rthooks: support NRI

.github/renovate.json5

@@ -35,8 +35,8 @@
     "api/go.sum",
     "pkg/k8s/go.mod",
     "pkg/k8s/go.sum",
-    "contrib/rthooks/tetragon-oci-hook/go.mod",
-    "contrib/rthooks/tetragon-oci-hook/go.sum",
+    "contrib/tetragon-rthooks/go.mod",
+    "contrib/tetragon-rthooks/go.sum",
     "*Dockerfile*",
     "docs/hugo.toml",
     "install/kubernetes/tetragon/values.yaml",

.github/workflows/build-images-releases.yml

@@ -27,6 +27,9 @@ jobs:
           - name: tetragon-operator
             dockerfile: ./Dockerfile.operator
 
+          - name: tetragon-rthooks
+            dockerfile: ./Dockerfile.rthooks
+
     steps:
       # https://github.com/docker/setup-qemu-action
       - name: Set up QEMU

Dockerfile

@@ -76,8 +76,8 @@ RUN mkdir /var/lib/tetragon/ && \
     apk add --no-cache --update bash
 COPY --from=tetragon-builder /go/src/github.com/cilium/tetragon/tetragon /usr/bin/
 COPY --from=tetragon-builder /go/src/github.com/cilium/tetragon/tetra /usr/bin/
-COPY --from=tetragon-builder /go/src/github.com/cilium/tetragon/contrib/rthooks/tetragon-oci-hook/tetragon-oci-hook /usr/bin/
-COPY --from=tetragon-builder /go/src/github.com/cilium/tetragon/contrib/rthooks/tetragon-oci-hook/tetragon-oci-hook-setup /usr/bin/
+COPY --from=tetragon-builder /go/src/github.com/cilium/tetragon/contrib/tetragon-rthooks/tetragon-oci-hook /usr/bin/
+COPY --from=tetragon-builder /go/src/github.com/cilium/tetragon/contrib/tetragon-rthooks/tetragon-oci-hook-setup /usr/bin/
 COPY --from=gops /gops/gops /usr/bin/
 COPY --from=bpf-builder /go/src/github.com/cilium/tetragon/bpf/objs/*.o /var/lib/tetragon/
 ENTRYPOINT ["/usr/bin/tetragon"]

Dockerfile.rthooks

@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+
+ARG GOLANG_IMAGE=docker.io/library/golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f
+ARG BASE_IMAGE=docker.io/library/alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd
+
+# BUILDPLATFORM is an automatic platform ARG enabled by Docker BuildKit.
+# Represents the plataform where the build is happening, do not mix with
+# TARGETARCH
+FROM --platform=${BUILDPLATFORM} ${GOLANG_IMAGE} as builder
+# TARGETOS is an automatic platform ARG enabled by Docker BuildKit.
+ARG TARGETOS
+# TARGETARCH is an automatic platform ARG enabled by Docker BuildKit.
+ARG TARGETARCH
+WORKDIR /go/src/github.com/cilium/tetragon
+RUN --mount=type=bind,readwrite,target=/go/src/github.com/cilium/tetragon \
+    --mount=target=/root/.cache,type=cache \
+    --mount=target=/go/pkg/mod,type=cache \
+    make GOARCH=${TARGETARCH} tetragon-oci-hook tetragon-oci-hook-setup tetragon-nri-hook \
+    && mkdir -p /out/${TARGETOS}/${TARGETARCH}/usr/bin \
+    && mv ./contrib/tetragon-rthooks/tetragon-oci-hook       /out/${TARGETOS}/${TARGETARCH}/usr/bin \
+    && mv ./contrib/tetragon-rthooks/tetragon-oci-hook-setup /out/${TARGETOS}/${TARGETARCH}/usr/bin \
+    && mv ./contrib/tetragon-rthooks/tetragon-nri-hook       /out/${TARGETOS}/${TARGETARCH}/usr/bin
+
+FROM ${BASE_IMAGE} as image
+# TARGETOS is an automatic platform ARG enabled by Docker BuildKit.
+ARG TARGETOS
+# TARGETARCH is an automatic platform ARG enabled by Docker BuildKit.
+ARG TARGETARCH
+LABEL maintainer="[email protected]"
+COPY --from=builder /out/${TARGETOS}/${TARGETARCH}/usr/bin/tetragon-oci-hook       /usr/bin/
+COPY --from=builder /out/${TARGETOS}/${TARGETARCH}/usr/bin/tetragon-oci-hook-setup /usr/bin/
+COPY --from=builder /out/${TARGETOS}/${TARGETARCH}/usr/bin/tetragon-nri-hook       /usr/bin/
+WORKDIR /

Makefile

@@ -84,7 +84,7 @@ ifdef EXTRA_GO_BUILD_FLAGS
 endif
 
 GO_BUILD = CGO_ENABLED=0 GOARCH=$(GOARCH) $(GO) build $(GO_BUILD_FLAGS)
-GO_BUILD_HOOK = CGO_ENABLED=0 GOARCH=$(GOARCH) $(GO) -C contrib/rthooks/tetragon-oci-hook build $(GO_BUILD_FLAGS)
+GO_BUILD_HOOK = CGO_ENABLED=0 GOARCH=$(GOARCH) $(GO) -C contrib/tetragon-rthooks build $(GO_BUILD_FLAGS)
 
 .PHONY: all
 all: tetragon-bpf tetragon tetra generate-flags test-compile tester-progs protoc-gen-go-tetragon tetragon-bench
@@ -188,7 +188,10 @@ tetragon-operator:
 	$(GO_BUILD) -o $@ ./operator
 
 tetragon-oci-hook:
-	$(GO_BUILD_HOOK) -o $@ ./cmd/hook
+	$(GO_BUILD_HOOK) -o $@ ./cmd/oci-hook
+
+tetragon-nri-hook:
+	$(GO_BUILD_HOOK) -o $@ ./cmd/nri-hook
 
 tetragon-oci-hook-setup:
 	$(GO_BUILD_HOOK) -o $@ ./cmd/setup
@@ -211,7 +214,7 @@ install:
 vendor:
 	$(MAKE) -C ./api vendor
 	$(MAKE) -C ./pkg/k8s vendor
-	$(MAKE) -C ./contrib/rthooks/tetragon-oci-hook vendor
+	$(MAKE) -C ./contrib/tetragon-rthooks vendor
 	$(GO) mod tidy
 	$(GO) mod vendor
 	$(GO) mod verify
@@ -301,6 +304,11 @@ image-operator:
 	$(QUIET)@echo "Push like this when ready:"
 	$(QUIET)@echo "${CONTAINER_ENGINE} push cilium/tetragon-operator:$(DOCKER_IMAGE_TAG)"
 
+image-rthooks:
+	$(CONTAINER_ENGINE) build -f Dockerfile.rthooks -t "cilium/tetragon-rthooks:${DOCKER_IMAGE_TAG}" --platform=linux/${TARGET_ARCH} .
+	$(QUIET)@echo "Push like this when ready:"
+	$(QUIET)@echo "${CONTAINER_ENGINE} push cilium/tetragon-rthooks:$(DOCKER_IMAGE_TAG)"
+
 image-test: image-clang
 	$(CONTAINER_ENGINE) build -f Dockerfile.test -t "cilium/tetragon-test:${DOCKER_IMAGE_TAG}" .
 	$(QUIET)@echo "Push like this when ready:"