From ea0f78c2c2e96a9c96358dea9df59512b0ef348f Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Mon, 30 Mar 2020 16:10:00 +0200 Subject: [PATCH] chore(docker): remove kernel/linuxkit and kernel/probeloader images Signed-off-by: Leonardo Grasso --- docker/README.md | 5 ---- docker/kernel/linuxkit/Dockerfile | 38 ---------------------------- docker/kernel/probeloader/Dockerfile | 18 ------------- 3 files changed, 61 deletions(-) delete mode 100644 docker/kernel/linuxkit/Dockerfile delete mode 100644 docker/kernel/probeloader/Dockerfile diff --git a/docker/README.md b/docker/README.md index 0e78a8f3..d08c21e3 100644 --- a/docker/README.md +++ b/docker/README.md @@ -23,8 +23,3 @@ The goal of these container images is to reduce the size of the underlying Falco - `./slim-stable`: Like `./stable` above but removes build tools for older kernels. - `./minimal`: A minimal container image (~20mb), containing only the files required to run Falco. -### Init Containers -These container images allow for the delivery of the kernel module or eBPF probe either via HTTP or via a container image. - - `kernel/linuxkit`: Multistage Dockerfile to build a Falco kernel module for Linuxkit (Docker Desktop). Generates an alpine based container image with the kernel module, and `insmod` as the container `CMD`. - - `kernel/probeloader`: Multistage Dockerfile to build a Go based application to download (via HTTPS) and load a Falco kernel module. The resulting container image can be ran as an `initContainer` to load the Falco module before Falco starts. - diff --git a/docker/kernel/linuxkit/Dockerfile b/docker/kernel/linuxkit/Dockerfile deleted file mode 100644 index f6651e2d..00000000 --- a/docker/kernel/linuxkit/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -ARG ALPINE_VERSION=3.10 -ARG KERNEL_VERSION=4.9.184 -ARG FALCO_VERSION=0.21.0 - -FROM linuxkit/kernel:${KERNEL_VERSION} AS ksrc -FROM falcosecurity/falco:${FALCO_VERSION}-minimal as falco -FROM alpine:${ALPINE_VERSION} AS probe-build -LABEL maintainer="cncf-falco-dev@lists.cncf.io" -ARG KERNEL_VERSION=4.9.184 -ARG FALCO_VERSION=0.21.0 -ENV FALCO_VERSION=${FALCO_VERSION} -ENV KERNEL_VERSION=${KERNEL_VERSION} - -COPY --from=ksrc /kernel-dev.tar / -COPY --from=falco /usr/src/falco-${FALCO_VERSION} /usr/src/falco-${FALCO_VERSION} - -RUN apk add --no-cache --update \ - build-base gcc abuild binutils \ - bc \ - autoconf && \ - export KERNELVER=`uname -r | cut -d '-' -f 1` && \ - export KERNELDIR=/usr/src/linux-headers-${KERNEL_VERSION}-linuxkit/ && \ - tar xf /kernel-dev.tar && \ - cd $KERNELDIR && \ - zcat /proc/1/root/proc/config.gz > .config && \ - make olddefconfig && \ - cd /usr/src/falco-${FALCO_VERSION} && \ - make && \ - apk del \ - build-base gcc abuild binutils \ - bc \ - autoconf - -FROM alpine:${ALPINE_VERSION} -ARG FALCO_VERSION=0.21.0 -ENV FALCO_VERSION=${FALCO_VERSION} -COPY --from=probe-build /usr/src/falco-${FALCO_VERSION}/falco-probe.ko / -CMD ["insmod","/falco-probe.ko"] diff --git a/docker/kernel/probeloader/Dockerfile b/docker/kernel/probeloader/Dockerfile deleted file mode 100644 index 0a878115..00000000 --- a/docker/kernel/probeloader/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -FROM golang:1.13-alpine AS build -ARG FALCOCTL_REF=2be3df92edbac668284fe5c165ccb5bd6bf4e869 - -RUN apk --no-cache add build-base git gcc ca-certificates - -RUN git clone https://github.com/falcosecurity/falcoctl.git /falcoctl - -WORKDIR /falcoctl - -RUN git checkout ${FALCOCTL_REF} -RUN go mod vendor -RUN CGO_ENABLED=0 GOOS=linux go build -a -o falcoctl -ldflags '-extldflags "-static"' . - -FROM scratch -LABEL maintainer="cncf-falco-dev@lists.cncf.io" -COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=build /falcoctl/falcoctl /falcoctl -CMD ["/falcoctl", "install", "probe"]