-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
199 lines (175 loc) · 8.24 KB
/
Dockerfile
File metadata and controls
199 lines (175 loc) · 8.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# =============================================================================
# TelemetryFlow Agent - Dockerfile
# =============================================================================
#
# TelemetryFlow Agent - Community Enterprise Observability Platform (CEOP)
# Copyright (c) 2024-2026 DevOpsCorner Indonesia. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# =============================================================================
# Multi-stage build for minimal image size
# =============================================================================
# -----------------------------------------------------------------------------
# Stage 1: Fluent Bit binary (from official image)
# -----------------------------------------------------------------------------
# NOTE: Fluent Bit is glibc-based — runtime MUST use glibc (Debian), not musl (Alpine).
# See: https://github.com/fluent/fluent-bit/issues/2464
FROM fluent/fluent-bit:4.2.3 AS fluent-bit
# -----------------------------------------------------------------------------
# Stage 2: Builder
# -----------------------------------------------------------------------------
FROM --platform=$BUILDPLATFORM golang:1.26-alpine AS builder
# Build arguments
ARG VERSION=1.1.9
ARG GIT_COMMIT=unknown
ARG GIT_BRANCH=unknown
ARG BUILD_TIME=unknown
ARG TARGETOS=linux
ARG TARGETARCH
# Install build dependencies
RUN apk add --no-cache git make ca-certificates tzdata
# Set working directory
WORKDIR /build
# Copy go mod files first for better caching
COPY go.mod go.sum ./
# Download dependencies
RUN go mod download && go mod verify
# Copy source code
COPY . .
# Build the binary with version information
# Uses TARGETOS/TARGETARCH for multi-arch support (amd64, arm64)
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
-ldflags "-s -w \
-X 'github.com/telemetryflow/telemetryflow-agent/internal/version.Version=${VERSION}' \
-X 'github.com/telemetryflow/telemetryflow-agent/internal/version.GitCommit=${GIT_COMMIT}' \
-X 'github.com/telemetryflow/telemetryflow-agent/internal/version.GitBranch=${GIT_BRANCH}' \
-X 'github.com/telemetryflow/telemetryflow-agent/internal/version.BuildTime=${BUILD_TIME}'" \
-o /tfo-agent ./cmd/tfo-agent
# -----------------------------------------------------------------------------
# Stage 3: Runtime (Debian slim — glibc required for Fluent Bit compatibility)
# -----------------------------------------------------------------------------
# IMPORTANT: Do NOT switch to Alpine. Fluent Bit requires glibc and has known
# issues with musl: memory allocator (jemalloc), Golang plugin loading, and
# time format parsing. See https://github.com/fluent/fluent-bit/issues/2464
# NOTE: Fluent Bit 4.x requires GLIBC >= 2.38 — bookworm (2.36) is too old.
FROM debian:trixie-slim
ARG VERSION=1.1.9
# =============================================================================
# TelemetryFlow Metadata Labels (OCI Image Spec)
# =============================================================================
LABEL org.opencontainers.image.title="TelemetryFlow Agent" \
org.opencontainers.image.description="Enterprise telemetry collection agent for metrics, logs, and traces - Community Enterprise Observability Platform (CEOP)" \
org.opencontainers.image.version="${VERSION}" \
org.opencontainers.image.vendor="TelemetryFlow" \
org.opencontainers.image.authors="DevOpsCorner Indonesia <support@devopscorner.id>" \
org.opencontainers.image.url="https://telemetryflow.id" \
org.opencontainers.image.documentation="https://docs.telemetryflow.id" \
org.opencontainers.image.source="https://github.com/telemetryflow/telemetryflow-platform" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.base.name="debian:trixie-slim" \
# TelemetryFlow specific labels
io.telemetryflow.product="TelemetryFlow Agent" \
io.telemetryflow.component="tfo-agent" \
io.telemetryflow.platform="CEOP" \
io.telemetryflow.maintainer="DevOpsCorner Indonesia"
# Install runtime dependencies and security patches
# Fluent Bit 4.x requires: libyaml, openssl3, libcurl, libsasl2, libpq
RUN apt-get update && apt-get upgrade -y && \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
libyaml-0-2 \
libssl3t64 \
libcurl4t64 \
libsasl2-2 \
libpq5 \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user and group
RUN groupadd -g 10001 telemetryflow && \
useradd -u 10001 -g telemetryflow -m -d /home/telemetryflow -s /usr/sbin/nologin telemetryflow
# Create required directories
RUN mkdir -p \
/etc/tfo-agent \
/var/lib/tfo-agent/buffer \
/var/log/tfo-agent \
/tmp/tfo-agent-fluentbit/storage \
&& chown -R telemetryflow:telemetryflow \
/etc/tfo-agent \
/var/lib/tfo-agent \
/var/log/tfo-agent \
/tmp/tfo-agent-fluentbit
# Copy TFO-Agent binary from builder
COPY --from=builder /tfo-agent /usr/local/bin/tfo-agent
RUN chmod +x /usr/local/bin/tfo-agent
# Copy Fluent Bit binary and default configs from official image
# Enables production-grade log collection (CRI/Docker parsers, K8s metadata,
# multiline stack traces, filesystem buffering) without external sidecar.
# ~15MB addition. Activated via collectors.fluent_bit.enabled: true
COPY --from=fluent-bit /fluent-bit/bin/fluent-bit /usr/local/bin/fluent-bit
COPY --from=fluent-bit /fluent-bit/etc/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf
COPY --from=fluent-bit /fluent-bit/etc/parsers.conf /etc/fluent-bit/parsers.conf
RUN chmod +x /usr/local/bin/fluent-bit
# Copy default configuration
COPY configs/tfo-agent.yaml /etc/tfo-agent/tfo-agent.yaml
RUN chown telemetryflow:telemetryflow /etc/tfo-agent/tfo-agent.yaml
# Switch to non-root user
USER telemetryflow
# Set working directory
WORKDIR /home/telemetryflow
# =============================================================================
# Exposed Ports
# =============================================================================
# 4317 - OTLP gRPC receiver
# 4318 - OTLP HTTP receiver
# 8888 - Prometheus metrics (self-observability)
# 13133 - Health check endpoint
# 2020 - Fluent Bit health/metrics (when fluent_bit.health_check enabled)
EXPOSE 4317 4318 8888 13133 2020
# =============================================================================
# Health Check
# =============================================================================
HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
CMD curl -f http://localhost:13133/ || exit 1
# =============================================================================
# Entrypoint & Command
# =============================================================================
ENTRYPOINT ["/usr/local/bin/tfo-agent"]
CMD ["start", "--config", "/etc/tfo-agent/tfo-agent.yaml"]
# =============================================================================
# Build Information
# =============================================================================
# Build with:
# docker build \
# --build-arg VERSION=1.1.9 \
# --build-arg GIT_COMMIT=$(git rev-parse --short HEAD) \
# --build-arg GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD) \
# --build-arg BUILD_TIME=$(date -u '+%Y-%m-%dT%H:%M:%SZ') \
# -t telemetryflow/telemetryflow-agent:1.1.9 .
#
# Multi-arch build:
# docker buildx build --platform linux/amd64,linux/arm64 \
# --build-arg VERSION=1.1.9 \
# -t telemetryflow/telemetryflow-agent:1.1.9 .
#
# Run with:
# docker run -d \
# --name tfo-agent \
# -p 4317:4317 \
# -p 4318:4318 \
# -p 8888:8888 \
# -p 13133:13133 \
# -v /path/to/config.yaml:/etc/tfo-agent/tfo-agent.yaml:ro \
# -v /var/lib/tfo-agent:/var/lib/tfo-agent \
# telemetryflow/telemetryflow-agent:1.1.9
# =============================================================================