Chainguard Container for vector
Minimal image with Vector, an end-to-end data observability pipeline
Chainguard Containers are regularly-updated, secure-by-default container images.
Download this Container Image
For those with access, this container image is available on cgr.dev:
docker pull cgr.dev/ORGANIZATION/vector:latest
Be sure to replace the ORGANIZATION placeholder with the name used for your organization's private repository within the Chainguard Registry.
Compatibility Notes
The vector Chainguard image is meant to serve as a drop-in replacement for the Vector image on DockerHub. Like most Chainguard images, this image is minimal, has few-to-zero CVEs and does not run as the root user.
Getting Started
Basic usage
To begin, start the vector container with a command like the following:
docker run --rm cgr.dev/ORGANIZATION/vector
This will start
vector with the
demo_logs source configuration.
Sample log data will be generated and printed to stdout.
You can drop in your own configuration by mounting the file to
/etc/vector/vector.yaml inside the container.
Vector with kubernetes
vector can be installed or managed on kubernetes via helm.
Prerequisites
k3d clusterhelmdockercurl
PostgreSQL setup
- install the cnpg operator
helm repo add cnpg https://cloudnative-pg.github.io/charts
helm upgrade --install cnpg \
--set config.clusterWide=false \
cnpg/cloudnative-pg
- deploy postgresql
cat <<EOF | kubectl apply -f -
apiVersion: v1
data:
password: c3VwZXJzZWN1cmU=
username: YXBw
kind: Secret
metadata:
name: cluster-example-app-user
type: kubernetes.io/basic-auth
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: cluster-example
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:16
bootstrap:
initdb:
database: app
owner: app
secret:
name: cluster-example-app-user
storage:
size: 1Gi
EOF
When deploying the PostgreSQL instance ensure
v16 is used. Otherwise vector will not emit any metrics other than up, and instead emit errors related to the checkpoints_timed column being missing.
The likely cause is that the
checkpoints_timed column, along with other metrics in
pg_stat_bgwriter, was renamed and moved to the
pg_stat_checkpointer table in PostgreSQL 17
Ref:
https://github.com/vectordotdev/vector/issues/22094
Elasticsearch setup
- install the eck operator
helm repo add elastic https://helm.elastic.co
helm repo update
helm install elastic-operator elastic/eck-operator
- deploy elasticsearch
cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
spec:
version: 9
nodeSets:
- name: default
count: 1
config:
node.store.allow_mmap: false
EOF
Vector setup
- Grab the elasticsearch user credentials
export ELASTIC_PASSWORD=$(kubectl get secrets quickstart-es-elastic-user -o json |jq -r .data.elastic |base64 -d)
- create the
vector values for the vector helm chart
cat <<EOF > /tmp/values.yaml
role: "Aggregator"
image:
repository: k3d-k3d.localhost:5005/vector
tag: "latest-dev"
replicas: 1
service:
enabled: true
type: "ClusterIP"
ports:
- name: datadog-agent
port: 8282
protocol: TCP
targetPort: 8282
- name: fluent
port: 24224
protocol: TCP
targetPort: 24224
- name: logstash
port: 5044
protocol: TCP
targetPort: 5044
- name: splunk-hec
port: 8080
protocol: TCP
targetPort: 8080
- name: statsd
port: 8125
protocol: TCP
targetPort: 8125
- name: syslog
port: 9000
protocol: TCP
targetPort: 9000
- name: vector
port: 6000
protocol: TCP
targetPort: 6000
- name: prom-exporter
port: 9090
protocol: TCP
targetPort: 9090
customConfig:
data_dir: "/var/lib/vector"
sources:
postgres:
type: postgresql_metrics
endpoints:
- postgresql://app:supersecure@cluster-example-rw.default.svc.cluster.local:5432/app
namespace: default
sinks:
elastic:
type: elasticsearch
inputs:
- postgres
api_version: auto
doc_type: _doc
mode: bulk
bulk:
action: "create"
index: "vector-demo"
template_fallback_index: "test-index"
endpoints:
- https://quickstart-es-http.default.svc.cluster.local:9200
auth:
strategy: "basic"
user: "elastic"
password: "$ELASTIC_PASSWORD"
tls:
verify_certificate: false
EOF
The index that this vector configuration will create in elasticsearch will be called: vector-demo
This index will be used to query elasticsearch for metric data.
- deploy
vector
helm install vector vector/vector -f /tmp/values.yaml
expected output:
kubectl logs vector-0
2025-05-05T22:18:39.858586Z INFO vector::app: Log level is enabled. level="info"
2025-05-05T22:18:39.859439Z INFO vector::app: Loading configs. paths=["/etc/vector"]
2025-05-05T22:18:39.870296Z WARN sink{component_kind="sink" component_id=elastic component_type=elasticsearch}: vector_core::tls::settings: The `verify_certificate` option is DISABLED, this may lead to security vulnerabilities.
2025-05-05T22:18:39.949237Z INFO vector::topology::running: Running healthchecks.
2025-05-05T22:18:39.949295Z INFO vector: Vector has started. debug="false" version="0.46.1" arch="aarch64" revision=""
2025-05-05T22:18:39.949303Z INFO vector::app: API is disabled, enable by setting `api.enabled` to `true` and use commands like `vector top`.
2025-05-05T22:18:39.955193Z INFO vector::topology::builder: Healthcheck passed.
Verify metric logs
- port forward the elasticsearch service
kubectl port-forward service/quickstart-es-http 9200
Forwarding from 127.0.0.1:9200 -> 9200
Forwarding from [::1]:9200 -> 9200
- query elasticsearch for metric data
export ELASTIC_PASSWORD=$(kubectl get secrets quickstart-es-elastic-user -o json |jq -r .data.elastic |base64 -d)
curl -k -X GET --user elastic:$ELASTIC_PASSWORD 'https://localhost:9200/vector-demo/_search?pretty=true&size=100'
expected metrics:
name: pg_stat_database_datid
name: pg_stat_database_numbackends
name: pg_stat_database_xact_commit_total
name: pg_stat_database_xact_rollback_total
name: pg_stat_database_blks_read_total
name: pg_stat_database_blks_hit_total
name: pg_stat_database_tup_returned_total
name: pg_stat_database_tup_fetched_total
name: pg_stat_database_tup_inserted_total
name: pg_stat_database_tup_updated_total
name: pg_stat_database_tup_deleted_total
name: pg_stat_database_conflicts_total
name: pg_stat_database_temp_files_total
name: pg_stat_database_temp_bytes_total
name: pg_stat_database_deadlocks_total
name: pg_stat_database_checksum_failures_total
name: pg_stat_database_checksum_last_failure
name: pg_stat_database_blk_read_time_seconds_total
name: pg_stat_database_blk_write_time_seconds_total
name: pg_stat_database_stats_reset
expected response:
{
"took" : 3,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 1540,
"relation" : "eq"
},
"max_score" : 1.0,
"hits" : [
{
"_index" : "vector-demo",
"_id" : "N4mHopYBngIh9-WFpZX7",
"_score" : 1.0,
"_source" : {
"gauge" : {
"value" : 1.0
},
"host" : "nginx-demo.default.svc.cluster.local:8080",
"kind" : "absolute",
"name" : "connections_active",
"namespace" : "default",
"tags" : {
"endpoint" : "http://nginx-demo.default.svc.cluster.local:8080/status"
},
"timestamp" : "2025-05-05T22:18:39.950988925Z"
}
},
{
"_index" : "vector-demo",
"_id" : "OImHopYBngIh9-WFpZX7",
"_score" : 1.0,
"_source" : {
"counter" : {
"value" : 2.0
},
"host" : "nginx-demo.default.svc.cluster.local:8080",
"kind" : "absolute",
"name" : "connections_accepted_total",
"namespace" : "default",
"tags" : {
"endpoint" : "http://nginx-demo.default.svc.cluster.local:8080/status"
},
"timestamp" : "2025-05-05T22:18:39.950989466Z"
}
},
{
"_index" : "vector-demo",
"_id" : "OYmHopYBngIh9-WFpZX7",
"_score" : 1.0,
"_source" : {
"counter" : {
"value" : 2.0
},
"host" : "nginx-demo.default.svc.cluster.local:8080",
"kind" : "absolute",
"name" : "connections_handled_total",
"namespace" : "default",
"tags" : {
"endpoint" : "http://nginx-demo.default.svc.cluster.local:8080/status"
},
"timestamp" : "2025-05-05T22:18:39.950989675Z"
}
},
{
"_index" : "vector-demo",
"_id" : "OomHopYBngIh9-WFpZX7",
"_score" : 1.0,
"_source" : {
"counter" : {
"value" : 3.0
},
"host" : "nginx-demo.default.svc.cluster.local:8080",
"kind" : "absolute",
"name" : "http_requests_total",
"namespace" : "default",
"tags" : {
"endpoint" : "http://nginx-demo.default.svc.cluster.local:8080/status"
},
"timestamp" : "2025-05-05T22:18:39.950989925Z"
}
},
{
"_index" : "vector-demo",
"_id" : "O4mHopYBngIh9-WFpZX7",
"_score" : 1.0,
"_source" : {
"gauge" : {
"value" : 0.0
},
"host" : "nginx-demo.default.svc.cluster.local:8080",
"kind" : "absolute",
"name" : "connections_reading",
"namespace" : "default",
"tags" : {
"endpoint" : "http://nginx-demo.default.svc.cluster.local:8080/status"
},
"timestamp" : "2025-05-05T22:18:39.950990300Z"
}
}
]
}
}
Documentation and Resources
What are Chainguard Containers?
Chainguard Containers are minimal container images that are secure by default.
In many cases, the Chainguard Containers tagged as :latest contain only an open-source application and its runtime dependencies. These minimal container images typically do not contain a shell or package manager. Chainguard Containers are built with Wolfi, our Linux undistro designed to produce container images that meet the requirements of a more secure software supply chain.
The main features of Chainguard Containers include:
For cases where you need container images with shells and package managers to build or debug, most Chainguard Containers come paired with a -dev variant.
Although the -dev container image variants have similar security features as their more minimal versions, they feature additional software that is typically not necessary in production environments. We recommend using multi-stage builds to leverage the -dev variants, copying application artifacts into a final minimal container that offers a reduced attack surface that won’t allow package installations or logins.
Learn More
To better understand how to work with Chainguard Containers, please visit Chainguard Academy and Chainguard Courses.
In addition to Containers, Chainguard offers VMs and Libraries. Contact Chainguard to access additional products.
Trademarks
This software listing is packaged by Chainguard. The trademarks set forth in this offering are owned by their respective companies, and use of them does not imply any affiliation, sponsorship, or endorsement by such companies.
