new(docker): streamline docker images

[FedeDP]

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area build

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #3165

Special notes for your reviewer:

TODO:

• falcoctl must not be shipped with Falco -> for now workarounded by using rm -rf (only in the Falco image)
• falco packages shall not have any dep (split packages in falco-kmod, falco-ebpf, and just falco (modern)), otherwise falco-debian image will ship gcc/dkms... too as deps of the Falco package
• update docs

Does this PR introduce a user-facing change?:

new(docker): streamline docker images

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [FedeDP]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[FedeDP]

For

falco packages shall not have any dep (split packages in falco-kmod, falco-ebpf, and just falco (modern)), otherwise falco-debian image will ship gcc/dkms... too as deps of the Falco package

We might want to install the Falco package without installing any deps, perhaps. I am not sure whether it is going to work though, but i guess it should.

[leogr]

Great job 👏

Left a few comments, just nitpicking 👼

[leogr]

Tentatively for
/milestone 0.39.0

[FedeDP]

/milestone 0.40.0

[leogr]

I did a second pass, and I think we are close :)

See comments below.

[leogr]

/test test-dev-packages-arm64 / test-packages

[poiana]

@leogr: No presubmit jobs available for falcosecurity/falco@master

In response to this:

/test test-dev-packages-arm64 / test-packages

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[leogr]

Hey @FedeDP

I've realized that running Falco within the driver loader differs from the original proposal's spirit. Also, using CMD would not have allowed arguments to be passed to the driver loader.

So, I've reverted those changes and reviewed command line usage examples.

I've also updated the documentation to reflect this.

Please take a look at the the suggested changes below.

[poiana]

@ekoops: changing LGTM is restricted to collaborators

In response to this:

Just left a couple of comments.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[poiana]

@ekoops: changing LGTM is restricted to collaborators

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.