Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add wget to promtail Docker image #11590

Closed
efficks opened this issue Jan 5, 2024 · 13 comments · Fixed by #11711
Closed

Add wget to promtail Docker image #11590

efficks opened this issue Jan 5, 2024 · 13 comments · Fixed by #11711
Labels
docker Pull requests that update Docker code type/feature Something new we should do

Comments

@efficks
Copy link

efficks commented Jan 5, 2024

Is your feature request related to a problem? Please describe.
I want to enable healthcheck on the grafana/promtail docker image but wget or curl is not installed on the image.

Describe the solution you'd like
Install wget on the default image to be able to do an http request on the promtail API to do the healthcheck.

Describe alternatives you've considered
Create my own docker image.

Additional context
Loki image is based on alpine which already includes wget on the base image. Promtail is based on debian which does not. With wget, I will be able to do a healthcheck like I does with Loki container. In the current state, we cannot do a docker healthcheck on the promtail ready API.

@JStickler JStickler added type/feature Something new we should do docker Pull requests that update Docker code labels Jan 8, 2024
@Sheikh-Abubaker
Copy link
Contributor

@efficks I want to work on this issue, can you please specify in which file the promtail image is located ?

@cstyan
Copy link
Contributor

cstyan commented Jan 23, 2024

@efficks I'm not understanding, the docker healthcheck system specifically requires that a container have wget installed?

In my mind healthcheck should be executed externally from the container, and the promtail container already runs a server to serve it's metrics and ready endpoint: got another message from magic stronghold, they still haven't received any update on their end from GW about their ToW shipment

I don't know if adding more packages to the docker container is something we want to do, generally we're getting more and more requests + considering reducing the surface of what goes into the container for security reasons.

@efficks
Copy link
Author

efficks commented Feb 24, 2024

@cstyan I agree with you on the consideration to reducing the number of things in an image. Hovewer, my proposition is to align the healthcheck practice propose by Docker and to align with the same solution the Loki image have.
Loki image uses Alpine as base image and Alpine comes with wget by default.

With wget included in the image, your users could choose the solution that with with their needs.
https://docs.docker.com/reference/dockerfile/#healthcheck

@hterik
Copy link
Contributor

hterik commented Apr 6, 2024

tbh this sounds more like a lacking Docker feature, compared with Kubernetes that can do health probes itself over http.

If you really need it, I don't think you need to build a complete new image of your own, how about just doing FROM grafana/promtail:... and add whatever you need yourself after? Even if you were to start from a complete blank image it's not that much.

@efficks
Copy link
Author

efficks commented Apr 6, 2024

@hterik you're right, it's easy to do by myself. The feature ils note to align with the same Loki's image feature. That the user expect the same expérience from the same author.
Also, yes Docker lack this feature, but ,I think, it's not a bad feature to provide to your end users.

@titouan-joseph
Copy link

I'm interested on this feature !
I understand the goal to reduce the number of tools on the image, if wget is not installed, can we have an alternative solution to have an health check for promtail ?
May be with a built in promatail command ?

@cstyan
Copy link
Contributor

cstyan commented Apr 12, 2024

With grafana agent becomming grafana alloy 1.0 promtail is in a "feature complete" status. It will continue to get bug fixes, backports, etc. but no new features. Does the ready endpoint not match what you need?

@titouan-joseph
Copy link

@cstyan the endpoint is exactly what I need, the problem is there is no tool in the docker image to reach the http endpoint. Like wet or curl

@cstyan
Copy link
Contributor

cstyan commented Apr 12, 2024

I'm not trying to be difficult, but I don't understand why you'd need to run the healthcheck from within the container itself when you can run it externally.

@titouan-joseph
Copy link

Because we want to use the docker heath check feature, that uses tools in the image. It's easy to see when you start the container, with this functionality, that the container is well started with the service up and running correctly.

@efficks
Copy link
Author

efficks commented Apr 15, 2024

@cstyan Also because we are trying to use the healthcheck system to monitor the container health with metric from telegraf.
There's many use case of using the healthcheck system from Docker.
Yes, I can easily create my own image. I have the system for that. The issue was more related the unify the exposed service in promtail et loki. Made is easier to use for us the client.

@a10kiloham
Copy link

a10kiloham commented May 11, 2024

to do this all in one docker-compose is rather easy by inlining a docker file
replace the image: line with this

    build:
      context: .
      dockerfile_inline: |
        FROM grafana/promtail:latest
        RUN apt-get update && apt-get install -y curl

Then add your healthchck like normal to that file

    healthcheck:
      test: whatever || exit 1
      interval: 60s
      retries: 5
      start_period: 20s
      timeout: 10s

@bulch
Copy link

bulch commented Sep 6, 2024

just work

healthcheck:
      test: ["CMD-SHELL", "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/9080; exit $?;'"]
      interval: 20s
      retries: 30
      timeout: 10s
      start_period: 10s

chaudum added a commit that referenced this issue Nov 25, 2024
The package has been added to the Docker image with PR #11711 with the
intention to support the Docker healthcheck.

However, to reduce the attack surface of our Docker images, we want to
keep them as slim as possible. The current version of Promtail (3.3.0)
for example contains a wget version with vulnerability
[CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428).

The healthcheck can be achieved by other means, e.g.

1. Extend the `grafana/promtail` base image and add `wget` using `apt
   install wget`
   #11590 (comment)
2. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and
   check the exit code
   #11590 (comment)

Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
chaudum added a commit that referenced this issue Nov 27, 2024
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck.

However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428).

The healthcheck can be achieved by other means, e.g.

1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget`
   #11590 (comment)
3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code
   #11590 (comment)

Original discussion about adding wget #11590
This may break someone's Docker compose installation, when they require on the `wget` powered health check.


Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
loki-gh-app bot pushed a commit that referenced this issue Nov 27, 2024
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck.

However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428).

The healthcheck can be achieved by other means, e.g.

1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget`
   #11590 (comment)
3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code
   #11590 (comment)

Original discussion about adding wget #11590
This may break someone's Docker compose installation, when they require on the `wget` powered health check.

Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
(cherry picked from commit 2eea546)
loki-gh-app bot pushed a commit that referenced this issue Nov 27, 2024
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck.

However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428).

The healthcheck can be achieved by other means, e.g.

1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget`
   #11590 (comment)
3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code
   #11590 (comment)

Original discussion about adding wget #11590
This may break someone's Docker compose installation, when they require on the `wget` powered health check.

Signed-off-by: Christian Haudum <christian.haudum@gmail.com>
(cherry picked from commit 2eea546)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docker Pull requests that update Docker code type/feature Something new we should do
Projects
None yet
8 participants