Docker: Update Alpine to 3.20 for grafana/loki

[rgoltz]

Is your feature request related to a problem? Please describe.

Currently grafana loki main-tag (Jun 26, 2024 at 8:34 pm) using Alpine 3.18.x as base-image. This version showing some busybox and openssl vulnerabilities. Most of them are fixed in current Alpine base-image 3.20.x version (latest-tag, today: 3.20.1).

Describe the solution you'd like

Testing + Using a base-image of Alpine 3.20.x

Describe alternatives you've considered

Update your Dockerfile to 3.18.7, since some openssl and busybox findings are fixed there as well: https://alpinelinux.org/posts/Alpine-3.17.8-3.18.7-3.19.2-released.html

Additional context

Here are the release notes for Alpine 3.20 along some notes:
https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.20.0
(Notes, we saw during updating our internal Dockerfiles: yq has been renamed to yq-go + aws-cli is defined as removed in release-notes, but it's already available/re-added again)

[rgoltz]

Thanks, @paul1r - It seems that PR #13744 updated the main-Docker-tag to Alpine OS 3.20.2 for loki. Great! I've pulled the main-tag: version 2.9.10, branch HEAD, revision 7664eda.

Running docker exec d0ckerId1234 cat /etc/os-release, I got:

NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.20.2
PRETTY_NAME="Alpine Linux v3.20"
HOME_URL="https://alpinelinux.org/"

Great! Thanks a lot 🥇 . If somebody from team can confirm, I (or you) can close this issue as successfully resolved, CC'd @vlad-diachenko

[paul1r]

2.9.x was updated to Alpine 3.20.2 via Vlad's work. The main branch should be OK, as it is running a "distroless" image now. I think it is safe to close this at this point. Apologies for the delay, we are working on making this more streamlined (hence the distroless support, which was added a couple of weeks ago).

[paul1r]

Marking as closed.