Skip to content

Commit

Permalink
Add cap_net_bind_service linux capabilities to Loki. (grafana#1916)
Browse files Browse the repository at this point in the history 
* Add cap_net_bind_service linux capabilities to Loki.

This allow Loki to bind to port below port 1024 without being a root user.
Also update tanka to use 80 as default port since this is more intuitive to remember.

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>

* Move setcap to build step

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>

* Doesn't work inside the build step.

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>

* Set 3100 default port.

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>

* Again back to 80 :p

Signed-off-by: Cyril Tovena <cyril.tovena@gmail.com>
  • Loading branch information
@cyriltovena
cyriltovena authored Apr 8, 2020
1 parent d9423f3 commit 0e53190
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
8 changes: 7 additions & 1 deletion cmd/loki/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,21 @@ WORKDIR /src/loki
RUN make clean && (if [ "${TOUCH_PROTOS}" ]; then make touch-protos; fi) && make BUILD_IN_CONTAINER=false loki

FROM alpine:3.9
RUN apk add --update --no-cache ca-certificates
RUN apk add --update --no-cache ca-certificates libcap \
&& rm -rf /var/cache/apk/*

COPY --from=build /src/loki/cmd/loki/loki /usr/bin/loki
COPY cmd/loki/loki-local-config.yaml /etc/loki/local-config.yaml

RUN setcap cap_net_bind_service=+ep /usr/bin/loki

RUN apk del --no-cache libcap && rm -rf /var/cache/apk/*

RUN addgroup -g 1000 -S loki && \
adduser -u 1000 -S loki -G loki
RUN mkdir -p /loki && \
chown -R loki:loki /etc/loki /loki

USER loki
EXPOSE 3100
ENTRYPOINT [ "/usr/bin/loki" ]
Expand Down
2 changes: 1 addition & 1 deletion production/ksonnet/loki/config.libsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
_config+: {
namespace: error 'must define namespace',
cluster: error 'must define cluster',
http_listen_port: 3100,
http_listen_port: 80,

replication_factor: 3,
memcached_replicas: 3,
Expand Down

0 comments on commit 0e53190

Please sign in to comment.