forked from couchbase/couchbase-fluent-bit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
104 lines (84 loc) · 4.05 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Intermediate image used as a pre-cursor to testing and the final released image
# Have to use a fixed base image for the build framework
ARG FLUENT_BIT_VER=1.8.8
FROM fluent/fluent-bit:$FLUENT_BIT_VER as production
ENV COUCHBASE_LOGS_BINARY /fluent-bit/bin/fluent-bit
# We need to layer on a binary to pre-process the rebalance reports and watch for config changes
COPY bin/linux/couchbase-watcher /fluent-bit/bin/couchbase-watcher
# Add any default configuration we can provide
COPY conf/ /fluent-bit/etc/
# Set up output for rebalance pre-processing - can be overridden, e.g. for testing
ENV COUCHBASE_LOGS_REBALANCE_TEMPDIR /tmp/rebalance-logs
# Default location for logs but also set by the operator
ENV COUCHBASE_LOGS /opt/couchbase/var/lib/couchbase/logs
# To support mounting a configmap or secret but mixing with existing files we use a separate volume
# This way we can keep using the parsers defined without having to re-define them.
# If we try to mount via sub-path then it won't update: https://github.com/kubernetes/kubernetes/issues/50345
VOLUME /fluent-bit/config
ENV COUCHBASE_LOGS_DYNAMIC_CONFIG /fluent-bit/config
# Put a copy of the config in the area we want to monitor
COPY conf/fluent-bit.conf /fluent-bit/config/fluent-bit.conf
ENV COUCHBASE_LOGS_CONFIG_FILE /fluent-bit/config/fluent-bit.conf
# Add support for SHA1 hashing via a pure LUA implementation to use in redaction tutorial
COPY redaction/sha1/ /usr/local/share/lua/5.1/sha1/
# Add our custom redaction script
COPY redaction/redaction.lua /fluent-bit/etc/
# Testing image to verify parsers and the watcher functionality
ARG FLUENT_BIT_VER=1.8.8
FROM fluent/fluent-bit:$FLUENT_BIT_VER-debug as test
ENV COUCHBASE_LOGS_BINARY /fluent-bit/bin/fluent-bit
COPY --from=production /fluent-bit/ /fluent-bit/
# Add support for SHA1 hashing via a pure LUA implementation to use in redaction tutorial
COPY redaction/sha1/ /usr/local/share/lua/5.1/sha1/
# Add test cases (need write permissions as well for logs)
COPY test/ /fluent-bit/test/
# Redirect to local logs
ENV COUCHBASE_LOGS /fluent-bit/test/logs
ENV COUCHBASE_LOGS_REBALANCE_TEMPDIR /fluent-bit/test/logs/rebalance-logs
# Use busybox so custom shell location, need to chmod for log output write access
SHELL [ "/usr/local/bin/sh", "-c" ]
RUN chmod 777 /fluent-bit/test/ && \
chmod 777 /fluent-bit/test/logs && \
chmod 777 /fluent-bit/etc/couchbase
# Ensure we run as non-root by default
COPY non-root.passwd /etc/passwd
USER 8453
# Copying the base image to expose for the HTTP server if enabled
ARG HTTP_PORT=2020
ENV HTTP_PORT=$HTTP_PORT
EXPOSE $HTTP_PORT
# Keep track of the versions we are using - not persisted between stages
ARG FLUENT_BIT_VER=1.8.8
ENV FLUENTBIT_VERSION=$FLUENT_BIT_VER
ARG PROD_VERSION
ENV COUCHBASE_FLUENTBIT_VERSION=$PROD_VERSION
# Wrap our test cases in a script that supports checking for errors and then using an exit code directly
# https://github.com/fluent/fluent-bit/issues/3268
# It can also run all test cases in one go then rather than have to list them all individually
CMD ["sh", "/fluent-bit/test/run-tests.sh"]
# We need an un-targeted build stage to support the build pipeline
FROM production
LABEL description="Couchbase Fluent Bit image with support for config reload, pre-processing and redaction" vendor="Couchbase" maintainer="docker@couchbase.com"
# Ensure we include any relevant docs
COPY licenses/* /licenses/
COPY README.md /help.1
# Copying the base image to expose for the HTTP server if enabled
ARG HTTP_PORT=2020
ENV HTTP_PORT=$HTTP_PORT
EXPOSE $HTTP_PORT
# Ensure we run as non-root by default
COPY non-root.passwd /etc/passwd
USER 8453
# Keep track of the versions we are using - not persisted between stages
ARG FLUENT_BIT_VER=1.8.8
ENV FLUENTBIT_VERSION=$FLUENT_BIT_VER
ARG PROD_VERSION
ENV COUCHBASE_FLUENTBIT_VERSION=$PROD_VERSION
# The default match we send to standard output
ENV STDOUT_MATCH="couchbase.log.*"
# Some support for Loki customisation but ensure we set defaults
ENV LOKI_MATCH=no-match
ENV LOKI_HOST=loki
ENV LOKI_PORT=3100
# Entry point - run our custom binary
CMD ["/fluent-bit/bin/couchbase-watcher"]