From f24e0234b33bedc1254e9ccb88f4d16cb891f03f Mon Sep 17 00:00:00 2001 From: yankay Date: Thu, 23 Dec 2021 21:23:58 +0800 Subject: [PATCH 1/2] Use Distroless as base image Signed-off-by: yankay --- Dockerfile-release.amd64 | 7 +++++-- Dockerfile-release.arm64 | 7 +++++-- Dockerfile-release.ppc64le | 8 ++++++-- Dockerfile-release.s390x | 8 ++++++-- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/Dockerfile-release.amd64 b/Dockerfile-release.amd64 index deeefc853bd..cb93afe76e6 100644 --- a/Dockerfile-release.amd64 +++ b/Dockerfile-release.amd64 @@ -1,5 +1,8 @@ -# base image source: https://git.k8s.io/release/images/build/debian-base -FROM --platform=linux/amd64 k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0 +FROM --platform=linux/amd64 busybox:1.34.1 as source +FROM --platform=linux/amd64 gcr.io/distroless/base-debian11 + +COPY --from=source /bin/sh /bin/sh +COPY --from=source /bin/mkdir /bin/mkdir ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ diff --git a/Dockerfile-release.arm64 b/Dockerfile-release.arm64 index 5afcafe5f91..53d3c274151 100644 --- a/Dockerfile-release.arm64 +++ b/Dockerfile-release.arm64 @@ -1,5 +1,8 @@ -# base image source: https://git.k8s.io/release/images/build/debian-base -FROM --platform=linux/arm64 k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0 +FROM --platform=linux/arm64 busybox:1.34.1 as source +FROM --platform=linux/arm64 gcr.io/distroless/base-debian11 + +COPY --from=source /bin/sh /bin/sh +COPY --from=source /bin/mkdir /bin/mkdir ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ diff --git a/Dockerfile-release.ppc64le b/Dockerfile-release.ppc64le index 12f84938d34..81fc64bc67d 100644 --- a/Dockerfile-release.ppc64le +++ b/Dockerfile-release.ppc64le @@ -1,5 +1,9 @@ -# base image source: https://git.k8s.io/release/images/build/debian-base -FROM --platform=linux/ppc64le k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0 +FROM --platform=linux/ppc64le busybox:1.34.1 as source +FROM --platform=linux/ppc64le gcr.io/distroless/base-debian11 + +COPY --from=source /bin/sh /bin/sh +COPY --from=source /bin/mkdir /bin/mkdir + ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ diff --git a/Dockerfile-release.s390x b/Dockerfile-release.s390x index 546596f75af..42bc5d5a018 100644 --- a/Dockerfile-release.s390x +++ b/Dockerfile-release.s390x @@ -1,5 +1,9 @@ -# base image source: https://git.k8s.io/release/images/build/debian-base -FROM --platform=linux/s390x k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0 +FROM --platform=linux/s390x busybox:1.34.1 as source +FROM --platform=linux/s390x gcr.io/distroless/base-debian11 + +COPY --from=source /bin/sh /bin/sh +COPY --from=source /bin/mkdir /bin/mkdir + ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ From 381752182aa6fe8b1715b31393a06db9a723cdfa Mon Sep 17 00:00:00 2001 From: yankay Date: Thu, 23 Dec 2021 21:33:20 +0800 Subject: [PATCH 2/2] Fix for code style Signed-off-by: yankay --- CHANGELOG-3.6.md | 4 ++++ Dockerfile-release.amd64 | 2 +- Dockerfile-release.arm64 | 2 +- Dockerfile-release.ppc64le | 3 +-- Dockerfile-release.s390x | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG-3.6.md b/CHANGELOG-3.6.md index e97c3e1a63d..94dcbc06f7b 100644 --- a/CHANGELOG-3.6.md +++ b/CHANGELOG-3.6.md @@ -50,4 +50,8 @@ See [List of metrics](https://etcd.io/docs/latest/metrics/) for all metrics per - Add [`etcd_disk_defrag_inflight`](https://github.com/etcd-io/etcd/pull/13371). +### Other + +- Use Distroless as base image to make the image less vulnerable and reduce image size. +
diff --git a/Dockerfile-release.amd64 b/Dockerfile-release.amd64 index cb93afe76e6..67400b69686 100644 --- a/Dockerfile-release.amd64 +++ b/Dockerfile-release.amd64 @@ -1,5 +1,5 @@ FROM --platform=linux/amd64 busybox:1.34.1 as source -FROM --platform=linux/amd64 gcr.io/distroless/base-debian11 +FROM --platform=linux/amd64 gcr.io/distroless/base-debian11 COPY --from=source /bin/sh /bin/sh COPY --from=source /bin/mkdir /bin/mkdir diff --git a/Dockerfile-release.arm64 b/Dockerfile-release.arm64 index 53d3c274151..b8ce477afd4 100644 --- a/Dockerfile-release.arm64 +++ b/Dockerfile-release.arm64 @@ -1,5 +1,5 @@ FROM --platform=linux/arm64 busybox:1.34.1 as source -FROM --platform=linux/arm64 gcr.io/distroless/base-debian11 +FROM --platform=linux/arm64 gcr.io/distroless/base-debian11 COPY --from=source /bin/sh /bin/sh COPY --from=source /bin/mkdir /bin/mkdir diff --git a/Dockerfile-release.ppc64le b/Dockerfile-release.ppc64le index 81fc64bc67d..9cfe5d43331 100644 --- a/Dockerfile-release.ppc64le +++ b/Dockerfile-release.ppc64le @@ -1,10 +1,9 @@ FROM --platform=linux/ppc64le busybox:1.34.1 as source -FROM --platform=linux/ppc64le gcr.io/distroless/base-debian11 +FROM --platform=linux/ppc64le gcr.io/distroless/base-debian11 COPY --from=source /bin/sh /bin/sh COPY --from=source /bin/mkdir /bin/mkdir - ADD etcd /usr/local/bin/ ADD etcdctl /usr/local/bin/ ADD etcdutl /usr/local/bin/ diff --git a/Dockerfile-release.s390x b/Dockerfile-release.s390x index 42bc5d5a018..d901b410c98 100644 --- a/Dockerfile-release.s390x +++ b/Dockerfile-release.s390x @@ -1,5 +1,5 @@ FROM --platform=linux/s390x busybox:1.34.1 as source -FROM --platform=linux/s390x gcr.io/distroless/base-debian11 +FROM --platform=linux/s390x gcr.io/distroless/base-debian11 COPY --from=source /bin/sh /bin/sh COPY --from=source /bin/mkdir /bin/mkdir