Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FalcOMG That's Awesome

FalcOMG That's Awesome

On this panel, the Falco maintainers will discuss the great things happening in Falco a cloud-native runtime security project, the de facto Kubernetes threat detection engine. This panel of key Falco maintainers will cover:
- Brief Overview of Falco and its history
- Updates on Falco and its subprojects (Falco, falcosidekick etc)
- Contributions of the core drivers and libraries (libsinsp , libscap, the kernel module driver the eBPF driver source) and what this means for the community
- Roadmap Capabilities.

What's Coming!

Interactive QA on what you would like to see in the project.

Leonardo Di Donato

May 06, 2021
Tweet

More Decks by Leonardo Di Donato

Other Decks in Technology

Transcript

  1. Falco OMG!
    PART 1
    gh:falcosecurity/falco

    View Slide

  2. Open Source Software Engineer
    Falco Maintainer
    Sysdig
    A talk with a lot of hand gestures
    2
    Leonardo Grasso
    Open Source Software Engineer
    Falco Maintainer
    Sysdig
    Leonardo Di Donato

    View Slide

  3. A timeline always works fine
    Falco created to
    parse libsinsp
    events!
    May 2016
    Accepted as a
    CNCF
    incubation level
    hosted project
    Jan 2020
    Sysdig Inc.
    donated Falco
    to the CNCF
    Oct 2018
    3
    May 2019
    Falco
    Community
    Calls start!
    @leodido + @leogr

    View Slide

  4. Falco release process 🔗
    is now fully open!
    ● Coherent SemVer 2 versioning 🌀
    ● Falco drivers versions
    ● Artifacts 📦 🐳
    ● Fully automated
    Join our Community Calls and propose
    yourself to be part of the next release
    team!
    @leodido + @leogr

    View Slide

  5. New contributors YaY!
    😺
    ❏ IBM
    ❏ Amazon
    ❏ Mercari
    ❏ Hetzner Cloud
    ❏ DeltaTre
    ❏ VMWare
    ❏ move:elevator
    gh:falcosecurity/.github/maintainers.yaml
    @leodido + @leogr

    View Slide

  6. Falco Open Infra
    ❏ EKS
    ❏ Kubernetes
    ❏ Prow
    ❏ ProwJob
    ❏ Plugins
    Thanks to Jonah & Max too!
    prow.falco.org 🔗
    gh:falcosecurity/test-infra 🔗
    ❏ How Falco uses Prow on AWS for open source testing
    ❏ By leodido and jonahjon @ AWS blog
    ❏ Going Beyond CI/CD with Prow
    ❏ By leodido @ KubeCon NA 2020
    ❏ Drivers Build Grid
    ❏ By leodido, fntlnz, and jonahjon
    ❏ Update maintainers list + ProwJob definition
    ❏ By leodido
    ❏ Update K8S manifests + ProwJob definition
    ❏ By leogr
    @leodido + @leogr

    View Slide

  7. download.falco.org
    🔗
    ❏ Packages
    ❏ RPM
    ❏ DEB
    ❏ Binary
    ❏ Drivers (more than 3,5K)
    ❏ Amazon Linux 1 & 2
    ❏ Ubuntu & Ubuntu AWS
    ❏ CentOS
    ❏ Debian
    @leodido + @leogr

    View Slide

  8. Contribution of the libraries
    and the drivers to the CNCF

    View Slide

  9. Contribution of the
    libraries and the drivers
    ❏ Libraries
    ❏ libsinsp
    ❏ libscap
    ❏ Drivers
    ❏ Kernel module
    ❏ eBPF probe
    @leodido + @leogr
    proposal 🔗
    blog post 🔗

    View Slide

  10. We go grab a coffee before you ask questions...
    10
    falcosidekick turn
    now!
    ❏ twitter.com/leodido
    ❏ github.com/leodido
    ❏ twitter.com/leogrease
    ❏ github.com/leogr
    ❏ github.com/falcosecurity/falco
    ❏ github.com/falcosecurity/libs
    ❏ kubernetes.slack.com/messages/falco

    View Slide

  11. Connect Falco to your
    ecosystem with Falcosidekick
    Falco OMG! PART 2
    gh:falcosecurity/falcosidekick

    View Slide

  12. less gesture but still a moustashe
    12
    Thomas Labarussias
    SRE at Qonto
    Falco Contributor
    Falcosidekick Creator

    View Slide

  13. Falco architecture
    13

    View Slide

  14. What is Falcosidekick
    14
    push
    push
    push
    push
    pull
    push
    push
    push
    push
    only if priority > critical

    View Slide

  15. What is Falcosidekick
    15
    github.com/falcosecurity/falcosidekick
    chat logs queue/streaming
    faas metrics alerting storage
    and more ...
    Connects Falco to
    your ecosystem

    View Slide

  16. Respond to threats
    16
    AWS Lambda
    Kubeless
    OpenFaas
    Knative
    Detection Notification
    Action

    View Slide

  17. Demo
    17

    View Slide

  18. “how to translate Falco
    website into your language”
    turn now!
    ❏ github.com/Issif
    ❏ github.com/falcosecurity/falcosidekick
    ❏ github.com/falcosecurity/falcosidekick-ui

    View Slide

  19. Falco i18n
    Falco OMG! PART 3
    gh:falcosecurity/falcosidekick

    View Slide

  20. “In real open source, you have the right to control your own destiny.” Linus
    Torvalds
    20
    Radhika Puthiyetath
    Principal Technical Writer, Sysdig Inc.
    Falco Maintainer

    View Slide

  21. Falco i18n
    21
    ● Contributor Guidelines
    ● Translation Guidelines
    ● OWNER File
    ● config.toml
    ● i18n directory
    ● content directory

    View Slide

  22. Let us grab a coffee and talk more about i18n
    Thank You

    View Slide