mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-01 09:02:18 +00:00
Initial try at slimmer images
Signed-off-by: Michael Ducy <michael@ducy.org>
This commit is contained in:
Michael Ducy
Leo Di Donato
parent
49030af988
commit
ac8204dc30
41
docker/kernel/linuxkit/Dockerfile
Normal file
41
docker/kernel/linuxkit/Dockerfile
Normal file
@ -0,0 +1,41 @@
|
||||
FROM linuxkit/kernel:4.9.184 AS ksrc
|
||||
FROM alpine:3.4 AS probe-build
|
||||
ARG FALCOVER=0.17.0
|
||||
ARG SYSDIGVER=0.26.2
|
||||
|
||||
COPY --from=ksrc /kernel-dev.tar /
|
||||
|
||||
RUN apk add --no-cache --update wget ca-certificates \
|
||||
build-base gcc abuild binutils \
|
||||
bc \
|
||||
cmake \
|
||||
git \
|
||||
autoconf && \
|
||||
export KERNELVER=`uname -r | cut -d '-' -f 1` && \
|
||||
export KERNELDIR=/usr/src/linux-headers-4.9.184-linuxkit/ && \
|
||||
tar xf /kernel-dev.tar && \
|
||||
cd $KERNELDIR && \
|
||||
zcat /proc/1/root/proc/config.gz > .config && \
|
||||
make olddefconfig && \
|
||||
mkdir -p /falco/build && \
|
||||
mkdir /src && \
|
||||
cd /src && \
|
||||
wget https://github.com/falcosecurity/falco/archive/$FALCOVER.tar.gz && \
|
||||
tar zxf $FALCOVER.tar.gz && \
|
||||
wget https://github.com/draios/sysdig/archive/$SYSDIGVER.tar.gz && \
|
||||
tar zxf $SYSDIGVER.tar.gz && \
|
||||
mv sysdig-$SYSDIGVER sysdig && \
|
||||
cd /falco/build && \
|
||||
cmake /src/falco-$FALCOVER && \
|
||||
make driver && \
|
||||
rm -rf /src && \
|
||||
apk del wget ca-certificates \
|
||||
build-base gcc abuild binutils \
|
||||
bc \
|
||||
cmake \
|
||||
git \
|
||||
autoconf
|
||||
|
||||
FROM alpine:3.4
|
||||
COPY --from=probe-build /falco/build/driver/falco-probe.ko /
|
||||
CMD ["insmod","/falco-probe.ko"]
|
||||
48
docker/minimal/Dockerfile
Normal file
48
docker/minimal/Dockerfile
Normal file
@ -0,0 +1,48 @@
|
||||
FROM ubuntu:18.04 as ubuntu
|
||||
|
||||
ARG FALCO_VERSION=0.17.0
|
||||
|
||||
ENV FALCO_VERSION=${FALCO_VERSION}
|
||||
|
||||
WORKDIR /
|
||||
|
||||
ADD https://s3.amazonaws.com/download.draios.com/stable/tgz/x86_64/falco-${FALCO_VERSION}-x86_64.tar.gz /
|
||||
|
||||
# ADD will downnload from URL and unntar
|
||||
RUN apt-get update && \
|
||||
apt-get install -y binutils && \
|
||||
# curl -O https://s3.amazonaws.com/download.draios.com/stable/tgz/x86_64/falco-${FALCO_VERSION}-x86_64.tar.gz && \
|
||||
tar xfzv falco-${FALCO_VERSION}-x86_64.tar.gz && \
|
||||
rm -f falco-${FALCO_VERSION}-x86_64.tar.gz && \
|
||||
mv falco-${FALCO_VERSION}-x86_64 falco && \
|
||||
strip falco/usr/bin/falco && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
FROM scratch
|
||||
|
||||
COPY --from=ubuntu /lib/x86_64-linux-gnu/libanl.so.1 \
|
||||
/lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libdl.so.2 \
|
||||
/lib/x86_64-linux-gnu/libgcc_s.so.1 /lib/x86_64-linux-gnu/libm.so.6 \
|
||||
/lib/x86_64-linux-gnu/libnsl.so.1 /lib/x86_64-linux-gnu/libnss_compat.so.2 \
|
||||
/lib/x86_64-linux-gnu/libnss_files.so.2 /lib/x86_64-linux-gnu/libnss_nis.so.2 \
|
||||
/lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/librt.so.1 \
|
||||
/lib/x86_64-linux-gnu/libz.so.1 \
|
||||
/lib/x86_64-linux-gnu/
|
||||
|
||||
COPY --from=ubuntu /usr/lib/x86_64-linux-gnu/libstdc++.so.6 \
|
||||
/usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
||||
|
||||
COPY --from=ubuntu /etc/ld.so.cache \
|
||||
/etc/nsswitch.conf \
|
||||
/etc/ld.so.cache \
|
||||
/etc/passwd \
|
||||
/etc/group \
|
||||
/etc/
|
||||
|
||||
COPY --from=ubuntu /etc/default/nss /etc/default/nss
|
||||
COPY --from=ubuntu /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
|
||||
|
||||
COPY --from=ubuntu /falco /
|
||||
|
||||
CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]
|
||||
50
docker/slim-dev/Dockerfile
Normal file
50
docker/slim-dev/Dockerfile
Normal file
@ -0,0 +1,50 @@
|
||||
FROM ubuntu:18.04
|
||||
|
||||
LABEL maintainer="Sysdig <support@sysdig.com>"
|
||||
|
||||
ENV FALCO_REPOSITORY dev
|
||||
|
||||
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
||||
|
||||
ENV SYSDIG_HOST_ROOT /host
|
||||
|
||||
ENV HOME /root
|
||||
|
||||
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
|
||||
|
||||
ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
# bash-completion \
|
||||
# bc \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg2 \
|
||||
jq \
|
||||
# netcat \
|
||||
# xz-utils \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
|
||||
&& curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/$FALCO_REPOSITORY/deb/draios.list \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y --no-install-recommends falco \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Change the falco config within the container to enable ISO 8601
|
||||
# output.
|
||||
RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \
|
||||
&& mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml
|
||||
|
||||
# Some base images have an empty /lib/modules by default
|
||||
# If it's not empty, docker build will fail instead of
|
||||
# silently overwriting the existing directory
|
||||
RUN rm -df /lib/modules \
|
||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
||||
|
||||
#COPY ./entrypoint.sh /
|
||||
# ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]
|
||||
50
docker/slim-stable/Dockerfile
Normal file
50
docker/slim-stable/Dockerfile
Normal file
@ -0,0 +1,50 @@
|
||||
FROM ubuntu:18.04
|
||||
|
||||
LABEL maintainer="Sysdig <support@sysdig.com>"
|
||||
|
||||
ENV FALCO_REPOSITORY stable
|
||||
|
||||
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
||||
|
||||
ENV SYSDIG_HOST_ROOT /host
|
||||
|
||||
ENV HOME /root
|
||||
|
||||
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
|
||||
|
||||
ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
# bash-completion \
|
||||
# bc \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg2 \
|
||||
jq \
|
||||
# netcat \
|
||||
# xz-utils \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
|
||||
&& curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/$FALCO_REPOSITORY/deb/draios.list \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y --no-install-recommends falco \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Change the falco config within the container to enable ISO 8601
|
||||
# output.
|
||||
RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \
|
||||
&& mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml
|
||||
|
||||
# Some base images have an empty /lib/modules by default
|
||||
# If it's not empty, docker build will fail instead of
|
||||
# silently overwriting the existing directory
|
||||
RUN rm -df /lib/modules \
|
||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
||||
|
||||
#COPY ./entrypoint.sh /
|
||||
# ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]
|
||||
Loading…
Reference in New Issue
Block a user