Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
How does Falco do that? Based on a set of rules that Falco interprets at startup time, it waits for events and syscalls that would trigger one of those rules. When a rule is triggered, Falco raises an alert and, thanks to applications like Falco Sidekick, allows teams to react accordingly.
The technology behind it is simple: Apps are packaged as Helm charts, can be configured with values, overridden with a different app configuration, etc. - whatever meets your needs. To deploy, a CRD (Custom Resource Definition) resource is created, interpreted by the App Operator (running on the managed cluster), assigned to the Chart Operator (running on the workload cluster), and in a few seconds, our application will be deployed on as many clusters as desired.
$ kubectl exec -it golang -- git clone https://github.com/giantswarm/apptestctl src/apptestctl Cloning into 'apptestctl'... ... output omitted ... Resolving deltas: 100% (791/791), done. $ kubectl exec -it golang -- make -C src/apptestctl make: Entering directory '/go/src/apptestctl' ... output omitted ... ====> apptestctl-v-linux-amd64 ... output omitted ... cp -a apptestctl-v-linux-amd64 apptestctl ====> build make: Leaving directory '/go/src/apptestctl'
$ kubectl exec -it golang -- git clone https://github.com/giantswarm/kubectl-gs src/kubectl-gs Cloning into 'kubectl-gs'... ... output omitted ... Resolving deltas: 100% (4427/4427), done. $ kubectl exec -it golang -- make build-darwin -C src/kubectl-gs make: Entering directory '/go/src/kubectl-gs' ... output omitted ... ====> kubectl-gs-v-darwin-amd64 ... output omitted ... cp -a kubectl-gs-v-darwin-amd64 kubectl-gs-darwin ====> build-darwin make: Leaving directory '/go/src/kubectl-gs' $ kubectl cp golang:/go/src/kubectl-gs/kubectl-gs-darwin ./kubectl-gs $ kubectl chmod u+x ./kubectl-gs
You might have figured out already what each parameter represents. kubectl gs will complain if any of those parameters are missing. Also, pay attention that we didn't use a real logo URL, but if you were using happa, the Giant Swarm Web-UI, would't you like to see a logo identifying your application?
Falco is the de facto Kubernetes threat detection engine, and also extends its reach to cloud and Linux hosts. It monitors the behavior of every process in the node and can alert us when something fishy happens.