Aperture/Dockerfile.agent at main · hamzzy/Aperture · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Aperture Agent - Multi-stage build
# Requires privileged mode for eBPF: docker run --privileged --pid=host aperture-agent
# Build: docker build -f Dockerfile.agent -t aperture-agent .

FROM rust:bookworm AS builder

# Install nightly and deps for eBPF compilation (bpf-linker needs LLVM)
RUN apt-get update && apt-get install -y --no-install-recommends \
    llvm libclang-dev clang lld && \
    rm -rf /var/lib/apt/lists/* && \
    rustup install nightly && \
    rustup component add rust-src --toolchain nightly && \
    cargo +nightly install --git https://github.com/aya-rs/bpf-linker bpf-linker

WORKDIR /build
COPY Cargo.toml Cargo.lock ./
COPY .cargo/ .cargo/
COPY shared/ shared/
COPY agent/ agent/
COPY agent-ebpf/ agent-ebpf/
COPY aggregator/ aggregator/
COPY cli/ cli/
COPY wasm-runtime/ wasm-runtime/
COPY gpu-profiler/ gpu-profiler/

# Build eBPF programs first (required for agent release build; agent embeds these)
RUN cargo +nightly build -p aperture-ebpf -Zbuild-std=core --target bpfel-unknown-none --release

# Build userspace agent
RUN cargo build --release --bin aperture-agent

# Runtime image
FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates libc6-dbg && \
    rm -rf /var/lib/apt/lists/*

COPY --from=builder /build/target/release/aperture-agent /usr/local/bin/aperture-agent
RUN mkdir -p /opt/aperture/ebpf
COPY --from=builder /build/target/bpfel-unknown-none/release/cpu-profiler /opt/aperture/ebpf/
COPY --from=builder /build/target/bpfel-unknown-none/release/lock-profiler /opt/aperture/ebpf/
COPY --from=builder /build/target/bpfel-unknown-none/release/syscall-tracer /opt/aperture/ebpf/

ENTRYPOINT ["aperture-agent"]
CMD ["--mode", "cpu", "--duration", "24h"]