Skip to content
/ lprobe Public

A command-line tool to perform Local Health Check Probes inside Container Images (ECS, Docker)

License

Apache-2.0 license
49 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fivexl/lprobe

2 Branches15 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

cageyvcageyv
Update README.md (#22)
Feb 27, 2025
d6a30d0 · Feb 27, 2025

History

37 Commits
.github/workflows
.github/workflows
Nov 10, 2024
examples
examples
Feb 4, 2023
scripts
scripts
Nov 10, 2024
.gitignore
.gitignore
Nov 26, 2022
.goreleaser.yaml
.goreleaser.yaml
Feb 4, 2023
CHANGELOG.md
CHANGELOG.md
Feb 4, 2023
Dockerfile
Dockerfile
Feb 4, 2023
LICENSE
LICENSE
Nov 26, 2022
README.md
README.md
Feb 27, 2025
go.mod
go.mod
Feb 27, 2025
go.sum
go.sum
Feb 27, 2025
grpc_healthcheck.go
grpc_healthcheck.go
Nov 10, 2024
helpers.go
helpers.go
Dec 16, 2022
http_healthcheck.go
http_healthcheck.go
Aug 22, 2023
init.go
init.go
Aug 22, 2023
main.go
main.go
Dec 16, 2022

Repository files navigation

FivexL

Why LProbe?

A command-line tool to perform Local Health Check Probes inside Container Images (ECS, Docker, Kubernetes). When your container gets breached, the intruder/attacker can use tools like wget or curl to download more tools for further exploitation and lateral movement within your system. Thus we developed LProbe as wget/curl replacement for hardened and secure container images.

HOW TO

Local run

./lprobe -port=8080 -endpoint=/

Local run for gRPC

./lprobe -port=8080 -mode=grpc

Add to a container image

You can bundle the statically compiled LProbe in your container image. Choose a binary release and download it in your Dockerfile:

ARG LPROBE_VERSION=v0.0.6
ARG TARGETPLATFORM
RUN case ${TARGETPLATFORM} in \
         "linux/amd64")  LPROBE_ARCH=amd64  ;; \
         "linux/arm64")  LPROBE_ARCH=arm64  ;; \
    esac \
 && wget -qO/bin/lprobe https://github.com/fivexl/lprobe/releases/download/${LPROBE_VERSION}/lprobe-linux-${LPROBE_ARCH} \
 && chmod +x /bin/lprobe \
 && rm -f /usr/bin/wget

Add to a container image from lprobe containter

FROM scratch
COPY --from=ghcr.io/fivexl/lprobe:0.0.6 /lprobe /bin/lprobe

Docker Healthcheck

HEALTHCHECK --interval=15s --timeout=5s --start-period=5s --retries=3 CMD [ "lprobe", "-mode=http", "-port=8080", "-endpoint=/healthz" ]

ECS Healthcheck

[ "CMD", "lprobe", "-port=8080", "-endpoint=/healthz"]

Kubernetes (k8S) Healthcheck

spec:
  containers:
  - name: server
    image: "[YOUR-DOCKER-IMAGE]"
    ports:
    - containerPort: 8080
    readinessProbe:
      exec:
        command: ["/bin/lprobe", "-port=8080", "-endpoint=/readiness"]
      initialDelaySeconds: 5
    livenessProbe:
      exec:
        command: ["/bin/lprobe", "-port=8080", "-endpoint=/liveness"]
      initialDelaySeconds: 10

It is possible to use Lprobe as mounted volume

To use Lprobe via volume mounts, you need to download the Lprobe binary and place it in the volume. Here is how you can do it:

  1. Download the Lprobe binary:
wget -qO ./Lprobe https://github.com/fivexl/lprobe/releases/download/v0.1.5/lprobe-linux-amd64
chmod +x ./Lprobe
  1. Update your Docker Compose file to mount the Lprobe binary:
services:
  nginx:
    image: nginx:latest
    volumes:
      - ./Lprobe:/Lprobe
    healthcheck:
      test: /Lprobe -mode=http -port=80 -endpoint=/
      interval: 60s
      retries: 3
      start_period: 10s
      timeout: 3s

Dev Guide

export GO111MODULE=on
go mod init lprobe
go mod tidy
go run .

go mod edit -go=1.21
go get -u -t -x ./...
go mod tidy

Source code used

Weekly review link

About

A command-line tool to perform Local Health Check Probes inside Container Images (ECS, Docker)

Topics

docker kubernetes golang aws containers ecs

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

49 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 15

v0.1.5 Latest
Feb 10, 2025
+ 14 releases

Packages 1

Contributors 4

Languages