1. Home
2. Guides
3. Next-Gen WAF
4. Setup and configuration
5. Kubernetes

The official name of the container image for the Next-Gen WAF agent (formerly known as the Signal Sciences agent) is signalsciences/sigsci-agent. The sigsci-agent container image is available on Docker Hub. You can pull this image with signalsciences/sigsci-agent:latest (or replace latest with a version tag). If you need to modify this image or want to build it locally, then follow the instructions below.

Custom sigsci-agent Dockerfile

You can build on top of the existing sigsci-agent container image using FROM. However, some care needs to be taken as the Dockerfile is set up to run commands as the sigsci user instead of root. If you use the recommended Dockerfile, then you may need to change to the root user, then back to the sigsci user after any system modifications are done.

Example: Installing an additional package

dockerfile
# Start from the official sigsci-agent container
FROM signalsciences/sigsci-agent:latest

# Change to root to install a package
USER root
RUN apk --no-cache add mypackage

# Change back to the sigsci user at the end for runtime
USER sigsci

Build the agent Docker container image

Both https://dl.security.fastly.com and https://dl.signalsciences.net host the recommended sigsci-agent Dockerfile in the sigsci-agent distribution .tar.gz archive. To download and unpack the archive and then build the Docker container image, run the following commands in a terminal application:

$ curl -O https://dl.security.fastly.com/sigsci-agent/sigsci-agent_latest.tar.gz
$ mkdir sigsci-agent && tar zxvf sigsci-agent_latest.tar.gz -C sigsci-agent
$ cd sigsci-agent
$ make docker

You can use a custom name for the tags by setting IMAGE_NAME (e.g., make IMAGE_NAME=custom-prefix/sigsci-agent docker).

To build manually, run the following command, replacing YOUR-TAG and YOUR-VERSION:

$ docker build . -t your-tag:your-version

Related content

• Kubernetes installation overview