-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add wget to promtail Docker image #11590
Comments
@efficks I want to work on this issue, can you please specify in which file the promtail image is located ? |
@efficks I'm not understanding, the docker healthcheck system specifically requires that a container have In my mind healthcheck should be executed externally from the container, and the promtail container already runs a server to serve it's metrics and ready endpoint: got another message from magic stronghold, they still haven't received any update on their end from GW about their ToW shipment I don't know if adding more packages to the docker container is something we want to do, generally we're getting more and more requests + considering reducing the surface of what goes into the container for security reasons. |
@cstyan I agree with you on the consideration to reducing the number of things in an image. Hovewer, my proposition is to align the healthcheck practice propose by Docker and to align with the same solution the Loki image have. With wget included in the image, your users could choose the solution that with with their needs. |
tbh this sounds more like a lacking Docker feature, compared with Kubernetes that can do health probes itself over http. If you really need it, I don't think you need to build a complete new image of your own, how about just doing |
@hterik you're right, it's easy to do by myself. The feature ils note to align with the same Loki's image feature. That the user expect the same expérience from the same author. |
I'm interested on this feature ! |
With grafana agent becomming grafana alloy 1.0 promtail is in a "feature complete" status. It will continue to get bug fixes, backports, etc. but no new features. Does the ready endpoint not match what you need? |
@cstyan the endpoint is exactly what I need, the problem is there is no tool in the docker image to reach the http endpoint. Like wet or curl |
I'm not trying to be difficult, but I don't understand why you'd need to run the healthcheck from within the container itself when you can run it externally. |
Because we want to use the docker heath check feature, that uses tools in the image. It's easy to see when you start the container, with this functionality, that the container is well started with the service up and running correctly. |
@cstyan Also because we are trying to use the healthcheck system to monitor the container health with metric from telegraf. |
to do this all in one docker-compose is rather easy by inlining a docker file
Then add your healthchck like normal to that file
|
just work
|
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 2. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Original discussion about adding wget #11590 This may break someone's Docker compose installation, when they require on the `wget` powered health check. Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Original discussion about adding wget #11590 This may break someone's Docker compose installation, when they require on the `wget` powered health check. Signed-off-by: Christian Haudum <christian.haudum@gmail.com> (cherry picked from commit 2eea546)
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck. However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428). The healthcheck can be achieved by other means, e.g. 1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget` #11590 (comment) 3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code #11590 (comment) Original discussion about adding wget #11590 This may break someone's Docker compose installation, when they require on the `wget` powered health check. Signed-off-by: Christian Haudum <christian.haudum@gmail.com> (cherry picked from commit 2eea546)
Is your feature request related to a problem? Please describe.
I want to enable healthcheck on the grafana/promtail docker image but wget or curl is not installed on the image.
Describe the solution you'd like
Install wget on the default image to be able to do an http request on the promtail API to do the healthcheck.
Describe alternatives you've considered
Create my own docker image.
Additional context
Loki image is based on alpine which already includes wget on the base image. Promtail is based on debian which does not. With wget, I will be able to do a healthcheck like I does with Loki container. In the current state, we cannot do a docker healthcheck on the promtail ready API.
The text was updated successfully, but these errors were encountered: