-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathDockerfile
65 lines (56 loc) · 2.42 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#
# RHEL Universal Base Image (RHEL UBI) is a stripped down, OCI-compliant,
# base operating system image purpose built for containers. For more information
# see https://developers.redhat.com/products/rhel/ubi
#
FROM registry.access.redhat.com/ubi8/ubi:8.1
USER root
ARG container_version
# BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
ARG BUILD_DATE
# VCS_REF=$(git rev-parse --short HEAD)
ARG VCS_REF
ARG FALCON_RPM
#
# Friendly reminder that generated container images are from an open source
# project, and not a formal CrowdStrike product.
#
LABEL maintainer="https://github.com/CrowdStrike/dockerfiles/" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.schema-version="1.0" \
org.label-schema.description="CrowdStrike's Containerized Falcon Linux Sensor" \
org.label-schema.vendor="https://github.com/CrowdStrike/dockerfiles/" \
org.label-schema.url="https://github.com/CrowdStrike/dockerfiles/" \
org.label-schema.vcs-url="https://github.com/CrowdStrike/dockerfiles/" \
org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.docker.cmd="docker run -d --privileged -v /var/log:/var/log \
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
--net=host --pid=host --uts=host --ipc=host \
falcon-sensor" \
org.label-schema.container_version=$container_version \
io.openshift.tags="crowdstrike,falcon" \
io.k8s.description="CrowdStrike's Containerized Falcon Linux Sensor"
# io.openshift.min-memory 8Gi
# io.openshift.min-cpu 4
#
# 1. Apply updates to base image and install dependencies
# 2. Copy Falcon Agent RPM into container & install it, then remove the RPM
#
COPY ./$FALCON_RPM /tmp/falcon-sensor.rpm
RUN yum -y update && \
yum -y install --disablerepo=* \
--enablerepo=ubi-8-appstream \
--enablerepo=ubi-8-baseos \
libnl3 net-tools zip openssl hostname iproute /tmp/falcon-sensor.rpm && \
yum -y clean all && rm -rf /var/cache/yum && \
rm -f /tmp/falcon-sensor.rpm
#
# Copy the entrypoint script into the container and make sure
# that its executable. Add the symlink for backwards compatability
#
COPY entrypoint.sh /usr/local/bin/
RUN ln -s /usr/local/bin/entrypoint.sh /
ENV PATH ".:/bin:/usr/bin:/sbin:/usr/sbin"
WORKDIR /opt/CrowdStrike
VOLUME /var/log
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]