Skip to content
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.

Commit

Permalink
Merge pull request #9 from unravelin/generate_fields_yaml_docker
Browse files Browse the repository at this point in the history
Generate fields.yaml when building filebeat docker image
  • Loading branch information
dan-duffy authored Oct 10, 2023
2 parents 3e3e698 + 1175dca commit b04a6ea
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 12,110 deletions.
16 changes: 15 additions & 1 deletion ravelin/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
# TODO: Move to internal golang image
FROM golang:1.21.2-alpine3.18 as fields_builder
RUN apk add build-base linux-headers python3 py3-pip && \
pip3 install --upgrade setuptools
COPY . /filebeat
WORKDIR /filebeat/ravelin
RUN sh install-mage.sh && \
tar -zxvf mage.tar.gz && \
chmod +x mage && \
mv mage /usr/local/bin/mage && \
apk add make
RUN make build

# TODO: Move to internal filebeat image
FROM docker.elastic.co/beats/filebeat:8.9.2
USER root

Expand All @@ -10,5 +24,5 @@ COPY x-pack/filebeat/module/gcp/cloud_armor /usr/share/filebeat/module/gcp/cloud
COPY x-pack/filebeat/module/gcp/cilium /usr/share/filebeat/module/gcp/cilium

# Copying scoped fields
COPY ravelin/fields.yml fields.yml
COPY --from=fields_builder /filebeat/ravelin/fields.yml fields.yml
USER filebeat
5 changes: 0 additions & 5 deletions ravelin/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,3 @@ build:
@cd ../filebeat && mage update
@echo "[-] filtering fields"
@python3 filter-fields.py
@echo "[-] building custom docker image"
@cd .. && docker build --platform linux/amd64 -t europe-docker.pkg.dev/ravelin-builds/container/sec-tools/filebeat:8.9.2 -f ravelin/Dockerfile .

publish:
@docker push europe-docker.pkg.dev/ravelin-builds/container/sec-tools/filebeat:8.9.2
Loading

0 comments on commit b04a6ea

Please sign in to comment.