Step-by-Step Guide

Update kubeconfigMake sure your kubeconfig is set up to interact with your EKS cluster.

You can update it using the AWS CLI:

aws eks --region <region> update-kubeconfig --name <cluster_name>

‍

Add the Sysdig Helm repository

1. helm repo add falcosecurity https://falcosecurity.github.io/charts
   helm repo update
   

Install Falco

‍Deploy Falco to your EKS cluster using Helm:

1. helm install falco falcosecurity/falco
   
2. You can customize the installation by creating a custom values file and passing it with -f <your-values-file.yaml>.
3. Ensure you review and adjust the configuration to suit your security and monitoring needs.

Verify InstallationCheck if Falco pods are running:

1. kubectl get pods -l app=falco
   
2. This command lists the Falco pods, ensuring they are running.

Configure Rules (Optional)Falco comes with a default set of rules, but you might want to customize them according to your use case. You can do this by editing the Falco configuration files or custom rules files.

Set Up Alerts (Optional)For production use, you'll likely want to set up alerting. Falco can send alerts to different destinations like email, Slack, or a custom HTTP endpoint. Configure this in the Falco settings.

‍

Read more here - https://falco.org/docs/install-operate/deployment/

‍