Skip to content

Commit

Permalink
dockerfiles: reducing debug information from the production container…
Browse files Browse the repository at this point in the history
… image.

follow-up for #8807
By reducing debug information from the production container image,
we aim to achieve a lightweight container image and enhance security.
The debug image still includes the debug information file,
allowing for easy debugging with tools like gdb.

Signed-off-by: anthisfan <[email protected]>
  • Loading branch information
anthisfan committed May 14, 2024
1 parent 41ef155 commit a85421e
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions dockerfiles/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ ARG FLB_CHUNK_TRACE=On
ENV FLB_CHUNK_TRACE=${FLB_CHUNK_TRACE}

RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log
RUN mkdir -p /usr/lib/debug/fluent-bit/bin

ENV DEBIAN_FRONTEND noninteractive

Expand Down Expand Up @@ -81,6 +82,10 @@ RUN cmake -DFLB_RELEASE=On \
RUN make -j "$(getconf _NPROCESSORS_ONLN)"
RUN install bin/fluent-bit /fluent-bit/bin/

RUN objcopy --only-keep-debug /fluent-bit/bin/fluent-bit /usr/lib/debug/fluent-bit/bin/fluent-bit.debug
RUN objcopy --strip-debug /fluent-bit/bin/fluent-bit
RUN objcopy --add-gnu-debuglink=/usr/lib/debug/fluent-bit/bin/fluent-bit.debug /fluent-bit/bin/fluent-bit

# Configuration files
COPY conf/fluent-bit.conf \
conf/parsers.conf \
Expand Down Expand Up @@ -231,6 +236,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/

RUN rm -f /usr/bin/qemu-*-static
COPY --from=builder /fluent-bit /fluent-bit
COPY --from=builder /usr/lib/debug/fluent-bit /usr/lib/debug/fluent-bit

EXPOSE 2020

Expand Down

0 comments on commit a85421e

Please sign in to comment.