search

falcosecurity / falco-website

Source code of the official Falco website
https://falco.org
Creative Commons Attribution 4.0 International
35 stars 222 forks source link

Try Falco on Kubernetes issue on Apple Silicon #1337

Closed ChrisChinchilla closed 3 months ago

ChrisChinchilla commented 4 months ago

/area documentation

Following the Mac steps here: https://falco.org/docs/getting-started/falco-kubernetes-quickstart/ results in errors running on Apple Silicon due to what I assume are complication issues.

I ended up reading this https://falco.org/blog/falco-apple-silicon/#falco-on-m1-on-kubernetes and got the instructions in the quickstart to work by changing:

helm install falco -n falco --set driver.kind=ebpf --set tty=true falcosecurity/falco \
--set falcosidekick.enabled=true \
--set falcosidekick.config.slack.webhookurl=$(base64 --decode <<< "aHR0cHM6Ly9ob29rcy5zbGFjay5jb20vc2VydmljZXMvVDA0QUhTRktMTTgvQjA1SzA3NkgyNlMvV2ZHRGQ5MFFDcENwNnFzNmFKNkV0dEg4") \
--set falcosidekick.config.slack.minimumpriority=notice \
--set falcosidekick.config.customfields="user:changeme"

to

helm install falco -n falco --set driver.kind=modern_ebpf --set tty=true falcosecurity/falco \
--set falcosidekick.enabled=true \
--set falcosidekick.config.slack.webhookurl=$(base64 --decode <<< "aHR0cHM6Ly9ob29rcy5zbGFjay5jb20vc2VydmljZXMvVDA0QUhTRktMTTgvQjA1SzA3NkgyNlMvV2ZHRGQ5MFFDcENwNnFzNmFKNkV0dEg4") \
--set falcosidekick.config.slack.minimumpriority=notice \
--set falcosidekick.config.customfields="user:changme"

If this is indeed the right way to fix this on Apple Silicon or all platforms, I am happy to submit a PR; I just wanted to check first as I am a bit new to using Falco.

incertum commented 4 months ago

Yes, we can change the docs more consistently to use driver.kind=modern_ebpf as it is easier and does not need a pre-compiled dirver. Feel free to open the PR against the falco-website repo and thanks!