Initial try at slimmer images

Signed-off-by: Michael Ducy <michael@ducy.org>

docker/kernel/linuxkit/Dockerfile

@@ -0,0 +1,41 @@
+FROM linuxkit/kernel:4.9.184 AS ksrc
+FROM alpine:3.4 AS probe-build
+ARG FALCOVER=0.17.0
+ARG SYSDIGVER=0.26.2
+
+COPY --from=ksrc /kernel-dev.tar /
+
+RUN apk add --no-cache --update wget ca-certificates \
+    build-base gcc abuild binutils \
+    bc \
+    cmake \
+    git \
+    autoconf && \
+  export KERNELVER=`uname -r  | cut -d '-' -f 1`  && \
+  export KERNELDIR=/usr/src/linux-headers-4.9.184-linuxkit/ && \
+  tar xf /kernel-dev.tar && \
+  cd $KERNELDIR && \
+  zcat /proc/1/root/proc/config.gz > .config && \
+  make olddefconfig && \
+  mkdir -p /falco/build && \
+  mkdir /src && \
+  cd /src && \
+  wget https://github.com/falcosecurity/falco/archive/$FALCOVER.tar.gz && \
+  tar zxf $FALCOVER.tar.gz && \
+  wget https://github.com/draios/sysdig/archive/$SYSDIGVER.tar.gz && \
+  tar zxf $SYSDIGVER.tar.gz && \
+  mv sysdig-$SYSDIGVER sysdig && \ 
+  cd /falco/build && \
+  cmake /src/falco-$FALCOVER && \
+  make driver && \
+  rm -rf /src && \
+  apk del wget ca-certificates \
+    build-base gcc abuild binutils \
+    bc \
+    cmake \
+    git \
+    autoconf
+
+FROM alpine:3.4
+COPY --from=probe-build /falco/build/driver/falco-probe.ko /
+CMD ["insmod","/falco-probe.ko"] 

docker/minimal/Dockerfile

@@ -0,0 +1,48 @@
+FROM ubuntu:18.04 as ubuntu
+
+ARG FALCO_VERSION=0.17.0
+
+ENV FALCO_VERSION=${FALCO_VERSION}
+
+WORKDIR /
+
+ADD https://s3.amazonaws.com/download.draios.com/stable/tgz/x86_64/falco-${FALCO_VERSION}-x86_64.tar.gz /
+
+# ADD will downnload from URL and unntar
+RUN apt-get update && \
+    apt-get install -y  binutils && \
+    # curl -O https://s3.amazonaws.com/download.draios.com/stable/tgz/x86_64/falco-${FALCO_VERSION}-x86_64.tar.gz && \
+    tar xfzv falco-${FALCO_VERSION}-x86_64.tar.gz && \
+    rm -f falco-${FALCO_VERSION}-x86_64.tar.gz && \
+    mv falco-${FALCO_VERSION}-x86_64 falco && \
+    strip falco/usr/bin/falco && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+FROM scratch
+
+COPY --from=ubuntu /lib/x86_64-linux-gnu/libanl.so.1 \
+    /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libdl.so.2 \
+    /lib/x86_64-linux-gnu/libgcc_s.so.1 /lib/x86_64-linux-gnu/libm.so.6 \
+    /lib/x86_64-linux-gnu/libnsl.so.1 /lib/x86_64-linux-gnu/libnss_compat.so.2 \
+    /lib/x86_64-linux-gnu/libnss_files.so.2 /lib/x86_64-linux-gnu/libnss_nis.so.2 \
+    /lib/x86_64-linux-gnu/libpthread.so.0 /lib/x86_64-linux-gnu/librt.so.1 \
+    /lib/x86_64-linux-gnu/libz.so.1 \
+    /lib/x86_64-linux-gnu/ 
+
+COPY --from=ubuntu /usr/lib/x86_64-linux-gnu/libstdc++.so.6 \
+    /usr/lib/x86_64-linux-gnu/libstdc++.so.6
+
+COPY --from=ubuntu /etc/ld.so.cache \
+    /etc/nsswitch.conf \
+    /etc/ld.so.cache \
+    /etc/passwd \
+    /etc/group \
+    /etc/
+
+COPY --from=ubuntu /etc/default/nss /etc/default/nss
+COPY --from=ubuntu /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+
+COPY --from=ubuntu /falco /
+
+CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]

docker/slim-dev/Dockerfile

@@ -0,0 +1,50 @@
+FROM ubuntu:18.04
+
+LABEL maintainer="Sysdig <support@sysdig.com>"
+
+ENV FALCO_REPOSITORY dev
+
+LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
+
+ENV SYSDIG_HOST_ROOT /host
+
+ENV HOME /root
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+# 	bash-completion \
+# 	bc \
+ 	ca-certificates \
+ 	curl \
+ 	gnupg2 \
+ 	jq \
+# 	netcat \
+# 	xz-utils \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
+  && curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/$FALCO_REPOSITORY/deb/draios.list \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends falco \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+# Change the falco config within the container to enable ISO 8601
+# output.
+RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \
+ && mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml
+
+# Some base images have an empty /lib/modules by default
+# If it's not empty, docker build will fail instead of
+# silently overwriting the existing directory
+RUN rm -df /lib/modules \
+ && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
+
+#COPY ./entrypoint.sh /
+# ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]

docker/slim-stable/Dockerfile

@@ -0,0 +1,50 @@
+FROM ubuntu:18.04
+
+LABEL maintainer="Sysdig <support@sysdig.com>"
+
+ENV FALCO_REPOSITORY stable
+
+LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
+
+ENV SYSDIG_HOST_ROOT /host
+
+ENV HOME /root
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+# 	bash-completion \
+# 	bc \
+ 	ca-certificates \
+ 	curl \
+ 	gnupg2 \
+ 	jq \
+# 	netcat \
+# 	xz-utils \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
+  && curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/$FALCO_REPOSITORY/deb/draios.list \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends falco \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+# Change the falco config within the container to enable ISO 8601
+# output.
+RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/falco/falco.yaml > /etc/falco/falco.yaml.new \
+ && mv /etc/falco/falco.yaml.new /etc/falco/falco.yaml
+
+# Some base images have an empty /lib/modules by default
+# If it's not empty, docker build will fail instead of
+# silently overwriting the existing directory
+RUN rm -df /lib/modules \
+ && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
+
+#COPY ./entrypoint.sh /
+# ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]