Open rfratto opened 5 years ago
stale[bot]
commented
5 years ago This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
KKlapper
commented
4 years ago Is there any plan to proceed with this topic? The current promtail image is showing lots of vulnerabilities in outdated open source components if uploaded to AWS ECR or Google container registry.
rfratto
commented
4 years ago We haven't prioritized it, but we do understand this is important to people. I think at this stage we're still hoping for a better solution; providing an alpine image that doesn't support systemd journal reading feels a little bad.
/cc @slim-bean
KKlapper
commented
4 years ago Checking some other projects incl. Grafana, it seems to be a very common pattern to provide alpine based images and also images based on a more comprehensive operating system.
amenzhinsky
commented
2 years ago Here's what I ended up with:
FROM docker.io/grafana/promtail:2.4.0
FROM docker.io/alpine:3.14
RUN wget -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.34-r0/glibc-2.34-r0.apk && \
apk add --no-cache --force-non-repo glibc-2.34-r0.apk && \
rm glibc-2.34-r0.apk
COPY --from=0 /usr/lib/x86_64-linux-gnu/libsystemd.so /usr/local/lib/libsystemd.so
COPY --from=0 /lib/x86_64-linux-gnu/liblzma.so.5 /usr/local/lib/liblzma.so.5
COPY --from=0 /usr/lib/x86_64-linux-gnu/libzstd.so.1 /usr/local/lib/libzstd.so.1
COPY --from=0 /usr/lib/x86_64-linux-gnu/liblz4.so.1 /usr/local/lib/liblz4.so.1
COPY --from=0 /usr/lib/x86_64-linux-gnu/libgcrypt.so.20 /usr/local/lib/libgcrypt.so.20
COPY --from=0 /lib/x86_64-linux-gnu/libgpg-error.so.0 /usr/local/lib/libgpg-error.so.0
COPY --from=0 /usr/bin/promtail /usr/bin/promtail
COPY config.yml /etc/promtail/config.yml
ENV LD_LIBRARY_PATH=/usr/local/lib
CMD ["/usr/bin/promtail", "-config.expand-env", "-config.file=/etc/promtail/config.yml"]The difference in size is ~100MB
localhost/promtail latest 2931ae8e0bd1 58 seconds ago 87.5 MB
docker.io/grafana/promtail 2.4.0 f568284f5b06 2 days ago 184 MB
pourquoi42
commented
2 years ago @amenzhinsky
Maybe one of these tools can help in finding the right dependencies to copy for futur versions
https://github.com/grycap/minicon/blob/master/doc/minidock.md
https://github.com/docker-slim/docker-slim
ildar-ceo
commented
2 years ago 
jmthomas
commented
1 year ago @rfratto I see that loki-promtail is in alpine edge here: https://pkgs.alpinelinux.org/packages?name=loki-promtail&branch=edge&repo=testing&arch=&maintainer=. Will this continue to be maintained and move to community and main? It currently works with my application but I don't want to start using it if it has no future.
It appears the author is Michael Pirogov (@uu) but he isn't an official member of the grafana org. Do you know him?
Otherwise is there instructions for using a promtail agent within an Alpine image?
uu
commented
1 year ago 
Tried to bump up 2.7.1, but there's some fails in tests. https://gitlab.alpinelinux.org/uuser/aports/-/jobs/943247
jmthomas
commented
1 year ago @uu thank you for helping to support this project. I don't know you and I wanted to get someone from the Grafana org like @rfratto to weigh in on your work. Especially since loki-promtail is in alpine edge testing.
rfratto
commented
1 year ago I'm no longer involved with the Loki project and won't be able to weigh in on this, sorry folks.
cc @slim-bean
cstyan
commented
12 months ago I think we can close this, the Agent provides a debian package iirc
taraspos
commented
6 months ago Trivy reports plenty of vulnerabilities in the base image. Would be great to switch to minimalistic alpine image, similar like loki does.
% trivy image -q grafana/promtail:3.0.0
grafana/promtail:3.0.0 (debian 11.9)
Total: 148 (UNKNOWN: 0, LOW: 82, MEDIUM: 35, HIGH: 29, CRITICAL: 2)See also:
chaudum
commented
6 months ago @taraspos Thanks for the heads up.
I agree, we should do different things there:
taraspos
commented
5 months ago Hey @chaudum, thanks a lot for the debian image update.
However I see this change wasn't released still. Would it be possible prepare 2.9.9 release with this new base image?
For the systemd journal support to work in the published Docker images (
grafana/loki), we currently require promtail to be based on top of one of the Debian images due to the runtime depedency onlibsystemd.so.Since most users will likely not need this functionality and may desire an alpine-based image, one solution is to provide an alpine-flavor build of promtail with each release. (i.e.,
grafana/loki:x.y.z-alpine).Other approaches to this are welcome in the comments!