-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: area/promtail: Add support to install wget on promtail docker image to support docker healthcheck #11711
Conversation
Can you elaborate on what your end goal is here? It's not entirely clear to me. Promtail already serves all of it's endpoints on an HTTP port. We also have some users asking for images with even less dependencies, like a scratch image with only our binaries. I think we're more likely to go towards that direction than installing more packages. |
@cstyan As you can see the issue #11590 it says there @efficks wants to enable healthcheck on the grafana/promtail docker image but wget or curl is not installed on the image. To verify the above I went on to check it on my system and found out wget is not installed in grafana/promtail docker image:
To install wget onto the grafana/promtail docker image I appended wget to package installing stage into Dockerfile. |
I commented on the related issue, no response from the original issue reporter yet: #11590 (comment) |
@Sheikh-Abubaker okay, we can move forward with adding wget to the image. I'm not sure what's happened with the CLA check, you could try squashing all the commits into one but it might actually just be easiest to create a new branch locally off of main and force push to the branch this PR is open for. |
Signed-off-by: Sheikh-Abubaker <[email protected]>
dd3bd98
to
41c4598
Compare
@cstyan done!! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for your patience @Sheikh-Abubaker
@cstyan you're welcome, thanks for your support too 😀!! |
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 2. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Signed-off-by: Christian Haudum <[email protected]>
@Sheikh-Abubaker We would like to remove |
@chaudum No worries! |
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Original discussion about adding wget #11590 This may break someone's Docker compose installation, when they require on the `wget` powered health check. Signed-off-by: Christian Haudum <[email protected]>
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Original discussion about adding wget #11590 This may break someone's Docker compose installation, when they require on the `wget` powered health check. Signed-off-by: Christian Haudum <[email protected]> (cherry picked from commit 2eea546)
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Original discussion about adding wget #11590 This may break someone's Docker compose installation, when they require on the `wget` powered health check. Signed-off-by: Christian Haudum <[email protected]> (cherry picked from commit 2eea546)
What this PR does / why we need it:
Users will now be able to make http request on the promtail API to do the healthcheck.
Which issue(s) this PR fixes:
Fixes #11590
Special notes for your reviewer:
Checklist
CONTRIBUTING.md
guide (required)CHANGELOG.md
updatedadd-to-release-notes
labeldocs/sources/setup/upgrade/_index.md
production/helm/loki/Chart.yaml
and updateproduction/helm/loki/CHANGELOG.md
andproduction/helm/loki/README.md
. Example PRdeprecated-config.yaml
anddeleted-config.yaml
files respectively in thetools/deprecated-config-checker
directory. Example PR