[Loki]: Cleanup dockerfile

[SerialVelocity]

What this PR does / why we need it:

• It reduces the amount of layers in the docker file. Installing libcap in an earlier layer and then deleting it in a later layer doesn't remove the earlier data
• It changes the user/group ID to match what the default is in the Helm chart currently
• It changes the data directory to match what the default is in the Helm chart currently
• Adds an nsswitch.conf to stop localhost DNS lookups
• Updates Dockerfile.cross to match the plain Dockerfile except setep as I'm not sure the amd64 binary will work on cross-compiled binaries

Which issue(s) this PR fixes:
Fixes #1928

Special notes for your reviewer:
The PRs that changed the user/group ID and data directory haven't made it into a release yet so this should be safe to change.

I couldn't test this as GolangCI shutdown yesterday.

Checklist

• Documentation added
• Tests updated

[CLAassistant]

All committers have signed the CLA.

[codecov-io]

Codecov Report

Merging #1949 into master will decrease coverage by 0.08%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #1949      +/-   ##
==========================================
- Coverage   64.75%   64.67%   -0.09%     
==========================================
  Files         125      125              
  Lines        9539     9539              
==========================================
- Hits         6177     6169       -8     
- Misses       2929     2942      +13     
+ Partials      433      428       -5     

Impacted Files	Coverage Δ
pkg/promtail/positions/positions.go	47.32% <0.00%> (-13.40%)	⬇️
pkg/promtail/targets/filetarget.go	70.12% <0.00%> (+1.82%)	⬆️
pkg/promtail/targets/tailer.go	78.40% <0.00%> (+4.54%)	⬆️

[cyriltovena]

@slim-bean you mentioned something about this ? I think you're good with that change right ?

[slim-bean]

this used to be /tmp a long time ago and got changed to /loki

/loki is annoying because many operating systems don't easily let you create this directory

I don't know if /data makes this any easier? my mac is dead at the moment, can you create /data (or does it exist) on mac?

[cyriltovena]

No so it's the same :)

 sudo mkdir /data
Password:
mkdir: /data: Read-only file system

[slim-bean]

I would be favor of moving this back to /tmp if we were going to change it all

[SerialVelocity]

@cyriltovena Did you run that inside the OSX docker hypervisor? By default that directory isn't shared with the host (see https://docs.docker.com/docker-for-mac/#file-sharing)

So do you want the consistency with the helm image or /tmp in this file?

[slim-bean]

We are talking about running locally on mac, not in docker at all. This is useful for us for testing/debugging etc, just run the processes and use the loki-local-config.yaml.

This broke however when it was changed to /loki some time ago because you can't make this directory on a mac (nor /data)

#1833 changed this apparently, however /loki is also kind of a poor choice, it's both unusable on mac and not linux FHS compliant.

Given the sort of dual use of this file as both the config file for a container and also running outside of containers I'm not sure the best path forward here to be honest

I'm inclined to say just leave it as is for now and we should tackle this in a separate issue.

[SerialVelocity]

Ok, I've removed the config file change

[owen-d]

Hey, this is great research/work -- thanks. I had a few nitpicks, but overall it seems a nice addition. I'll approve and if others feel similarly, please make my proposed caching-related dockerfile changes.

[owen-d]

I think there's a tradeoff here of caching vs layer reduction and I'm inclined to think that caching is a bit more preferrable although I'm biased by building this regularly. That being said, I don't think it's a huge deal either way.

[slim-bean]

sry deleted my last message, didn't read closely enough

[slim-bean]

I think I'd like to leave this as is, same as the changes below for 2 reasons:

1. We spent a stupid amount of time trying to test this worked after adding this change and I don't have time to redo this.
2. I prefer the separate run steps below I think it's easier to read and understand what the steps are doing/for

[SerialVelocity]

Could you elaborate on what you spent a lot of time testing? Adding a new package should be as simple as adding an apk add --no-cache <pkgname>.

[slim-bean]

All the cap stuff was new and we tried several combinations of where to install libcap as well as removing it and where to remove it to keep the resulting image size as small as possible as well as make sure it still works.

[owen-d]

I think this should remain earlier in the file for caching benefits.

[SerialVelocity]

Moved back to the top

[owen-d]

nice, thanks for the consistency!

[slim-bean]

As mentioned above, would prefer to leave this as is.

[SerialVelocity]

Ok, separated out into two steps again

[SerialVelocity]

Ok, I think I dealt with or responded to all the comments.

@owen-d You mentioned you preferred caching over smaller images so I removed the apk del --no-cache libcap that would've been later in the file otherwise. This removes an extra download of the apk repositories. It's not really needed as it won't reduce the size of the image (since it's in a separate RUN step).

[SerialVelocity]

Could you elaborate on what you spent a lot of time testing? Adding a new package should be as simple as adding an apk add --no-cache <pkgname>.

[SerialVelocity]

Ok, separated out into two steps again

[SerialVelocity]

Moved back to the top

[SerialVelocity]

@cyriltovena Did you run that inside the OSX docker hypervisor? By default that directory isn't shared with the host (see https://docs.docker.com/docker-for-mac/#file-sharing)

So do you want the consistency with the helm image or /tmp in this file?