search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
4.88k stars 894 forks source link

Missing entrypoint.sh for Dockerfile #499

Open dark0ni opened 5 days ago

dark0ni commented 5 days ago

Issue Type

Faraday version

latest

Component Name

https://github.com/infobyte/faraday/commit/02ac6d61e5bc76a3b4251aa7c1b28c4d7d9079c1 https://github.com/infobyte/faraday/blob/master/Dockerfile

Steps to reproduce

-Try to start the docker container standalone without the compose file

Expected results

Hi,

That it is possible to start the docker container standalone.

I dont understand why in MR https://github.com/infobyte/faraday/commit/02ac6d61e5bc76a3b4251aa7c1b28c4d7d9079c1 the entrypoint was removed in the Dockerfile and added in as parameter in the docker compose. Know it is not possible to start the container without to set the entrypoint manually.

In the documentation say it is possible to start the container standalone without the docker compose: https://docs.faradaysec.com/Install-guide-Docker/

Now it is not possible to start the container as standalone application, think here it is a mistake that the entrypoint is removed from the dockerfile.

ezk06eer commented 5 days ago

Hi @dark0ni , could you please provide more details? We opted for the Docker Compose approach because it simplifies the process for end users, allowing them to start all necessary services simultaneously and manage dependencies easily.

Our documentation is currently outdated; we are now on version 5.6.1, which includes some changes. We now have three main processes managed by Celery, and there are additional dependencies as well.

You might also see that in the same MR we added celery managed process.

You can modify the Docker Compose configuration to run only the faraday-server, faraday-worker, and faraday-worker-reports. However, you will need Redis and PostgreSQL as part of the setup. Users are free to implement any entrypoint they prefer, so feel free to customize as needed.

We will also be updating the Docker installation guide, as it currently reflects version 4.0 and does not include all the necessary dependencies for installation. Let me know if you need any further adjustments!

Check docker-compose.yml to guide yourself.

Cheers!

dark0ni commented 4 days ago

Hi @ezk06eer thanks for the quick response, we use the container in a Kubernetes environment and for testing local in docker without compose. In the kubernetes space we use Docker container with Helm file configs and secrets that are loaded as env vars in container.

The default behaviour for all docker container, that i know off, that they worked without a compose files (see docker hub) and have always a entrypoint. That a dockerfile dont have entrypoint is unusual.

I don't know the tool celery, but what is the benefit to add the entrypoint in the compose than in dockerfile? When i understand correctly it make no difference to let it in the dockerfile, why adding the entrypoint call to the compose, what is the benefit, both do the same?

the compose entrypoint call is only used when you want to override the entrypoint by a custom one, but in your compose you load the normal entrypoint manually 🤔

Our workflow in Kubernetes is to start a seperate postgres and give faraday pod the necessary secrets.

 -  PGSQL_HOST=internal.service.url.kubernetes
  - PGSQL_USER=faraday_postgresql 
  - PGSQL_PASSWD=postgres_password
  - PGSQL_DBNAME=faraday

For redis you can choose the same approach and use the env vars $REDIS_SERVER

or there conceptual misunderstandings from my side

Best regards