From 48442be91e504c023289149defa457c4b186faa8 Mon Sep 17 00:00:00 2001 From: Bill Vandenberk Date: Thu, 8 Aug 2024 17:56:40 -0400 Subject: [PATCH] adds docker-compose config Signed-off-by: Bill Vandenberk --- README.md | 2 ++ docker/docker-compose/README.md | 14 ++++++++++ docker/docker-compose/docker-compose.yaml | 34 +++++++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 docker/docker-compose/README.md create mode 100644 docker/docker-compose/docker-compose.yaml diff --git a/README.md b/README.md index 97e9854c..33bc9f57 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ Considerations and guidance for Falco adopters: 5. Integrate with output destinations: Integrate Falco with SIEM, data lake systems, or other preferred output destinations to establish a robust foundation for comprehensive data analysis and enable effective incident response workflows. +### Demo Environment +A demo environemnt is provided via a docker-compose file that can be started on a docker host which includes falco, falcosidekick, falcosidekick-ui and its required redis database. For more information see the [docker-compose readme](docker/docker-compose/README.md) ## How to Contribute diff --git a/docker/docker-compose/README.md b/docker/docker-compose/README.md new file mode 100644 index 00000000..bd23ec6f --- /dev/null +++ b/docker/docker-compose/README.md @@ -0,0 +1,14 @@ +# A Warning +This environment is provided for demonstration purposes only and does not represent a production ready deployment of falco + +# Components +The components that this docker-compose file spins up are falco, falcosidekick, falcosidekick-ui and a redis database + +# Running +To start this environment run `docker-compose up` + +# Cleaning up +To clean up run `docker-compose rm` + +# Generating events +If you'd like to generate events that will trigger rules and show up in the UI you can run `docker run -it --rm falcosecurity/event-generator run syscall --loop` \ No newline at end of file diff --git a/docker/docker-compose/docker-compose.yaml b/docker/docker-compose/docker-compose.yaml new file mode 100644 index 00000000..c4b0ac43 --- /dev/null +++ b/docker/docker-compose/docker-compose.yaml @@ -0,0 +1,34 @@ +version: "3" +services: + falco: + container_name: falco + cap_drop: + - all + cap_add: + - sys_admin + - sys_resource + - sys_ptrace + volumes: + - /var/run/docker.sock:/host/var/run/docker.sock + - /proc:/host/proc:ro + - /etc:/host/etc:ro + command: '/usr/bin/falco -o http_output.enabled=true -o http_output.url="http://falco-sidekick:2801/"' + image: falcosecurity/falco-no-driver:latest + + sidekick: + container_name: falco-sidekick + image: falcosecurity/falcosidekick + environment: + WEBUI_URL: http://falco-webui:2802 + + webui: + container_name: falco-webui + image: falcosecurity/falcosidekick-ui:2.2.0 + ports: + - 2802:2802 + depends_on: + - redis + command: ['-r', 'redis:6379', '-d'] + + redis: + image: redis/redis-stack:7.2.0-v11