forked from netdata/netdata
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
156 lines (132 loc) · 5.59 KB
/
Dockerfile
File metadata and controls
156 lines (132 loc) · 5.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# SPDX-License-Identifier: GPL-3.0-or-later
# This image contains preinstalled dependencies
# hadolint ignore=DL3007
FROM netdata/builder:v3 AS builder
# One of 'nightly' or 'stable'
ARG RELEASE_CHANNEL=nightly
ARG CFLAGS
ENV CFLAGS=$CFLAGS
ARG EXTRA_INSTALL_OPTS
ENV EXTRA_INSTALL_OPTS=$EXTRA_INSTALL_OPTS
ARG DEBUG_BUILD
ENV DEBUG_BUILD=$DEBUG_BUILD
ARG BUILD_ARCH
ENV BUILD_ARCH=$BUILD_ARCH
# Copy source
COPY . /opt/netdata.git
WORKDIR /opt/netdata.git
# Install from source
RUN chmod +x netdata-installer.sh && \
cp -rp /deps/* /usr/local/ && \
BUILD_ARCH="${BUILD_ARCH:-"$(uname -m)"}" && \
/bin/echo -e "INSTALL_TYPE='oci'\nPREBUILT_ARCH='${BUILD_ARCH}'" > ./system/.install-type && \
EXTRA_INSTALL_OPTS="${EXTRA_INSTALL_OPTS} --enable-plugin-systemd-journal" && \
NETDATA_BUILD_DIR=/build \
CFLAGS="$(packaging/docker/gen-cflags.sh)" LDFLAGS="-Wl,--gc-sections" ./netdata-installer.sh --dont-wait --dont-start-it \
--use-system-protobuf \
--disable-ebpf \
--enable-plugin-otel \
${EXTRA_INSTALL_OPTS} \
--install-no-prefix / \
"$([ "$RELEASE_CHANNEL" = stable ] && echo --stable-channel)" && \
rm -rf /build /root/.cargo
# files to one directory
RUN mkdir -p /app/usr/sbin/ \
/app/usr/share \
/app/usr/libexec \
/app/usr/local \
/app/usr/lib \
/app/var/cache \
/app/var/lib \
/app/etc && \
mv /usr/share/netdata /app/usr/share/ && \
mv /usr/libexec/netdata /app/usr/libexec/ && \
mv /usr/lib/netdata /app/usr/lib/ && \
mv /var/cache/netdata /app/var/cache/ && \
mv /var/lib/netdata /app/var/lib/ && \
mv /etc/netdata /app/etc/ && \
mv /usr/sbin/netdata /app/usr/sbin/ && \
mv /usr/sbin/netdatacli /app/usr/sbin/ && \
mv /usr/sbin/nd-run /app/usr/sbin/ && \
mv /usr/sbin/systemd-cat-native /app/usr/sbin/ && \
mv packaging/docker/run.sh /app/usr/sbin/ && \
mv packaging/docker/health.sh /app/usr/sbin/ && \
mkdir -p /deps/etc && \
cp -rp /deps/etc /app/usr/local/etc && \
chmod -R o+rX /app && \
chmod +x /app/usr/sbin/run.sh
#####################################################################
# This image contains preinstalled dependencies
# hadolint ignore=DL3007
FROM netdata/base:v3 AS base
ARG BUILD_DATE
ARG BUILD_VERSION
LABEL org.opencontainers.image.authors="Netdatabot <bot@netdata.cloud>"
LABEL org.opencontainers.image.url="https://netdata.cloud"
LABEL org.opencontainers.image.documentation="https://learn.netdata.cloud"
LABEL org.opencontainers.image.source="https://github.com/netdata/netdata"
LABEL org.opencontainers.image.title="Netdata Agent"
LABEL org.opencontainers.image.description="Official Netdata Agent Docker Image"
LABEL org.opencontainers.image.vendor="Netdata Inc."
LABEL org.opencontainers.image.created=${BUILD_DATE}
LABEL org.opencontainers.image.version=${BUILD_VERSION}
ARG OFFICIAL_IMAGE=false
ENV NETDATA_OFFICIAL_IMAGE=$OFFICIAL_IMAGE
ONBUILD ENV NETDATA_OFFICIAL_IMAGE=false
ARG NETDATA_UID=201
ARG NETDATA_GID=201
ENV DOCKER_GRP=netdata
ENV DOCKER_USR=netdata
# If DISABLE_TELEMETRY is set, it will disable anonymous stats collection and reporting
#ENV DISABLE_TELEMETRY=1
ENV NETDATA_LISTENER_PORT=19999
EXPOSE $NETDATA_LISTENER_PORT
ENV NETDATA_EXTRA_DEB_PACKAGES=""
RUN mkdir -p /opt/src /var/log/netdata && \
ln -sf /dev/stdout /var/log/netdata/access.log && \
ln -sf /dev/stdout /var/log/netdata/aclk.log && \
ln -sf /dev/stdout /var/log/netdata/debug.log && \
ln -sf /dev/stderr /var/log/netdata/error.log && \
ln -sf /dev/stderr /var/log/netdata/daemon.log && \
ln -sf /dev/stdout /var/log/netdata/collector.log && \
ln -sf /dev/stdout /var/log/netdata/health.log
COPY --from=builder /app /
# Create netdata user and apply the permissions as described in
# https://docs.netdata.cloud/docs/netdata-security/#netdata-directories, but own everything by root group due to https://github.com/netdata/netdata/pull/6543
# hadolint ignore=DL3013
RUN addgroup --stdoutmsglevel=info --gid ${NETDATA_GID} --system "${DOCKER_GRP}" && \
adduser --stdoutmsglevel=info --system --no-create-home --shell /usr/sbin/nologin --uid ${NETDATA_UID} --home /etc/netdata --group "${DOCKER_USR}" && \
chown -vR root:root \
/etc/netdata \
/usr/share/netdata \
/usr/libexec/netdata && \
chown -vR netdata:root \
/usr/lib/netdata \
/var/cache/netdata \
/var/lib/netdata \
/var/log/netdata && \
chown -vR netdata:netdata /var/lib/netdata/cloud.d && \
chmod -v 0700 /var/lib/netdata/cloud.d && \
chmod -v 0755 /usr/libexec/netdata/plugins.d/*.plugin && \
for name in cgroup-network \
local-listeners \
apps.plugin \
debugfs.plugin \
freeipmi.plugin \
go.d.plugin \
perf.plugin \
ndsudo \
slabinfo.plugin \
network-viewer.plugin \
otel-plugin \
journal-viewer-plugin; do \
if [ -f "/usr/libexec/netdata/plugins.d/$name" ] ; then \
chmod -v 4755 "/usr/libexec/netdata/plugins.d/$name"; \
fi \
done && \
# Group write permissions due to: https://github.com/netdata/netdata/pull/6543
find /var/lib/netdata /var/cache/netdata -type d -exec chmod -v 0770 {} \; && \
find /var/lib/netdata /var/cache/netdata -type f -exec chmod -v 0660 {} \; && \
cp -va /etc/netdata /etc/netdata.stock
ENTRYPOINT ["/usr/sbin/run.sh"]
HEALTHCHECK --interval=60s --timeout=10s --retries=3 CMD /usr/sbin/health.sh