Skip to content

Commit

Permalink
chore: cleanup Dockerfile(s)
Browse files Browse the repository at this point in the history
- remove extra packages
- don't use curl for Docker client creation

Signed-off-by: Rudraksh Pareek <[email protected]>
  • Loading branch information
DelusionalOptimist committed May 29, 2023
1 parent efa0ff3 commit a8b90b0
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 42 deletions.
8 changes: 2 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
FROM golang:1.20-alpine3.17 as builder

RUN apk --no-cache update
RUN apk add --no-cache bash git wget python3 linux-headers build-base clang clang-dev libc-dev llvm make gcc protobuf
RUN apk add --no-cache git clang llvm make gcc protobuf

WORKDIR /usr/src/KubeArmor

Expand All @@ -21,16 +21,12 @@ RUN make

FROM alpine:3.17 as kubearmor

RUN apk --no-cache update
RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories
RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories

RUN apk --no-cache update
RUN apk add bash curl procps
RUN apk add apparmor@community apparmor-utils@community kubectl@testing
RUN apk add apparmor@community apparmor-utils@community bash

COPY --from=builder /usr/src/KubeArmor/KubeArmor/kubearmor /KubeArmor/kubearmor
COPY --from=builder /usr/src/KubeArmor/KubeArmor/templates/* /KubeArmor/templates/


ENTRYPOINT ["/KubeArmor/kubearmor"]
3 changes: 1 addition & 2 deletions Dockerfile.init
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ COPY ./KubeArmor/BPF/tests/main.go main.go
COPY ./KubeArmor/BPF/tests/go.mod go.mod
COPY ./KubeArmor/BPF/tests/go.sum go.sum

RUN go build -o syscheck main.go
RUN CGO_ENABLED=0 go build -o syscheck main.go

### Make compiler image
FROM alpine:3.17 as kubearmor-init
Expand All @@ -21,7 +21,6 @@ RUN echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /e
RUN apk --no-cache update
RUN apk --no-cache add bash git clang llvm make gcc bpftool@edge


COPY ./KubeArmor/BPF /KubeArmor/BPF/
COPY ./KubeArmor/build/compile.sh /KubeArmor/compile.sh
COPY --from=init-builder /usr/src/KubeArmor/syscheck /KubeArmor/BPF/tests/syscheck
Expand Down
2 changes: 1 addition & 1 deletion KubeArmor/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ ifneq (, $(shell which llvm-strip))
fi
endif
endif
cd $(CURDIR); go build -ldflags "$(GIT_INFO)" -o kubearmor main.go
cd $(CURDIR); CGO_ENABLED=0 go build -ldflags "$(GIT_INFO)" -o kubearmor main.go

.PHONY: protobuf
protobuf:
Expand Down
4 changes: 2 additions & 2 deletions KubeArmor/build/compile.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh
# SPDX-License-Identifier: Apache-2.0
# Copyright 2021 Authors of KubeArmor

Expand All @@ -11,4 +11,4 @@ else
make
fi

cp *.bpf.o ignore.lst /opt/kubearmor/BPF/
cp *.bpf.o ignore.lst /opt/kubearmor/BPF/
59 changes: 28 additions & 31 deletions KubeArmor/core/dockerHandler.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ package core

import (
"context"
"encoding/json"
"errors"
"fmt"
"os"
Expand Down Expand Up @@ -41,46 +40,34 @@ type DockerHandler struct {
}

// NewDockerHandler Function
func NewDockerHandler() *DockerHandler {
func NewDockerHandler() (*DockerHandler, error) {
docker := &DockerHandler{}

// specify the docker api version that we want to use
// Versioned API: https://docs.docker.com/engine/api/

versionStr, err := kl.GetCommandOutputWithErr("curl", []string{"--silent", "--unix-socket", strings.TrimPrefix(cfg.GlobalCfg.CRISocket, "unix://"), "http://localhost/version"})
// try to create a new docker client
// If env DOCKER_API_VERSION set - NegotiateAPIVersion() won't do anything
DockerClient, err := client.NewClientWithOpts(client.FromEnv)
if err != nil {
return nil
return nil, err
}
DockerClient.NegotiateAPIVersion(context.Background())
clientVersion := DockerClient.ClientVersion()

if err := json.Unmarshal([]byte(versionStr), &docker.Version); err != nil {
kg.Warnf("Unable to get Docker version (%s)", err.Error())
}
kg.Printf("Verifying Docker API client version: %s", clientVersion)

apiVersion, _ := strconv.ParseFloat(docker.Version.APIVersion, 64)

if apiVersion >= 1.39 {
// downgrade the api version to 1.39
if err := os.Setenv("DOCKER_API_VERSION", "1.39"); err != nil {
kg.Warnf("Unable to set DOCKER_API_VERSION (%s)", err.Error())
}
} else {
// set the current api version
if err := os.Setenv("DOCKER_API_VERSION", docker.Version.APIVersion); err != nil {
kg.Warnf("Unable to set DOCKER_API_VERSION (%s)", err.Error())
}
serverVersion, err := DockerClient.ServerVersion(context.Background())
if err != nil {
return nil, err
}

// create a new client with the above env variable

DockerClient, err := client.NewClientWithOpts(client.FromEnv)
if err != nil {
return nil
if clientVersion != serverVersion.APIVersion {
kg.Warnf("Docker client (%s) and Docker server (%s) API versions don't match", clientVersion, serverVersion.APIVersion)
}

docker.DockerClient = DockerClient

kg.Printf("Initialized Docker Handler (version: %s)", docker.Version.APIVersion)
kg.Printf("Initialized Docker Handler (version: %s)", clientVersion)

return docker
return docker, nil
}

// Close Function
Expand Down Expand Up @@ -202,7 +189,11 @@ func (dm *KubeArmorDaemon) SetContainerVisibility(containerID string) {
func (dm *KubeArmorDaemon) GetAlreadyDeployedDockerContainers() {
// check if Docker exists else instantiate
if Docker == nil {
Docker = NewDockerHandler()
var err error
Docker, err = NewDockerHandler()
if err != nil {
dm.Logger.Errf("Failed to create new Docker client: %s", err)
}
}

if containerList, err := Docker.DockerClient.ContainerList(context.Background(), types.ContainerListOptions{}); err == nil {
Expand Down Expand Up @@ -278,6 +269,8 @@ func (dm *KubeArmorDaemon) GetAlreadyDeployedDockerContainers() {
dm.Logger.Printf("Detected a container (added/%.12s)", container.ContainerID)
}
}
} else {
dm.Logger.Warnf("Error while listing containers: %s", err)
}
}

Expand Down Expand Up @@ -425,7 +418,11 @@ func (dm *KubeArmorDaemon) MonitorDockerEvents() {

// check if Docker exists else instantiate
if Docker == nil {
Docker = NewDockerHandler()
var err error
Docker, err = NewDockerHandler()
if err != nil {
dm.Logger.Errf("Failed to create new Docker client: %s", err)
}
}

dm.Logger.Print("Started to monitor Docker events")
Expand Down

0 comments on commit a8b90b0

Please sign in to comment.