Introduction Link to heading
Hello Friends 👋 , hope everyone doing well. In this blog we are going to see how t deploy a security and compliance system using Falco in the Digital Ocean as part of DigitalOcean Kubernetes Challenge
Pre-requisite Link to heading
- Digital Ocean Account
- kubectl cli tool to interact with the kubernetes
- helm to deploy the falco
Creating the cluster Link to heading
Digital Ocean offers the managed Kubernetes service so we don’t have to manage the underlying infrastructure.
-
Step 1: Create the simple kubernetes cluster
-
Step 2: Download the kubeconfig file and put it under
.kubefolder -
Step 3: Execute the below command to make sure all nodes in running state
kubectl get nodes
Once the node in running state move to the next step
Installing the Falco Link to heading
- Update the helm
helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo update
- Install the falco
helm install falco falcosecurity/falco
- Enter the below command to see the pod is in running state
kubectl get pods
Wait for the pod to get created if the pod is still in creating state
Creating security event Link to heading
- Get the logs of the falco pod using the below command
kubectl logs -f <falco-pod-name>
- Open the new terminal and create the simple nginx pod
kubectl run --image=nginx nginx
- Get the shell inside the pod using the below command
kubectl exec -ti nginx bash
- Now on the first terminal, you will see the alert created by the falco as log
This is how we can install the falco on the k8 cluster to monitor the security events