-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: switch promtails base image from debian to ubuntu #15195
Conversation
reduces CVEs Signed-off-by: Callum Styan <callumstyan@gmail.com>
Signed-off-by: Callum Styan <callumstyan@gmail.com>
20541d2
to
336d9e9
Compare
Signed-off-by: Callum Styan <callumstyan@gmail.com>
# Promtail requires debian as the base image to support systemd journal reading | ||
FROM debian:12.8-slim | ||
# Promtail requires debian or ubuntu as the base image to support systemd journal reading | ||
FROM public.ecr.aws/ubuntu/ubuntu:noble |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as for why the image from ecr instead of the official ubuntu docker hub image, see grafana/agent#6612
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Hello @cstyan!
Please, if the current pull request addresses a bug fix, label it with the |
1 similar comment
Hello @cstyan!
Please, if the current pull request addresses a bug fix, label it with the |
Hello @cstyan!
Please, if the current pull request addresses a bug fix, label it with the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-15195-to-release-3.2.x origin/release-3.2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 4d9c5bb20aba82087d87836d88d2260f7dd913ac When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-15195-to-release-3.2.x
# Create the PR body template
PR_BODY=$(gh pr view 15195 --json body --template 'Backport 4d9c5bb20aba82087d87836d88d2260f7dd913ac from #15195{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title 'chore: switch promtails base image from debian to ubuntu (backport release-3.2.x)' --body-file - --label 'size/S' --label 'type/bug' --label 'backport' --base release-3.2.x --milestone release-3.2.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-15195-to-release-3.2.x
# Create a pull request where the `base` branch is `release-3.2.x` and the `compare`/`head` branch is `backport-15195-to-release-3.2.x`.
# Remove the local backport branch
git switch main
git branch -D backport-15195-to-release-3.2.x |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-15195-to-release-3.3.x origin/release-3.3.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 4d9c5bb20aba82087d87836d88d2260f7dd913ac When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-15195-to-release-3.3.x
# Create the PR body template
PR_BODY=$(gh pr view 15195 --json body --template 'Backport 4d9c5bb20aba82087d87836d88d2260f7dd913ac from #15195{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title 'chore: switch promtails base image from debian to ubuntu (backport release-3.3.x)' --body-file - --label 'size/S' --label 'type/bug' --label 'backport' --base release-3.3.x --milestone release-3.3.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-15195-to-release-3.3.x
# Create a pull request where the `base` branch is `release-3.3.x` and the `compare`/`head` branch is `backport-15195-to-release-3.3.x`.
# Remove the local backport branch
git switch main
git branch -D backport-15195-to-release-3.3.x |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new branch
git switch --create backport-15195-to-release-2.9.x origin/release-2.9.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x 4d9c5bb20aba82087d87836d88d2260f7dd913ac When the conflicts are resolved, stage and commit the changes:
If you have the GitHub CLI installed: # Push the branch to GitHub:
git push --set-upstream origin backport-15195-to-release-2.9.x
# Create the PR body template
PR_BODY=$(gh pr view 15195 --json body --template 'Backport 4d9c5bb20aba82087d87836d88d2260f7dd913ac from #15195{{ "\n\n---\n\n" }}{{ index . "body" }}')
# Create the PR on GitHub
echo "${PR_BODY}" | gh pr create --title 'chore: switch promtails base image from debian to ubuntu (backport release-2.9.x)' --body-file - --label 'size/S' --label 'type/bug' --label 'backport' --base release-2.9.x --milestone release-2.9.x --web Or, if you don't have the GitHub CLI installed (we recommend you install it!): # Push the branch to GitHub:
git push --set-upstream origin backport-15195-to-release-2.9.x
# Create a pull request where the `base` branch is `release-2.9.x` and the `compare`/`head` branch is `backport-15195-to-release-2.9.x`.
# Remove the local backport branch
git switch main
git branch -D backport-15195-to-release-2.9.x |
Signed-off-by: Callum Styan <callumstyan@gmail.com> (cherry picked from commit 4d9c5bb)
Signed-off-by: Callum Styan <callumstyan@gmail.com> (cherry picked from commit 4d9c5bb)
Signed-off-by: Callum Styan <callumstyan@gmail.com> (cherry picked from commit 4d9c5bb)
Hi, the Debian image requires a |
This PR changes promtails base image from
debian:12.8-slim
toubuntu:noble-20241015
,noble
being ubunutu's most recent lts version. The current debian base image has a lot of security CVEs that won't be updated, while ubuntu updates packages much more regularly.Just as a quick example, the result of a trivy scan on the promtail image with debian base gives
Total: 79 (UNKNOWN: 0, LOW: 59, MEDIUM: 14, HIGH: 5, CRITICAL: 1)
while the trivy scan for the promtail image with ubunutu base results inTotal: 15 (UNKNOWN: 0, LOW: 7, MEDIUM: 8, HIGH: 0, CRITICAL: 0)
EDIT: Moved to draft until I've confirmed the new image can still grab systemd/journal logsEDIT: Couldn't trace through the makefile/Dockerfile what needs to be set for the image to build with promtail and cgo locally, but given we publish images that can get logs from journal then the automation should be set up properly. If I enforce
CGO_ENABLED=1
for themake promtail-image
target locally, I can use that image to get logs via the journal scrape job.I ran promtail in a docker container with a scrape config like this:
I also mounted my machines
/var/log/journal
directory to the same path on the container, and set--network="host"
so that:would be able to send to loki running locally on my machine.
Then once both promtail in docker and loki locally are running, I added loki as a datasource to my local grafana as well.
In my journalctl logs I see:
and we can see the same in the logs that make it to loki
from promtail