Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Dockerfile.loki
# customize Colide Fleet by adding FluentBit
####
# Buildtime container:
####
FROM debian:buster as builder
LABEL maintainer="security@acme.com"
LABEL purpose="osquery"
RUN mkdir -p /root/go
ENV GOPATH=/root/go
ENV PATH=:$GOPATH/bin:$PATH:/usr/local/go/bin
# create the gopath
RUN export GOPATH=/root/go && export PATH=:$GOPATH/bin:$PATH:/usr/local/go/bin
RUN echo $GOPATH
# Get Current
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \
&& DEBIAN_FRONTEND=noninteractive apt -y --fix-broken install \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common \
apt-transport-https sudo libgnutls28-dev curl ca-certificates \
gnupg nodejs npm build-essential git
# Install FluentBit package key
RUN curl -L http://packages.fluentbit.io/fluentbit.key | apt-key add -
RUN echo "deb [trusted=yes] https://packages.fluentbit.io/debian/buster buster main" >> /etc/apt/sources.list
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends yarn td-agent-bit
# Download and extract golang
RUN curl -L https://golang.org/dl/go1.15.3.linux-amd64.tar.gz > go1.15.3.linux-amd64.tar.gz
RUN tar -xvzf go1.15.3.linux-amd64.tar.gz && chown -R root:root ./go && mv go /usr/local
# Add GOPATH
RUN echo "export GOPATH=/root/go" > ~/.profile && echo "PATH=$PATH:/usr/local/go/bin:$GOPATH/bin" > ~/.profile
# we need GO111MODULE=on to get a "go get" a specific tag
RUN GO111MODULE=on go get -d -v github.com/kolide/fleet@2.6.0 || true
# #TODO fix the below path so it doesn't break when the commit hash changes:::
RUN cd "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea" && GO111MODULE=on make deps && make generate && make build
# Build fluent-bit grafana loki plugin turn GO111MODULE=on because fleet build turned it off earlier
RUN GOPATH=/root/go GO111MODULE=off go get github.com/grafana/loki || true \
&& cd "/root/go/src/github.com/grafana/loki" && make fluent-bit-plugin
####
# Runtime container:
####
# customize Colide Fleet by adding FluentBit
FROM debian:buster as runtime
LABEL maintainer="security@lemonaid.com"
LABEL purpose="osquery"
# Get Current
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \
&& DEBIAN_FRONTEND=noninteractive apt -y --fix-broken install \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common \
apt-transport-https sudo libgnutls28-dev curl ca-certificates gnupg
# Install FluentBit package key
RUN curl -L http://packages.fluentbit.io/fluentbit.key | apt-key add -
RUN echo "deb [trusted=yes] https://packages.fluentbit.io/debian/buster buster main" >> /etc/apt/sources.list
# Refresh apt and install fluentbit (td-agent-bit)
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y install td-agent-bit
# Supply our FluentBit configuration to ship events to a search index
RUN rm /etc/td-agent-bit/td-agent-bit.conf
COPY td-agent-bit.conf /etc/td-agent-bit/td-agent-bit.conf
# write a startup script:
COPY startup.sh /startup.sh
# Run fleet as fleet user via sudo
RUN useradd fleet
RUN usermod -a -G fleet fleet
RUN usermod -a -G sudo fleet
RUN echo "fleet ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN usermod -a -G adm fleet
WORKDIR "/home/fleet"
RUN mkdir -p "/home/fleet/.goquery"
RUN mkdir -p "/var/log/osquery"
RUN touch "/home/fleet/.goquery/history"
RUN chown -R fleet:adm /var/log/osquery
# Copy our fleet binaries
COPY --from=builder "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea/build/fleet" /home/fleet
COPY --from=builder "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea/build/fleetctl" /home/fleet
COPY --from=builder "/root/go/src/github.com/grafana/loki/cmd/fluent-bit/out_loki.so" /home/fleet
#chmod our binaries & set user as fleet vs root
RUN chown -R fleet:fleet /home/fleet
USER fleet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment