Add minimal image

Dockerfile

@@ -1,4 +1,5 @@
 ARG BASE_IMAGE_FULL
+ARG BASE_IMAGE_MINIMAL
 # Build the manager biinary
 FROM golang:1.16.7-buster as builder
 
@@ -15,14 +16,21 @@ COPY . .
 RUN make build
 
 # Create production image for running the operator
-FROM ${BASE_IMAGE_FULL}
+FROM ${BASE_IMAGE_FULL} as full
 COPY --from=builder /workspace/node-feature-discovery-operator /
-
-RUN mkdir -p /opt/nfd
-COPY build/assets /opt/nfd
+COPY --from=builder /workspace/build/assets /opt/nfd
 
 RUN useradd nfd-operator
 USER nfd-operator
 
 ENTRYPOINT ["/node-feature-discovery-operator"]
 LABEL io.k8s.display-name="node-feature-discovery-operator"
+
+# Create a minimal image for running the operator
+FROM ${BASE_IMAGE_MINIMAL} as minimal
+COPY --from=builder /workspace/node-feature-discovery-operator /
+COPY --from=builder /workspace/build/assets /opt/nfd
+
+ENTRYPOINT ["/node-feature-discovery-operator"]
+LABEL io.k8s.display-name="node-feature-discovery-operator"
+

Makefile

@@ -65,6 +65,7 @@ IMAGE_REPO ?= $(IMAGE_REGISTRY)/$(IMAGE_NAME)
 IMAGE_TAG ?= $(IMAGE_REPO):$(IMAGE_TAG_NAME)
 IMAGE_EXTRA_TAGS := $(foreach tag,$(IMAGE_EXTRA_TAG_NAMES),$(IMAGE_REPO):$(tag))
 BASE_IMAGE_FULL ?= debian:buster-slim
+BASE_IMAGE_MINIMAL ?= gcr.io/distroless/base
 
 IMAGE_TAG_RBAC_PROXY ?= gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
 
@@ -161,18 +162,32 @@ clean-labels:
 generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="utils/boilerplate.go.txt" paths="./..."
 
-# Build the docker image
+# Build the container image
 image:
 	$(IMAGE_BUILD_CMD) -t $(IMAGE_TAG) \
+		--target full \
 		--build-arg BASE_IMAGE_FULL=$(BASE_IMAGE_FULL) \
+		--build-arg BASE_IMAGE_MINIMAL=$(BASE_IMAGE_MINIMAL) \
 		$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)) \
 		$(IMAGE_BUILD_EXTRA_OPTS) ./
 
-# Push the docker image
-push:
+image-minimal:
+	$(IMAGE_BUILD_CMD) -t $(IMAGE_TAG)-minimal \
+		--target minimal \
+		--build-arg BASE_IMAGE_FULL=$(BASE_IMAGE_FULL) \
+		--build-arg BASE_IMAGE_MINIMAL=$(BASE_IMAGE_MINIMAL) \
+		$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)-minimal) \
+		$(IMAGE_BUILD_EXTRA_OPTS) ./
+
+# Push the container image
+push: 
 	$(IMAGE_PUSH_CMD) $(IMAGE_TAG)
 	for tag in $(IMAGE_EXTRA_TAGS); do $(IMAGE_PUSH_CMD) $$tag; done
 
+push-minimal:
+	$(IMAGE_PUSH_CMD) $(IMAGE_TAG)-minimal
+	for tag in $(IMAGE_EXTRA_TAGS); do $(IMAGE_PUSH_CMD) $$tag; done
+
 site-build:
 	@mkdir -p docs/vendor/bundle
 	$(SITE_BUILD_CMD) sh -c '/usr/local/bin/bundle install && "$$BUNDLE_BIN/jekyll" build $(JEKYLL_OPTS)'

docs/advanced/developer-guide.md

@@ -30,13 +30,27 @@ IMAGE_REGISTRY=<my registry>
 make image
 ```
 
+Or for the `minimal` variant
+
+```bash
+IMAGE_REGISTRY=<my registry>
+make image-minimal
+```
+
 #### Push the container image
 
 ```bash
 IMAGE_REGISTRY=<my registry>
 make push
 ```
 
+Or for the `minimal` variant
+
+```bash
+IMAGE_REGISTRY=<my registry>
+make push-minimal
+```
+
 Alternatively, instead of specifying variables on the command line,
 you can edit the Makefile to permanently change parameter defaults
 like name of the image or namespace where the operator is deployed.

docs/get-started/quick-start.md

@@ -4,6 +4,12 @@ layout: default
 sort: 2
 ---
 
+# Requirements
+
+1. Linux (x86_64/Arm64/Arm)
+1. [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl)
+   (properly set up and configured to work with your Kubernetes cluster)
+
 # Quick start
 
 Get the source code
@@ -25,6 +31,27 @@ Create a NodeFeatureDiscovery instance
 kubectl apply -f config/samples/nfd.kubernetes.io_v1_nodefeaturediscovery.yaml
 ```
 
+## Image variants
+
+Node-Feautre-Discovery-Operator currently offers two variants
+of the container image. The "full" variant is currently
+deployed by default.
+
+### Full
+
+This image is based on
+[debian:buster-slim](https://hub.docker.com/_/debian) and contains a full Linux
+system for doing live debugging and diagnosis of the operator.
+
+### Minimal
+
+This is a minimal image based on
+[gcr.io/distroless/base](https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md)
+and only supports running statically linked binaries.
+
+The container image tag has suffix `-minimal`
+(e.g. `{{ site.container_image }}-minimal`)
+
 ## Verify
 
 The Operator will deploy NFD based on the information

scripts/test-infra/build-image.sh

@@ -1,3 +1,3 @@
 #!/bin/bash -e
 
-make image
+make image image-minimal

scripts/test-infra/push-image.sh

@@ -5,5 +5,5 @@
 # container image tag
 VERSION_OVERRIDE=${_GIT_TAG+VERSION=${_GIT_TAG:10}}
 
-make image $VERSION_OVERRIDE
-make push $VERSION_OVERRIDE
+make image image-minimal $VERSION_OVERRIDE
+make push push-minimal $VERSION_OVERRIDE