Skip to content

Releases: ChrispyBacon-dev/DockFlare-Agent-prd

DockFlare Agent v1.0.0: Hardened, Repeatable, and Easier to Deploy

21 Sep 16:21
@ChrispyBacon-dev ChrispyBacon-dev
v1.0.0
38ea26e

Choose a tag to compare

View all tags
DockFlare Agent v1.0.0: Hardened, Repeatable, and Easier to Deploy Latest
Latest

The inaugural stable release of the DockFlare Agent is now available. This version focuses on creating repeatable builds, implementing more secure runtime defaults, and improving the overall deployment experience. The agent is designed to operate within a least-privilege Docker environment, reliably reporting container lifecycle events and managing Cloudflare tunnels for the DockFlare control plane.

Key Enhancements in this Release:

  • Multi-Architecture Docker Images: DockFlare now automatically publishes Docker images for both linux/amd64 and linux/arm64 architectures through GitHub Actions. This ensures deterministic tagging, with latest tracking the default branch and semantic versioning for v* releases.

  • Reproducible Builds: The Docker workflow has been strengthened by pinning the Python base image and locking Python dependencies. Additionally, the CLOUDFLARED_IMAGE is now exposed, granting operators the flexibility to lock into a specific Cloudflare tunnel release or digest.

  • Enhanced Security by Default: The agent container now runs as a dedicated non-root user. To further protect sensitive information, it persists its state in files with 0600 permissions, and tunnel credentials are no longer exposed as process arguments.

  • Simplified and Secure Deployment: The recommended deployment strategy now utilizes tecnativa/docker-socket-proxy:v0.4.1. This approach limits the agent's access to only the necessary Docker API endpoints, maintaining a simple deployment process with docker compose up -d. The use of a socket proxy enhances security by reducing the potential attack surface.

  • Updated Documentation: The official documentation has been refreshed to include the new hardened docker-compose stack, a comprehensive environment variable reference, and a new "Continuous Delivery" section that details the build pipeline.

To get a broader understanding of the DockFlare project and the agent's role within the platform, please visit the main repository:

https://github.com/ChrispyBacon-dev/DockFlare

Cheers,
Chris

Assets 2
Loading