diff --git a/CMakeLists.txt b/CMakeLists.txt index d3588eb4..f2052755 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -233,3 +233,5 @@ endif() # Packages configuration include(CPackConfig) + +add_subdirectory(docker/dev) diff --git a/docker/README.md b/docker/README.md index 1ab2832f..062782a7 100644 --- a/docker/README.md +++ b/docker/README.md @@ -13,5 +13,6 @@ This directory contains various ways to package Falco as a container and related | [falcosecurity/falco-builder:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-builder) | docker/builder | The complete build tool chain for compiling Falco from source. See [the documentation](https://falco.org/docs/getting-started/source/) for more details on building from source. Used to build Falco (CI). | | [falcosecurity/falco-tester:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-tester) | docker/tester | Container image for running the Falco test suite. Used to run Falco integration tests (CI). | | _not to be published_ | docker/local | Built on-the-fly and used by falco-tester. | +| _not to be published_ | docker/dev | Built on-the-fly to test local Falco development. | -> Note: `falco-builder`, `falco-tester` (and the `docker/local` image that it's built on the fly) are not integrated into the release process because they are development and CI tools that need to be manually pushed only when updated. +> Note: `falco-builder`, `falco-tester`, `docker/local`, `docker/dev` images are not integrated into the release process because they are development and CI tools that need to be manually pushed only when updated. diff --git a/docker/dev/CMakeLists.txt b/docker/dev/CMakeLists.txt new file mode 100644 index 00000000..576c3500 --- /dev/null +++ b/docker/dev/CMakeLists.txt @@ -0,0 +1,20 @@ +# Build a docker container for local development +if(CMAKE_SYSTEM_NAME MATCHES "Linux") + set(DEV_DOCKER_CXT ${CMAKE_BINARY_DIR}/docker/dev-docker-ctx) + + # This target prepares the `tar.gz` artifact that will be passed to the dockerfile. + add_custom_target(dev-docker-prepare + COMMAND mkdir -p ${DEV_DOCKER_CXT} + COMMAND "${CMAKE_COMMAND}" --build . --target package + COMMAND ${CMAKE_COMMAND} -E copy_if_different ${CMAKE_BINARY_DIR}/falco-${FALCO_VERSION}-${FALCO_TARGET_ARCH}.tar.gz ${DEV_DOCKER_CXT}/falco.tar.gz + DEPENDS falco + ) + + add_custom_target(dev-docker + COMMAND docker build + --tag falco-nodriver-dev + -f ${CMAKE_SOURCE_DIR}/docker/dev/nodriver.Dockerfile + ${DEV_DOCKER_CXT} + DEPENDS dev-docker-prepare + ) +endif() diff --git a/docker/dev/README.md b/docker/dev/README.md new file mode 100644 index 00000000..8896f039 --- /dev/null +++ b/docker/dev/README.md @@ -0,0 +1,59 @@ +# Falco development image + +This docker image can be easily generated starting from a clean Falco build. + +## 1. Clone the Falco repo ⬇️ + +```bash +git clone https://github.com/falcosecurity/falco.git +``` + +## 2. Prepare the build directory 🏗️ + +### `falco-runner-image` tag + +The CMake command that we will see in the next section builds Falco locally on your machine, and push it into a docker image, so as you may imagine the final image that will run Falco must have a similar `GLIBC` version to your local one. For this reason, you have to use docker tags. + +The `nodriver.Dockerfile` will use the `falco-runner-image` tag to build the final image as you can see here: + +```dockerfile +FROM falco-runner-image AS runner + +... +``` + +For example, if I build Falco locally on a un `ubuntu:22-04` machine I will instruct docker to use `ubuntu:22-04` as a final running image. + +```bash +docker tag ubuntu:22.04 falco-runner-image +``` + +In this way the `nodriver.Dockerfile` will use `ubuntu:22-04` during the building phase. + +### Cmake command + +Now that we set the `falco-runner-image` tag, we are ready to build our Falco image. Starting from the project root: + +```bash +mkdir build && cd build +cmake -DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DCPACK_GENERATOR=TGZ -DFALCO_ETC_DIR=/etc/falco .. +make dev-docker +``` +> __Please note__: These cmake options `-DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DCPACK_GENERATOR=TGZ -DFALCO_ETC_DIR=/etc/falco` are the required ones but you can provide additional options to build the image according to your needs (for example you can pass `-DMINIMAL_BUILD=On` if you want a minimal build image or `-DBUILD_FALCO_MODERN_BPF=ON` if you want to include the modern bpf probe inside the image) + +## 3. Run the docker image locally 🏎️ + +```bash +docker run --rm -i -t \ + --privileged \ + -v /var/run/docker.sock:/host/var/run/docker.sock \ + -v /dev:/host/dev \ + -v /proc:/host/proc:ro \ + falco-nodriver-dev +``` + +If you change something in the Falco source code you can simply rebuild the image with: + +```bash +make dev-docker +``` diff --git a/docker/dev/nodriver.Dockerfile b/docker/dev/nodriver.Dockerfile new file mode 100644 index 00000000..9cedd3ce --- /dev/null +++ b/docker/dev/nodriver.Dockerfile @@ -0,0 +1,33 @@ +FROM ubuntu:22.04 AS builder + +COPY ./falco.tar.gz / + +WORKDIR / + +# 1. We remove the Falco directory with the name related to the version and the arch +# 2. We remove the source folder +# 3. We remove the `falco-driver-loader` binary +RUN mkdir falco; \ + tar -xzf falco.tar.gz -C falco --strip-component 1; \ + rm -rf /falco/usr/src; \ + rm /falco/usr/bin/falco-driver-loader + +# the time displayed in log messages and output messages will be in ISO 8601. +RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /falco/etc/falco/falco.yaml > /falco/etc/falco/falco.yaml.new; \ + mv /falco/etc/falco/falco.yaml.new /falco/etc/falco/falco.yaml + +# Please note: it could be necessary to change this base image according +# to the `glibc` version of the machine where you build the tar.gz package +# use `docker tag ubuntu:22.04 falco-runner-image` for example +FROM falco-runner-image AS runner + +LABEL name="falcosecurity/falco-nodriver-dev" +LABEL maintainer="cncf-falco-dev@lists.cncf.io" +LABEL usage="docker run -it --rm --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro --name NAME IMAGE" + +COPY --from=builder /falco / + +ENV HOST_ROOT /host +ENV HOME /root + +CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]