The Falco Artifact Scope proposal is divided in two parts:
- the Part 1 - this document: the State of Art of Falco artifacts
- the Part 2: the intended state moving forward
As a project we would like to support the following artifacts.
Everything else will be moved to contrib.
As a project we will build, change, rename, and move files, documents, scripts, configurations according to the new state of the art described into Part 2.
Inspired by many previous issues and many of the weekly community calls.
falco
The Falco binary
driver
System call provider from the Linux kernel. Either (bpf, module)
falco-driver-loader
The bash script found here that tries to compile else download the driver (kernel module or eBPF probe).
package
An installable artifact that is operating system specific. All packages MUST be hosted on bintray.
image
OCI compliant container image hosted on dockerhub with tags for every release and the current master branch.
List of currently official packages (for x86 64bits only):
falco-x.y.z-x86_64.debfor debian like systems, it installs the kernel module by defaultfalco-x.y.z-x86_64.rpmfor rpm like systems, it installs the kernel module by defaultfalco-x.y.z-x86_64.tar.gzfor binary installation, it containsfalcobinary,falco-driver-loaderscript, drivers source, and related dependencies
List of currently official container images (for X86 64bits only):
| Name | Directory | Description |
|---|---|---|
| falcosecurity/falco:latest, falcosecurity/falco:tag, falcosecurity/falco:master | docker/stable | Falco (DEB built from git tag or from the master) with all the building toolchain. |
| falcosecurity/falco:latest-slim, falcosecurity/falco:tag-slim,falcosecurity/falco:master-slim | docker/slim | Falco (DEB build from git tag or from the master) without the building toolchain. |
| falcosecurity/falco-driver-loader:latest, falcosecurity/falco-driver-loader:tag, falcosecurity/falco-driver-loader:master | docker/driver-loader | falco-driver-loader as entrypoint with the building toolchain. |
| falcosecurity/falco-builder:latest | docker/builder | The complete build tool chain for compiling Falco from source. See the documentation for more details on building from source. Used to build Falco (CI). |
| falcosecurity/falco-tester:latest | docker/tester | Container image for running the Falco test suite. Used to run Falco integration tests (CI). |
| to not be published | docker/local | Built on-the-fly and used by falco-tester. |
Note: falco-builder, falco-tester (and the docker/local image which it's built on the fly by the falco-tester one) are not integrated into the release process because they are development and CI tools that need to be manually pushed only when updated.
We will modeling a loosely defined adoption of the Kubernetes and CNCF incubator efforts.
The criteria will remain loose, and tighten as needed at the discretion of the Falco open source community.
"Sandbox level"
This new contrib repository will be equivalent to the Falco Sandbox and serves as a place for the community to test-drive ideas/projects/code.
"Incubating level" projects such as falco-exporter can be promoted from contrib to their own repository.
This is done as needed, and can best be measured by the need to cut a release and use the GitHub release features. Again, this is at the discretion of the Falco open source community.
As the need for a project grows, it can ultimately achieve the highest and most coveted status within The Falco Project. "Official support."
The artifacts listed above are part of the official Falco release process. These artifact will be refined and amended by the Part 2.
The Part 1 is mainly intended as a cleanup process. For each item not listed above, ask if it needs to be moved or deleted. After the cleanup process, all items will match the Part 1 of this proposal.
Here are SOME of the items that would need to be done, for example:
- Remove
minimalfromfalcorepository (it's almost similar toslim, we don't need two images for the same purpose) - Rename
driverloaderimage tofalco-driver-loader(since it has not been release yet, we can rename it without breaking things) - Move everything else to contrib
- Move /integrations to contrib
- Move /examples to contrib
- Old documentation
Update documentation in falco-website#184.
- YAML manifest documentation to be moved to
contrib - Minikube, Kind, Puppet, Ansible, etc documentation to be moved to
contrib