Falcon Operator
The CrowdStrike Falcon Operator installs CrowdStrike Falcon Container Sensor or CrowdStrike Falcon Node Sensor on the cluster.
The CrowdStrike Falcon Operator is an open source project and not a CrowdStrike product. As such, it carries no formal support, expressed, or implied.
About the CrowdStrike Falcon Operator
The CrowdStrike Falcon Operator deploys CrowdStrike Falcon Workload Protection to the cluster. The operator exposes 2 custom resources that allows you to deploy either the Falcon Container Sensor or Falcon Node Sensor.
About Custom Resources
Custom Resource | Description |
---|---|
FalconContainer | Manages installation of Falcon Container Sensor on the cluster |
FalconNodeSensor | Manages installation of Falcon Linux Sensor on the cluster nodes |
Additional information can be found in FAQ document
Installation Steps
Installation steps differ based on the Operator Life-cycle Manager (OLM) availability. You can determine whether your cluster is using OLM by running: kubectl get crd catalogsources.operators.coreos.com
-
(option 1): In case your cluster is not using OLM (Operator Life-cycle Manager), run:
kubectl apply -f https://raw.githubusercontent.com/CrowdStrike/falcon-operator/main/deploy/falcon-operator.yaml
-
(option 2): In case your cluster is using OLM, run:
OPERATOR_NAMESPACE=falcon-operator kubectl create ns $OPERATOR_NAMESPACE --dry-run=client -o yaml | kubectl apply -f - operator-sdk run bundle quay.io/crowdstrike/falcon-operator-bundle:latest --namespace $OPERATOR_NAMESPACE
After the installation concludes, please proceed with deploying either Falcon Container Sensor or Falcon Node Sensor.
Uninstall Steps
- To uninstall Falcon Operator when OLM is installed, run:
operator-sdk cleanup falcon-operator --namespace falcon-operator
- To uninstall Falcon Operator when OLM is not in use, run:
kubectl delete -f https://raw.githubusercontent.com/CrowdStrike/falcon-operator/main/deploy/falcon-operator.yaml
Getting Help
If you encounter any issues while using the Falcon Operator, you can create an issue on our Github repo for bugs, enhancements, or other requests.
Contributing
You can contribute by:
- Raising any issues you find using Falcon Operator
- Fixing issues by opening Pull Requests
- Improving documentation
- Talking about the CrowdStrike Falcon Operator
All bugs, tasks or enhancements are tracked as GitHub issues.
Additional Resources
- CrowdStrike Container Security: Product Page
- So You Think Your Containers Are Secure? Four Steps to Ensure a Secure Container Deployment: Blog Post
- Container Security With CrowdStrike: Blog Post
- To learn more about Falcon Container Sensor for Linux: Deployment Guide, Release Notes
- Developer Documentation