github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 19:44:57 +00:00
Code Issues Projects Releases Wiki Activity
Files
6488ea8456d7c48599c6cd4481db801d88fe682d
falco/docker
History
Mark Stemm 6488ea8456 (WIP) K8s Deployment to run event generator w k8s_audit 
Add a deployment yaml that allows running the event generator in a k8s
cluster:

 - Change the event generator to create/delete objects in a namespace
   "falco-eg-sandbox" instead of "falco-event-generator". That way you
   separate the generator from the resources it modifies (mostly, the
   exception being the rolebinding).
 - Create a serviceaccount, clusterrole, and rolebinding that allows the
   event generator to create/list/delete objects in the falco-eg-sandbox
   namespace. The list of permissions is fairly broad mostly so the
   event generator can delete all resources without explicitly naming
   them. The binding does limit permissions to the falco-eg-sandbox
   namespace, though.

A one-line way to run this would be:

kubectl create namespace falco-event-generator && \
  kubectl create namespace falco-eg-sandbox && \
  kubectl apply -f event-generator-role-rolebinding-serviceaccount.yaml && \
  kubectl apply -f event-generator-k8saudit-deployment.yaml

I haven't actually pushed a new docker image to replace the current
event generator yet--the deployment yaml refers to a placeholder
falcosecurity/falco-event-generator:eg-sandbox image. Once the review is
done I'll rebase this to change the image to latest before merging.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
2020-03-12 13:12:40 +01:00
..
builder
chore(docker,cmake,scripts): correct maintainers email
2020-02-28 17:32:38 +01:00
event-generator
(WIP) K8s Deployment to run event generator w k8s_audit
2020-03-12 13:12:40 +01:00
kernel
chore(docker,cmake,scripts): correct maintainers email
2020-02-28 17:32:38 +01:00
local
new(docker): update local to use our own repositories
2020-02-28 17:32:38 +01:00
minimal
update(docker): latest or explicit FALCO_VERSION for docker images via docker build argument
2020-03-10 20:46:52 +01:00
rhel
update(docker/minimal): download falco binary
2020-02-28 17:32:38 +01:00
slim
update(docker): latest or explicit FALCO_VERSION for docker images via docker build argument
2020-03-10 20:46:52 +01:00
stable
update(docker): latest or explicit FALCO_VERSION for docker images via docker build argument
2020-03-10 20:46:52 +01:00
tester
chore(docker,cmake,scripts): correct maintainers email
2020-02-28 17:32:38 +01:00
CMakeLists.txt
Add jenkins checks (#584)
2019-04-26 12:24:15 -07:00
OWNERS
docs: specify labels that apply to each area
2019-09-16 10:11:25 +02:00
README.md
docs: reflect the changes to probeloader docker images
2019-10-11 19:43:56 +02:00

README.md

Falco Dockerfiles

This directory contains the various ways to package Falco as a container.

Currently Supported Containers

falcosecurity/falco Dockerfiles

  • ./dev: Builds a container image from the dev apt repo.
  • ./stable: Builds a container image from the stable apt repo.
  • ./local: Builds a container image from a locally provided Falco dpkg package.

Build & Testing Dockerfiles

  • ./builder: falcosecurity/falco-builder - The complete build tool chain for compiling Falco from source. See the documentation for more details on building from source.
  • ./tester: falcosecurity/falco-tester - Container image for running the Falco test suite.

Alpha Release Containers

These Dockerfiles (and resulting container images) are currently in alpha. We'd love for you to test these images and report any feedback.

Slim and Minimal Dockerfiles

The goal of these container images is to reduce the size of the underlying Falco container.

  • ./slim-dev: Like ./dev above but removes build tools for older kernels.
  • ./slim-stable: Like ./stable above but removes build tools for older kernels.
  • ./minimal: A minimal container image (~20mb), containing only the files required to run Falco.

Init Containers

These container images allow for the delivery of the kernel module or eBPF probe either via HTTP or via a container image.

  • kernel/linuxkit: Multistage Dockerfile to build a Falco kernel module for Linuxkit (Docker Desktop). Generates an alpine based container image with the kernel module, and insmod as the container CMD.
  • kernel/probeloader: Multistage Dockerfile to build a Go based application to download (via HTTPS) and load a Falco kernel module. The resulting container image can be ran as an initContainer to load the Falco module before Falco starts.