Created
October 18, 2020 02:29
-
-
Save gjyoung1974/856e2572d0a8b8237c3d22acfc30e4aa to your computer and use it in GitHub Desktop.
Dockerfile.loki
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# customize Colide Fleet by adding FluentBit | |
#### | |
# Buildtime container: | |
#### | |
FROM debian:buster as builder | |
LABEL maintainer="security@acme.com" | |
LABEL purpose="osquery" | |
RUN mkdir -p /root/go | |
ENV GOPATH=/root/go | |
ENV PATH=:$GOPATH/bin:$PATH:/usr/local/go/bin | |
# create the gopath | |
RUN export GOPATH=/root/go && export PATH=:$GOPATH/bin:$PATH:/usr/local/go/bin | |
RUN echo $GOPATH | |
# Get Current | |
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \ | |
&& DEBIAN_FRONTEND=noninteractive apt -y --fix-broken install \ | |
&& DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common \ | |
apt-transport-https sudo libgnutls28-dev curl ca-certificates \ | |
gnupg nodejs npm build-essential git | |
# Install FluentBit package key | |
RUN curl -L http://packages.fluentbit.io/fluentbit.key | apt-key add - | |
RUN echo "deb [trusted=yes] https://packages.fluentbit.io/debian/buster buster main" >> /etc/apt/sources.list | |
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | |
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | |
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \ | |
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends yarn td-agent-bit | |
# Download and extract golang | |
RUN curl -L https://golang.org/dl/go1.15.3.linux-amd64.tar.gz > go1.15.3.linux-amd64.tar.gz | |
RUN tar -xvzf go1.15.3.linux-amd64.tar.gz && chown -R root:root ./go && mv go /usr/local | |
# Add GOPATH | |
RUN echo "export GOPATH=/root/go" > ~/.profile && echo "PATH=$PATH:/usr/local/go/bin:$GOPATH/bin" > ~/.profile | |
# we need GO111MODULE=on to get a "go get" a specific tag | |
RUN GO111MODULE=on go get -d -v github.com/kolide/fleet@2.6.0 || true | |
# #TODO fix the below path so it doesn't break when the commit hash changes::: | |
RUN cd "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea" && GO111MODULE=on make deps && make generate && make build | |
# Build fluent-bit grafana loki plugin turn GO111MODULE=on because fleet build turned it off earlier | |
RUN GOPATH=/root/go GO111MODULE=off go get github.com/grafana/loki || true \ | |
&& cd "/root/go/src/github.com/grafana/loki" && make fluent-bit-plugin | |
#### | |
# Runtime container: | |
#### | |
# customize Colide Fleet by adding FluentBit | |
FROM debian:buster as runtime | |
LABEL maintainer="security@lemonaid.com" | |
LABEL purpose="osquery" | |
# Get Current | |
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \ | |
&& DEBIAN_FRONTEND=noninteractive apt -y --fix-broken install \ | |
&& DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common \ | |
apt-transport-https sudo libgnutls28-dev curl ca-certificates gnupg | |
# Install FluentBit package key | |
RUN curl -L http://packages.fluentbit.io/fluentbit.key | apt-key add - | |
RUN echo "deb [trusted=yes] https://packages.fluentbit.io/debian/buster buster main" >> /etc/apt/sources.list | |
# Refresh apt and install fluentbit (td-agent-bit) | |
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y install td-agent-bit | |
# Supply our FluentBit configuration to ship events to a search index | |
RUN rm /etc/td-agent-bit/td-agent-bit.conf | |
COPY td-agent-bit.conf /etc/td-agent-bit/td-agent-bit.conf | |
# write a startup script: | |
COPY startup.sh /startup.sh | |
# Run fleet as fleet user via sudo | |
RUN useradd fleet | |
RUN usermod -a -G fleet fleet | |
RUN usermod -a -G sudo fleet | |
RUN echo "fleet ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers | |
RUN usermod -a -G adm fleet | |
WORKDIR "/home/fleet" | |
RUN mkdir -p "/home/fleet/.goquery" | |
RUN mkdir -p "/var/log/osquery" | |
RUN touch "/home/fleet/.goquery/history" | |
RUN chown -R fleet:adm /var/log/osquery | |
# Copy our fleet binaries | |
COPY --from=builder "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea/build/fleet" /home/fleet | |
COPY --from=builder "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea/build/fleetctl" /home/fleet | |
COPY --from=builder "/root/go/src/github.com/grafana/loki/cmd/fluent-bit/out_loki.so" /home/fleet | |
#chmod our binaries & set user as fleet vs root | |
RUN chown -R fleet:fleet /home/fleet | |
USER fleet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment