1. Answers
  2. Deploying CrowdStrike Falcon on Kubernetes

How do I deploy CrowdStrike Falcon on Kubernetes?

In this guide, we will deploy CrowdStrike Falcon on a Kubernetes cluster using Pulumi. CrowdStrike Falcon is a cloud-native endpoint security solution that provides comprehensive protection against cyber threats. By deploying Falcon on Kubernetes, we can ensure that our containerized applications are protected.

We will create a Kubernetes deployment that includes the necessary configurations to run the CrowdStrike Falcon sensor.

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define the namespace for the CrowdStrike Falcon deployment
const namespace = new k8s.core.v1.Namespace("falcon-namespace", {
    metadata: { name: "falcon" },
});

// Define the CrowdStrike Falcon deployment
const falconDeployment = new k8s.apps.v1.Deployment("falcon-deployment", {
    metadata: {
        namespace: namespace.metadata.name,
        name: "falcon-sensor",
    },
    spec: {
        replicas: 1,
        selector: {
            matchLabels: {
                app: "falcon-sensor",
            },
        },
        template: {
            metadata: {
                labels: {
                    app: "falcon-sensor",
                },
            },
            spec: {
                containers: [
                    {
                        name: "falcon-sensor",
                        image: "falcon.crowdstrike.com/falcon-sensor:latest",
                        env: [
                            {
                                name: "FALCONCTL_OPT_CID",
                                value: "<YOUR_CID_HERE>", // Replace with your CrowdStrike CID
                            },
                            {
                                name: "FALCONCTL_OPT_APITOKEN",
                                value: "<YOUR_API_TOKEN_HERE>", // Replace with your CrowdStrike API token
                            },
                        ],
                        volumeMounts: [
                            {
                                name: "falcon-socket",
                                mountPath: "/var/run/falcon-sensor",
                            },
                        ],
                    },
                ],
                volumes: [
                    {
                        name: "falcon-socket",
                        hostPath: {
                            path: "/var/run/falcon-sensor",
                        },
                    },
                ],
            },
        },
    },
});

// Export the name of the namespace and the deployment
export const falconNamespace = namespace.metadata.name;
export const falconDeploymentName = falconDeployment.metadata.name;

Key Points

  • We created a Kubernetes namespace for the CrowdStrike Falcon deployment.
  • We defined a Kubernetes deployment for the Falcon sensor, specifying the necessary environment variables (FALCONCTL_OPT_CID and FALCONCTL_OPT_APITOKEN) and volume mounts.
  • The deployment ensures that the Falcon sensor runs in the specified namespace and is configured correctly.

Conclusion

We successfully deployed CrowdStrike Falcon on a Kubernetes cluster using Pulumi. This deployment ensures that our containerized applications are protected by the Falcon sensor, providing comprehensive security against cyber threats.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up