From 097eb1557d9181b8a939bbe97568a901d0bf17ea Mon Sep 17 00:00:00 2001 From: Ilya Lobkov Date: Tue, 22 Oct 2024 10:21:39 +0200 Subject: [PATCH] chore(kuma-init): use distroless image (#5945) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ilya Lobkov --------- Signed-off-by: slonka Signed-off-by: Krzysztof SÅ‚onka Co-authored-by: slonka --- tools/releases/dockerfiles/kuma-init.Dockerfile | 12 +++++++----- .../dockerfiles/kuma-init.Dockerfile.dockerignore | 2 ++ tools/releases/templates/group | 6 ++++++ tools/releases/templates/passwd | 4 ++++ 4 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 tools/releases/templates/group create mode 100644 tools/releases/templates/passwd diff --git a/tools/releases/dockerfiles/kuma-init.Dockerfile b/tools/releases/dockerfiles/kuma-init.Dockerfile index c92db93e6a3a..0f085517c0b8 100644 --- a/tools/releases/dockerfiles/kuma-init.Dockerfile +++ b/tools/releases/dockerfiles/kuma-init.Dockerfile @@ -1,11 +1,11 @@ +<<<<<<< HEAD # until there is a distroless iptables image we have to use something else FROM ubuntu:jammy-20240227@sha256:77906da86b60585ce12215807090eb327e7386c8fafb5402369e421f44eff17e +======= +FROM gcr.io/k8s-staging-build-image/distroless-iptables:v0.6.4 +>>>>>>> d5963e709 (chore(kuma-init): use distroless image (#5945)) ARG ARCH -RUN apt-get update && \ - apt-get install --no-install-recommends -y iptables=1.8.7-1ubuntu5.2 iproute2=5.15.0-1ubuntu2 && \ - rm -rf /var/lib/apt/lists/* - COPY /build/artifacts-linux-$ARCH/kumactl/kumactl /usr/bin # this will be from a base image once it is done @@ -15,7 +15,9 @@ COPY /tools/releases/templates/LICENSE \ COPY /tools/releases/templates/NOTICE /kuma/NOTICE -RUN adduser --system --disabled-password --group kumactl --uid 5678 +# Copy modified system files +COPY /tools/releases/templates/passwd /etc/passwd +COPY /tools/releases/templates/group /etc/group ENTRYPOINT ["/usr/bin/kumactl"] CMD ["install", "transparent-proxy"] diff --git a/tools/releases/dockerfiles/kuma-init.Dockerfile.dockerignore b/tools/releases/dockerfiles/kuma-init.Dockerfile.dockerignore index 775c81c5eac4..861f929582fc 100644 --- a/tools/releases/dockerfiles/kuma-init.Dockerfile.dockerignore +++ b/tools/releases/dockerfiles/kuma-init.Dockerfile.dockerignore @@ -6,3 +6,5 @@ !tools/releases/templates/LICENSE !tools/releases/templates/NOTICE !tools/releases/templates/README +!tools/releases/templates/group +!tools/releases/templates/passwd diff --git a/tools/releases/templates/group b/tools/releases/templates/group new file mode 100644 index 000000000000..d2be2d8a2fd3 --- /dev/null +++ b/tools/releases/templates/group @@ -0,0 +1,6 @@ +root:x:0: +nobody:x:65534: +tty:x:5: +staff:x:50: +nonroot:x:65532: +kumactl:x:5678: diff --git a/tools/releases/templates/passwd b/tools/releases/templates/passwd new file mode 100644 index 000000000000..9287b9197f5c --- /dev/null +++ b/tools/releases/templates/passwd @@ -0,0 +1,4 @@ +root:x:0:0:root:/root:/sbin/nologin +nobody:x:65534:65534:nobody:/nonexistent:/sbin/nologin +nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin +kumactl:x:5678:5678::/tmp:/usr/sbin/nologin