Overview
"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.
Default Users
Users | id | group |
---|
root | 0 | 0 |
nonroot | 65532 | 65532 |
To define the nonroot user in a kubernetes pod/deployment you will need to set the securityContext as defined below:
Code Block |
---|
spec:
template:
spec:
securityContext:
runAsUser: 65532
fsGroup: 65532 |
Example Creating a Docker Image for Go ApplicationÂ
Code Block |
---|
# Start by building the application.
FROM golang:1.18 as build
WORKDIR /go/src/app
COPY . .
RUN go mod download
RUN CGO_ENABLED=0 go build -o /go/bin/app
# Now copy it into our base image.
FROM gcr.io/distroless/static-debian11
COPY --from=build /go/bin/app /
CMD ["/app"] |
References