feat: Switch base image to debian from alpine.

[simar7]

This fixes the issue with not being able to run OPA/wasmas a rego runtime target.

The issue:

go: downloading github.com/bytecodealliance/wasmtime-go v0.30.0
go: downloading github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
# github.com/bytecodealliance/wasmtime-go
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /go/pkg/mod/github.com/bytecodealliance/[email protected]/build/linux-x86_64/libwasmtime.a(std-008055cc7d873802.std.cf1c8f7e-cgu.0.rcgu.o): in function `std::sys::unix::net::on_resolver_failure':
/rustc/c8dfcfe046a7680554bf4eb612bad840e7631c4b//library/std/src/sys/unix/net.rs:450: undefined reference to `__res_init'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:26: dist/tracee-rules] Error 2
make: *** [Makefile:43: dist/tracee-rules] Error 2
make[1]: Leaving directory '/tracee/tracee-rules'
The command '/bin/sh -c make' returned a non-zero code: 2
make: *** [Makefile:59: docker] Error 2

This is due to the issue: bytecodealliance/wasmtime-go#21
More conversation: https://openpolicyagent.slack.com/archives/C01V5E6LQN7/p1634084728014500

The alternate idea to use alpine base image + prop. libc (https://github.com/sgerrand/alpine-pkg-glibc) does not work and runs into the same issue. Therefore I went ahead with this approach.

Signed-off-by: Simar [email protected]

[yanivagman]

I understand the reasons you wrote for moving from alpine to debian.
Can you please have a look at #335 and share your thoghts about it?

[simar7]

I understand the reasons you wrote for moving from alpine to debian.
Can you please have a look at #335 and share your thoghts about it?

I understand the motivation with that PR was to reduce size and the size with this change look as follows:

tracee-alpine-slim   47.9MB

tracee-alpine-fat  360MB

tracee-debian-slim   151MB

tracee-debian-fat 1.28GB

It's quite a bit of increase but to guarantee functionality and eventually better performance as discussed previously (using WASM Rego runtime). But for this reason the departure from alpine is required, unless we can find a want to maintain a fork/build of wasmtime-go for musl/alpine.

Besides using debian as a base image, are there other options we could explore for reducing size (smaller than what we have with debian?)

[yanivagman]

Reducing size was not the only reason for this change.
Alpine images have a much smaller attack surface, which is also an important consideration.

I think this issue should be handled by the wasmtime project, and not by us introducing new dependencies to tracee (using glibc in that case).

[itaysk]

If not by wasmtime than by us compiling and vendoring it (if we decide to go all in on wasm)

I'm in favor of closing this one