Overview

"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.

Default Users

To define the nonroot user in a kubernetes pod/deployment you will need to set the securityContext as defined belowIn Kubernetes:

spec:
  template:
    spec:
      securityContext:
        runAsUser: 65532
        fsGroup: 65532

Example Creating a Docker Image for Go Application 

# Start by building the application.
FROM golang:1.18 as build

WORKDIR /go/src/app
COPY . .

RUN go mod download
RUN CGO_ENABLED=0 go build -o /go/bin/app

# Now copy it into our base image.
FROM gcr.io/distroless/static-debian11
COPY --from=build /go/bin/app /
CMD ["/app"]

References