check the default values and add values if any required to be configured explicitly. Finally click on the + Add Application to deploy the Falco application to the user cluster.

To further configure the values.yaml, find more information on the Falco Helm chart documentation.