Skip to content

Commit

Permalink
Reducing debug information from the production container image.
Browse files Browse the repository at this point in the history 
follow-up for #8807
By reducing debug information from the production container image,
we aim to achieve a lightweight container image and enhance security.
The debug image still includes the debug information file,
allowing for easy debugging with tools like gdb.

Signed-off-by: anthis <[email protected]>
  • Loading branch information
@anthisfan
anthisfan committed May 13, 2024
1 parent 41ef155 commit 8f0d861
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions dockerfiles/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ ARG FLB_CHUNK_TRACE=On
ENV FLB_CHUNK_TRACE=${FLB_CHUNK_TRACE}

RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log
RUN mkdir -p /usr/lib/debug/fluent-bit/bin

Check warning on line 32 in dockerfiles/Dockerfile

View workflow job for this annotation

GitHub Actions / PR - Hadolint 

[hadolint] reported by reviewdog 🐶
Multiple consecutive `RUN` instructions. Consider consolidation.

Raw Output:
message:"Multiple consecutive `RUN` instructions. Consider consolidation."  location:{path:"dockerfiles/Dockerfile"  range:{start:{line:32  column:1}}}  severity:INFO  source:{name:"hadolint"  url:"https://github.com/hadolint/hadolint"}  code:{value:"DL3059"  url:"https://github.com/hadolint/hadolint/wiki/DL3059"}

ENV DEBIAN_FRONTEND noninteractive

Expand Down Expand Up @@ -81,6 +82,10 @@ RUN cmake -DFLB_RELEASE=On \
RUN make -j "$(getconf _NPROCESSORS_ONLN)"
RUN install bin/fluent-bit /fluent-bit/bin/

RUN objcopy --only-keep-debug /fluent-bit/bin/fluent-bit /usr/lib/debug/fluent-bit/bin/fluent-bit.debug

Check warning on line 85 in dockerfiles/Dockerfile

View workflow job for this annotation

GitHub Actions / PR - Hadolint 

[hadolint] reported by reviewdog 🐶
Multiple consecutive `RUN` instructions. Consider consolidation.

Raw Output:
message:"Multiple consecutive `RUN` instructions. Consider consolidation."  location:{path:"dockerfiles/Dockerfile"  range:{start:{line:85  column:1}}}  severity:INFO  source:{name:"hadolint"  url:"https://github.com/hadolint/hadolint"}  code:{value:"DL3059"  url:"https://github.com/hadolint/hadolint/wiki/DL3059"}
RUN objcopy --strip-debug /fluent-bit/bin/fluent-bit

Check warning on line 86 in dockerfiles/Dockerfile

View workflow job for this annotation

GitHub Actions / PR - Hadolint 

[hadolint] reported by reviewdog 🐶
Multiple consecutive `RUN` instructions. Consider consolidation.

Raw Output:
message:"Multiple consecutive `RUN` instructions. Consider consolidation."  location:{path:"dockerfiles/Dockerfile"  range:{start:{line:86  column:1}}}  severity:INFO  source:{name:"hadolint"  url:"https://github.com/hadolint/hadolint"}  code:{value:"DL3059"  url:"https://github.com/hadolint/hadolint/wiki/DL3059"}
RUN objcopy --add-gnu-debuglink=/usr/lib/debug/fluent-bit/bin/fluent-bit.debug /fluent-bit/bin/fluent-bit

Check warning on line 87 in dockerfiles/Dockerfile

View workflow job for this annotation

GitHub Actions / PR - Hadolint 

[hadolint] reported by reviewdog 🐶
Multiple consecutive `RUN` instructions. Consider consolidation.

Raw Output:
message:"Multiple consecutive `RUN` instructions. Consider consolidation."  location:{path:"dockerfiles/Dockerfile"  range:{start:{line:87  column:1}}}  severity:INFO  source:{name:"hadolint"  url:"https://github.com/hadolint/hadolint"}  code:{value:"DL3059"  url:"https://github.com/hadolint/hadolint/wiki/DL3059"}

# Configuration files
COPY conf/fluent-bit.conf \
conf/parsers.conf \
Expand Down Expand Up @@ -231,6 +236,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/

RUN rm -f /usr/bin/qemu-*-static
COPY --from=builder /fluent-bit /fluent-bit
COPY --from=builder /usr/lib/debug/fluent-bit /usr/lib/debug/fluent-bit

EXPOSE 2020

Expand Down

0 comments on commit 8f0d861

Please sign in to comment.