github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-02 01:22:16 +00:00
Code Issues Projects Releases Wiki Activity

chore(docker): remove kernel/linuxkit and kernel/probeloader images

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2020-03-30 16:10:00 +02:00 committed by poiana
parent 61e859745d
commit ea0f78c2c2
3 changed files with 0 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker/README.md
View File

@ -23,8 +23,3 @@ The goal of these container images is to reduce the size of the underlying Falco
- `./slim-stable`: Like `./stable` above but removes build tools for older kernels. - `./slim-stable`: Like `./stable` above but removes build tools for older kernels.
- `./minimal`: A minimal container image (~20mb), containing only the files required to run Falco. - `./minimal`: A minimal container image (~20mb), containing only the files required to run Falco.
### Init Containers
These container images allow for the delivery of the kernel module or eBPF probe either via HTTP or via a container image.
- `kernel/linuxkit`: Multistage Dockerfile to build a Falco kernel module for Linuxkit (Docker Desktop). Generates an alpine based container image with the kernel module, and `insmod` as the container `CMD`.
- `kernel/probeloader`: Multistage Dockerfile to build a Go based application to download (via HTTPS) and load a Falco kernel module. The resulting container image can be ran as an `initContainer` to load the Falco module before Falco starts.

38
docker/kernel/linuxkit/Dockerfile
View File

@ -1,38 +0,0 @@
ARG ALPINE_VERSION=3.10
ARG KERNEL_VERSION=4.9.184
ARG FALCO_VERSION=0.21.0
FROM linuxkit/kernel:${KERNEL_VERSION} AS ksrc
FROM falcosecurity/falco:${FALCO_VERSION}-minimal as falco
FROM alpine:${ALPINE_VERSION} AS probe-build
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG KERNEL_VERSION=4.9.184
ARG FALCO_VERSION=0.21.0
ENV FALCO_VERSION=${FALCO_VERSION}
ENV KERNEL_VERSION=${KERNEL_VERSION}
COPY --from=ksrc /kernel-dev.tar /
COPY --from=falco /usr/src/falco-${FALCO_VERSION} /usr/src/falco-${FALCO_VERSION}
RUN apk add --no-cache --update \
build-base gcc abuild binutils \
bc \
autoconf && \
export KERNELVER=`uname -r | cut -d '-' -f 1` && \
export KERNELDIR=/usr/src/linux-headers-${KERNEL_VERSION}-linuxkit/ && \
tar xf /kernel-dev.tar && \
cd $KERNELDIR && \
zcat /proc/1/root/proc/config.gz > .config && \
make olddefconfig && \
cd /usr/src/falco-${FALCO_VERSION} && \
make && \
apk del \
build-base gcc abuild binutils \
bc \
autoconf
FROM alpine:${ALPINE_VERSION}
ARG FALCO_VERSION=0.21.0
ENV FALCO_VERSION=${FALCO_VERSION}
COPY --from=probe-build /usr/src/falco-${FALCO_VERSION}/falco-probe.ko /
CMD ["insmod","/falco-probe.ko"]

18
docker/kernel/probeloader/Dockerfile
View File

@ -1,18 +0,0 @@
FROM golang:1.13-alpine AS build
ARG FALCOCTL_REF=2be3df92edbac668284fe5c165ccb5bd6bf4e869
RUN apk --no-cache add build-base git gcc ca-certificates
RUN git clone https://github.com/falcosecurity/falcoctl.git /falcoctl
WORKDIR /falcoctl
RUN git checkout ${FALCOCTL_REF}
RUN go mod vendor
RUN CGO_ENABLED=0 GOOS=linux go build -a -o falcoctl -ldflags '-extldflags "-static"' .
FROM scratch
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=build /falcoctl/falcoctl /falcoctl
CMD ["/falcoctl", "install", "probe"]