Skip to content

Commit

Permalink
chore: Replace alpine with distroless
Browse files Browse the repository at this point in the history 
Following a trend by at other database teams:

* grafana/loki#13325
* grafana/mimir#8204
  • Loading branch information
@simonswine
simonswine committed Jul 22, 2024
1 parent a9ae4a9 commit 36e0be2
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 37 deletions.
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ check/go/mod: go/mod


define docker_buildx
docker buildx build $(1) --platform $(IMAGE_PLATFORM) $(BUILDX_ARGS) --build-arg=revision=$(GIT_REVISION) -t $(IMAGE_PREFIX)$(shell basename $(@D)) -t $(IMAGE_PREFIX)$(shell basename $(@D)):$(IMAGE_TAG) -f cmd/$(shell basename $(@D))/$(2)Dockerfile .
docker buildx build $(1) --platform $(IMAGE_PLATFORM) $(BUILDX_ARGS) --build-arg=revision=$(GIT_REVISION) -t $(IMAGE_PREFIX)$(shell basename $(@D)):$(2)latest -t $(IMAGE_PREFIX)$(shell basename $(@D)):$(2)$(IMAGE_TAG) -f cmd/$(shell basename $(@D))/$(2)Dockerfile .
endef

define deploy
Expand Down Expand Up @@ -327,7 +327,7 @@ $(BIN)/gotestsum: Makefile go.mod
@mkdir -p $(@D)
GOBIN=$(abspath $(@D)) $(GO) install gotest.tools/gotestsum@v1.9.0

DLV_VERSION=v1.21.0
DLV_VERSION=v1.23.0

$(BIN)/dlv: Makefile go.mod
@mkdir -p $(@D)
Expand Down
23 changes: 15 additions & 8 deletions cmd/pyroscope/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,24 @@
FROM alpine:3.18.7
FROM gcr.io/distroless/static:debug AS debug

RUN apk add --no-cache ca-certificates
SHELL [ "/busybox/sh", "-c" ]

RUN addgroup -g 10001 -S pyroscope && \
adduser -u 10001 -S pyroscope -G pyroscope -h /data

FROM gcr.io/distroless/static

COPY --from=debug /etc/passwd /etc/passwd
COPY --from=debug /etc/group /etc/group

# Copy folder from debug container, this folder needs to have the correct UID
# in order for the container to run as non-root.
VOLUME /data
COPY --chown=pyroscope:pyroscope --from=debug /data /data

COPY cmd/pyroscope/pyroscope.yaml /etc/pyroscope/config.yaml
COPY profilecli /usr/bin/profilecli
COPY pyroscope /usr/bin/pyroscope

RUN addgroup -g 10001 -S pyroscope && \
adduser -u 10001 -S pyroscope -G pyroscope
RUN mkdir -p /data && \
chown -R pyroscope:pyroscope /data
VOLUME /data

USER pyroscope
EXPOSE 4040
ENTRYPOINT [ "/usr/bin/pyroscope" ]
Expand Down
19 changes: 8 additions & 11 deletions cmd/pyroscope/debug.Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,19 @@
FROM golang as builder
FROM gcr.io/distroless/static:debug

WORKDIR /app
FROM alpine:3.18.7
SHELL [ "/busybox/sh", "-c" ]

RUN apk add --no-cache ca-certificates
RUN addgroup -g 10001 -S pyroscope && \
adduser -u 10001 -S pyroscope -G pyroscope -h /data

COPY .tmp/bin/linux_amd64/dlv /usr/bin/dlv
# Copy folder from debug container, this folder needs to have the correct UID
# in order for the container to run as non-root.
VOLUME /data

COPY .tmp/bin/linux_amd64/dlv /usr/bin/dlv
COPY cmd/pyroscope/pyroscope.yaml /etc/pyroscope/config.yaml
COPY profilecli /usr/bin/profilecli
COPY pyroscope /usr/bin/pyroscope

RUN addgroup -g 10001 -S pyroscope && \
adduser -u 10001 -S pyroscope -G pyroscope
RUN mkdir -p /data && \
chown -R pyroscope:pyroscope /data
VOLUME /data

USER pyroscope
EXPOSE 4040
ENTRYPOINT ["/usr/bin/dlv", "--listen=:40000", "--headless=true", "--log", "--continue", "--accept-multiclient" , "--api-version=2", "exec", "/usr/bin/pyroscope", "--"]
Expand Down
16 changes: 0 additions & 16 deletions tools/upgrade-alpine-version.sh
View file

This file was deleted.

0 comments on commit 36e0be2

Please sign in to comment.