Building bpftrace Container Image with Dockerfile
BPFtrace is a powerful system tracing tool based on eBPF, which can be used to trace system and application-level dynamics. This article will introduce how to build a Docker image supporting BPFtrace using Dockerfile, so that this tool can be used in a containerized environment.
Dockerfile Explanation
FROM r.j3ss.co/bcc
The base image is r.j3ss.co/bcc, which is a pre-built image containing the BCC (BPF Compiler Collection) toolset.
ENV PATH /usr/share/bcc/tools:$PATH
Set the PATH environment variable, so that BCC tools can be directly run later.
RUN sed -i "s#deb http://deb.debian.org/debian buster main#deb http://deb.debian.org/debian buster main contrib non-free#g" /etc/apt/sources.list
Modify the APT source list, adding contrib and non-free sources to ensure that some non-free software packages can be installed.
RUN apt-get update && apt-get install -y \
ca-certificates \
clang \
curl \
gcc \
git \
g++ \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
Install a series of dependencies required for building BPFtrace, including clang, gcc, git, etc. The --no-install-recommends option avoids installing recommended packages, reducing the image size. Finally, clear the APT cache to further reduce the image size.
ENV BPFTRACE_VERSION v0.10.0
RUN git clone --depth 1 --branch "$BPFTRACE_VERSION" https://github.com/iovisor/bpftrace.git /usr/src/bpftrace \
&& ( \
cd /usr/src/bpftrace \
&& mkdir build \
&& cd build \
&& cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr .. \
&& make -j8 \
&& make install \
) \
&& rm -rf /usr/src/bpftrace
Set the version of BPFtrace to install, and clone the source code from GitHub. Then enter the source code directory, use cmake to generate build files, and use the make command to compile and install BPFtrace. The -j8 option can utilize multiple cores to accelerate the compilation process. Finally, clean up the intermediate build files to reduce the image size.
ENTRYPOINT ["bpftrace"]
Set the entry point of the container to the bpftrace command, so that BPFtrace can be directly run when starting the container, and the required parameters and probe scripts can be passed.
Building and Using the Image
Use the following command to build the image based on this Dockerfile:
docker build -t bpftrace:latest .
After the build is complete, you can start the container and run BPFtrace with the following command:
docker run --rm -it --privileged bpftrace:latest /usr/share/bcc/tools/execsnoop
This command runs the execsnoop tool, which can trace the creation of new processes. The --privileged option is required because BPFtrace needs to access kernel features.
Through this image, we can run BPFtrace in a controlled and repeatable container environment for performance analysis, troubleshooting, and other scenarios, greatly improving work efficiency.
Full Script
FROM r.j3ss.co/bcc
ENV PATH /usr/share/bcc/tools:$PATH
# Add non-free apt sources
RUN sed -i "s#deb http://deb.debian.org/debian buster main#deb http://deb.debian.org/debian buster main contrib non-free#g" /etc/apt/sources.list
RUN apt-get update && apt-get install -y \
ca-certificates \
clang \
curl \
gcc \
git \
g++ \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
# Build bpftrace
ENV BPFTRACE_VERSION v0.10.0
RUN git clone --depth 1 --branch "$BPFTRACE_VERSION" https://github.com/iovisor/bpftrace.git /usr/src/bpftrace \
&& ( \
cd /usr/src/bpftrace \
&& mkdir build \
&& cd build \
&& cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr .. \
&& make -j8 \
&& make install \
) \
&& rm -rf /usr/src/bpftrace
ENTRYPOINT ["bpftrace"]