代码拉取完成,页面将自动刷新
# SPDX-License-Identifier: Apache-2.0
# Copyright 2021 Authors of KubeArmor
### Builder
FROM golang:1.22-alpine3.19 as builder
RUN apk --no-cache update
RUN apk add --no-cache git clang llvm make gcc protobuf
WORKDIR /usr/src/KubeArmor
COPY . .
WORKDIR /usr/src/KubeArmor/KubeArmor
RUN go install github.com/golang/protobuf/protoc-gen-go@latest
RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
RUN make
### Make executable image
FROM alpine:3.18 as kubearmor
RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories
RUN apk --no-cache update
RUN apk add apparmor@community apparmor-utils@community bash
COPY --from=builder /usr/src/KubeArmor/KubeArmor/kubearmor /KubeArmor/kubearmor
COPY --from=builder /usr/src/KubeArmor/KubeArmor/templates/* /KubeArmor/templates/
ENTRYPOINT ["/KubeArmor/kubearmor"]
### TODO ###
### build apparmor_parser binary
## debian:10 uses glibc2.28 version similar to ubi9
# FROM debian:10 AS apparmor-builder
# RUN apt-get update && apt-get install -y apparmor
# RUN mkdir /tmp/apparmor && \
# cp /sbin/apparmor_parser /tmp/apparmor/
### Make UBI-based executable image
FROM redhat/ubi9-minimal as kubearmor-ubi
ARG VERSION=latest
ENV KUBEARMOR_UBI=true
LABEL name="kubearmor" \
vendor="Accuknox" \
version=${VERSION} \
release=${VERSION} \
summary="kubearmor container image based on redhat ubi" \
description="KubeArmor is a cloud-native runtime security enforcement system that restricts the behavior \
(such as process execution, file access, and networking operations) of pods, containers, and nodes (VMs) \
at the system level."
RUN microdnf -y update && \
microdnf -y install --nodocs --setopt=install_weak_deps=0 --setopt=keepcache=0 shadow-utils procps libcap && \
microdnf clean all
RUN groupadd --gid 1000 default \
&& useradd --uid 1000 --gid default --shell /bin/bash --create-home default
COPY LICENSE /licenses/license.txt
COPY --from=builder --chown=default:default /usr/src/KubeArmor/KubeArmor/kubearmor /KubeArmor/kubearmor
COPY --from=builder --chown=default:default /usr/src/KubeArmor/KubeArmor/templates/* /KubeArmor/templates/
# TODO
# COPY --from=apparmor-builder /tmp/apparmor/apparmor_parser /usr/sbin/
# RUN chmod u+s /usr/sbin/apparmor_parser
RUN setcap "cap_sys_admin=ep cap_sys_ptrace=ep cap_ipc_lock=ep cap_sys_resource=ep cap_dac_override=ep cap_dac_read_search=ep" /KubeArmor/kubearmor
USER 1000
ENTRYPOINT ["/KubeArmor/kubearmor"]
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
