Chapter 9. Installing Falco

Welcome to Part III of this book, which will walk you through using Falco in the real world. Now that you know how Falco and its architecture work, the next step is to start using it to protect your applications and systems. In this chapter, you will learn what you need to know to install Falco in production. We will show you different scenarios and common best practices so that you can find the right instructions for your use case.

We’ll start by giving you an overview of common usage scenarios, then we’ll describe different installation methods for each of them. We strongly recommend reading about all of the installation methods, even if you need only some of them, to get a complete picture of the possibilities and choose which fits your needs best.

Choosing Your Setup

The Falco Project officially supports three ways to run Falco in production:

  • Running Falco directly on a host

  • Running Falco in a container

  • Deploying Falco to a Kubernetes cluster

Each option has a different installation method, and there are a few important differences between the first option and the others. Installing Falco directly on the host is your only choice when your environment does not include a container runtime or Kubernetes. It is also the most secure way to run Falco, because it’s isolated from the container system (and thus difficult to breach in case of compromise). However, installing Falco directly on the host is usually the most difficult solution to maintain. ...

Get Practical Cloud Native Security with Falco now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.