Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore!: Remove wget from Promtail docker image (backport release-3.3.x) #15146

Merged
merged 1 commit into from
Nov 27, 2024
Merged

chore!: Remove wget from Promtail docker image (backport release-3.3.x) #15146

merged 1 commit into from
Nov 27, 2024

Conversation

loki-gh-app[bot]
Copy link
Contributor

@loki-gh-app loki-gh-app bot commented Nov 27, 2024

Backport 2eea546 from #15101

What this PR does / why we need it:

The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck.

However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability CVE-2024-38428.

The healthcheck can be achieved by other means, e.g.

  1. Extend the grafana/promtail base image and add wget using apt install wget
    Add wget to promtail Docker image #11590 (comment)
  2. Use low-level /dev/tcp/127.0.0.1:9080 to establish a connection and check the exit code
    Add wget to promtail Docker image #11590 (comment)

Special notes for your reviewer:

Original discussion about adding wget #11590

This may break someone's Docker compose installation, when they require on the wget powered health check.

Checklist

  • Reviewed the CONTRIBUTING.md guide (required)
  • Documentation added
  • Tests updated
  • Title matches the required conventional commits format, see here
    • Note that Promtail is considered to be feature complete, and future development for logs collection will be in Grafana Alloy. As such, feat PRs are unlikely to be accepted unless a case can be made for the feature actually being a bug fix to existing behavior.
  • Changes that require user attention or interaction to upgrade are documented in docs/sources/setup/upgrade/_index.md
  • If the change is deprecating or removing a configuration option, update the deprecated-config.yaml and deleted-config.yaml files respectively in the tools/deprecated-config-checker directory. Example PR

@chaudum @grafana-delivery-bot
chore!: Remove wget from Promtail docker image (#15101)
741a209 
The package has been added to the Docker image with PR #11711 with the intention to support the Docker healthcheck.

However, to reduce the attack surface of our Docker images, we want to keep them as slim as possible. The current version of Promtail (3.3.0) for example contains a wget version with vulnerability [CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428).

The healthcheck can be achieved by other means, e.g.

1. Extend the `grafana/promtail` base image and add `wget` using `apt install wget`
   #11590 (comment)
3. Use low-level `/dev/tcp/127.0.0.1:9080` to establish a connection and check the exit code
   #11590 (comment)

Original discussion about adding wget #11590
This may break someone's Docker compose installation, when they require on the `wget` powered health check.

Signed-off-by: Christian Haudum <[email protected]>
(cherry picked from commit 2eea546)
@loki-gh-app loki-gh-app bot requested a review from a team as a code owner November 27, 2024 10:32
@loki-gh-app loki-gh-app bot requested a review from chaudum November 27, 2024 10:32
@chaudum chaudum merged commit 0f5a994 into release-3.3.x Nov 27, 2024
65 checks passed
@chaudum chaudum deleted the backport-15101-to-release-3.3.x branch November 27, 2024 11:01
@loki-gh-app loki-gh-app bot mentioned this pull request Nov 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chaudum chaudum chaudum approved these changes

Assignees
No one assigned
Labels
backport product-approved size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chaudum