1. Must be a CrowdStrike customer with access to the Falcon Linux Sensor (container image) and Falcon Container from the CrowdStrike Container Registry.
1. Kubernetes nodes must be Linux distributions supported by CrowdStrike.
1. Before deploying the Helm chart, you should have a Falcon Linux Sensor and/or Falcon Container sensor in your own container registry or use CrowdStrike's registry before installing the Helm Chart. See the Deployment Considerations for more.
1. Helm 3.x is installed and supported by the Kubernetes vendor.
| `falcon.tags` | Comma separated list of tags for sensor grouping | None |
| `falcon.provisioning_token` | Provisioning token value | None |
## Installing on Kubernetes Cluster Nodes
### Deployment Considerations
To ensure a successful deployment, you will want to ensure that:
1. By default, the Helm Chart installs in the `default` namespace. Best practices for deploying to Kubernetes is to create a new namespace. This can be done by adding `-n falcon-system --create-namespace` to your `helm install` command. The namespace can be any name that you wish to use.
1. The Falcon Linux Sensor (not the Falcon Container) should be used as the container image to deploy to Kubernetes nodes.
1. You must be a cluster administrator to deploy Helm Charts to the cluster.
1. When deploying the Falcon Linux Sensor (container image) to Kubernetes nodes, it is a requirement that the Falcon Sensor run as a privileged container so that the Sensor can properly work with the kernel. This is a requirement for any kernel module that gets deployed to any container-optimized operating system regardless of whether it is a security sensor, graphics card driver, etc.
1. The Falcon Linux Sensor should be deployed to Kubernetes environments that allow node access or installation via a Kubernetes DaemonSet.
1. The Falcon Linux Sensor will create `/opt/CrowdStrike` on the Kubernetes nodes. DO NOT DELETE this folder.
1. CrowdStrike's Helm Chart is a project, not a product, and released to the community as a way to automate sensor deployment to kubernetes clusters. The upstream repository for this project is [https://github.com/CrowdStrike/falcon-helm](https://github.com/CrowdStrike/falcon-helm).
### Pod Security Standards
Starting with Kubernetes 1.25, Pod Security Standards will be enforced. Setting the appropriate Pod Security Standards policy needs to be performed by adding a label to the namespace. Run the following command replacing `my-existing-namespace` with the namespace that you have installed the falcon sensors e.g. `falcon-system`..
If your cluster is OpenShift version 4.11+, you will need to add an additional label to disable added OpenShift functionality that will sync Pod Security Standard policies based on the default Security Context Constraints (SCC).
Run the following command replacing `my-existing-namespace` with the namespace that you have installed the falcon sensors e.g. `falcon-system`.
Above command will install the CrowdStrike Falcon Helm Chart with the release name `falcon-helm` in the namespace your `kubectl` context is currently set to.
You can install also install into a customized namespace by running the following:
`falcon.cid` and `node.image.repository` are required values.
For a complete listing of configurable parameters, run the following command:
```
helm show values crowdstrike/falcon-sensor
```
## Installing in Kubernetes Cluster as a Sidecar
### Deployment Considerations
To ensure a successful deployment, you will want to ensure that:
1. You must be a cluster administrator to deploy Helm Charts to the cluster.
1. When deploying the Falcon Container as a sidecar sensor, make sure that there are no firewall rules blocking communication to the Mutating Webhook. This will most likely result in a `context deadline exceeded` error. The default port for the Webhook is `4433`.
1. The Falcon Container as a sidecar sensor should be deployed to Kubernetes managed environments, or environments that do not allow node access or installation via a Kubernetes DaemonSet.
1. CrowdStrike's Helm Chart is a project, not a product, and released to the community as a way to automate sensor deployment to kubernetes clusters. The upstream repository for this project is [https://github.com/CrowdStrike/falcon-helm](https://github.com/CrowdStrike/falcon-helm).
1. Be aware that there is advanced Helm Chart functionality in use and those specific features may not work fully with GitOps tools like ArgoCD. The reason for this is that ArgoCD does not fully support Helm when compared to FluxCD. For features that do not work in this instance, disable those features until ArgoCD supports Helm correctly.
### Install CrowdStrike Falcon Helm Chart in Kubernetes Cluster as a Sidecar
Above command will install the CrowdStrike Falcon Helm Chart with the release name `falcon-helm` in the namespace your `kubectl` context is currently set to.
You can install also install into a customized namespace by running the following:
For Kubernetes clusters <1.22(or1.21wheretheNamespaceDefaultLabelNamefeaturegateisNOTenabled),besuretolabelyournamespaceforinjectorexclusionbeforeinstallingtheContainersensor:
The following tables lists the more common configurable parameters of the chart and their default values for installing the Container sensor as a Sidecar.
| `container.topologySpreadConstraints` | Defines the way pods are spread across nodes | maxSkew: 1<br>topologyKey: kubernetes.io/hostname<br>whenUnsatisfiable: ScheduleAnyway<br>labelSelector:<br> matchLabels:<br> crowdstrike.com/component: crowdstrike-falcon-injector |
| `container.image.pullSecrets.namespaces` | List of Namespaces to pull the Falcon sensor from an authenticated registry | None |
| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces | `false` |
| `container.image.pullSecrets.registryConfigJSON` | base64 encoded docker config json for the pull secret | None |
| `container.image.sensorResources` | The requests and limits of the sensor ([see example below](#example-using-containerimagesensorresources)) | None |
`falcon.cid` and `container.image.repository` are required values.
For a complete listing of configurable parameters, run the following command:
```
helm show values crowdstrike/falcon-sensor
```
#### Note about using --set with lists
If you need to provide a list of values to a `--set` command, you need to escape the commas between the values e.g. `--set falcon.tags="tag1\,tag2\,tag3"`
#### Example using container.image.sensorResources
When setting `container.image.sensorResources`, the simplest method would be to provide a values file to the `helm install` command.
