How To Set Up Runtime Container Security Monitoring with Falco Using Helm and Kubernetes

Step 1 — Creating Kubernetes Cluster

doctl k8s cluster create k8s-falco `
--auto-upgrade=false `
--node-pool "name=k8s-falco;size=s-4vcpu-8gb-amd;count=3;tag=k8s-falco;label=type=basic;auto-scale=true;min-nodes=2;max-nodes=4" `
--region sgp1
doctl kubernetes cluster kubeconfig save k8s-falco
kubectl get namespaces

Step 2— Set Up Falco with Helm

helm dependency build
helm install falco .
kubectl get pods
kubectl logs -f falco-w8gnh
helm upgrade falco .
kubectl get pods
kubectl logs -f falco-76pc5

Step 3— Install Applications for Testing Falco

kubectl create namespace ping
kubectl create -f mysql-deployment.yaml --namespace=ping
kubectl create -f mysql-service.yaml --namespace=ping
kubectl create -f ping-deployment.yaml --namespace=ping
kubectl create -f ping-service.yaml --namespace=ping
kubectl create -f client-deployment.yaml --namespace=ping
kubectl get pods -n ping

Step 4— Hack the Web Application

helm upgrade falco .
kubectl get pods
kubectl exec -it falco-8t2dh /bin/bash
kubectl exec client -n ping -- curl -F "s=OK" -F "user=bad" -F "passwd=wrongpasswd' OR 'a'='a" --form-string "ipaddr=localhost; cat /var/www/html/ping.php" -X POST http://ping/ping.php
kubectl logs -f — selector app=falco |Select-String “Error”

--

--

--

Linux Engineer — Sharing experiences configuring, fixing servers — Docker, Kubernetes, Ubuntu, CentOS

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Late Goodbye to 2018

Choosing a Cloud Service Provider: Pros and Cons of Some Popular Options

The Rise of Citizen Developers

Part 1 — Journey: Starting as Indie Hacker From scratch.

Building a real world web honeypot for CVE-2019–6340 (RCE in Drupal core)

Weekly Hydroxide #01 — Introduction

Yes, Google it.

Securing Services for Kubernetes on AWS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Muhammad Azmi Farih

Muhammad Azmi Farih

Linux Engineer — Sharing experiences configuring, fixing servers — Docker, Kubernetes, Ubuntu, CentOS

More from Medium

Create a Kubernetes Cluster in Play with Kubernetes

Kubernetes troubleshooting and automation using Robusta

How to Build a Kubernetes Environment & Scale Production

Fixing “current release manifest contains removed kubernetes api(s)”