Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: switch promtails base image from debian to ubuntu (backport release-2.9.x) #15210

Merged
merged 1 commit into from
Dec 2, 2024

Conversation

cstyan
Copy link
Contributor

@cstyan cstyan commented Dec 2, 2024

Backport 4d9c5bb from #15195


This PR changes promtails base image from debian:12.8-slim to ubuntu:noble-20241015, noble being ubunutu's most recent lts version. The current debian base image has a lot of security CVEs that won't be updated, while ubuntu updates packages much more regularly.

Just as a quick example, the result of a trivy scan on the promtail image with debian base gives Total: 79 (UNKNOWN: 0, LOW: 59, MEDIUM: 14, HIGH: 5, CRITICAL: 1) while the trivy scan for the promtail image with ubunutu base results in Total: 15 (UNKNOWN: 0, LOW: 7, MEDIUM: 8, HIGH: 0, CRITICAL: 0)

EDIT: Moved to draft until I've confirmed the new image can still grab systemd/journal logs

EDIT: Couldn't trace through the makefile/Dockerfile what needs to be set for the image to build with promtail and cgo locally, but given we publish images that can get logs from journal then the automation should be set up properly. If I enforce CGO_ENABLED=1 for the make promtail-image target locally, I can use that image to get logs via the journal scrape job.

I ran promtail in a docker container with a scrape config like this:

scrape_configs:
- job_name: journal
  journal:
    path: /var/log/journal
    max_age: 12h
    labels:
      job: systemd-journal

I also mounted my machines /var/log/journal directory to the same path on the container, and set --network="host" so that:

clients:
  - url: http://127.0.0.1:3100/loki/api/v1/push

would be able to send to loki running locally on my machine.

Then once both promtail in docker and loki locally are running, I added loki as a datasource to my local grafana as well.

In my journalctl logs I see:
2024-12-01_14-38

and we can see the same in the logs that make it to loki
2024-12-01_14-37
from promtail

Signed-off-by: Callum Styan <[email protected]>
(cherry picked from commit 4d9c5bb)
@cstyan cstyan added size/S backport type/bug Somehing is not working as expected labels Dec 2, 2024
@cstyan cstyan requested a review from a team as a code owner December 2, 2024 19:25
@cstyan cstyan merged commit ca2ff15 into release-2.9.x Dec 2, 2024
43 of 49 checks passed
@cstyan cstyan deleted the backport-15195-to-release-2.9.x branch December 2, 2024 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport size/S type/bug Somehing is not working as expected
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants