Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(kuma-init): use distroless image #5945

Merged
merged 9 commits into from
Oct 22, 2024
Merged

chore(kuma-init): use distroless image #5945

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
14d439f
chore(kuma-init): use distroless image
slonka Oct 21, 2024
8e2144f
Update tools/releases/dockerfiles/kuma-init.Dockerfile
slonka Oct 21, 2024
681a553
Update tools/releases/dockerfiles/kuma-init.Dockerfile
slonka Oct 21, 2024
a92e4d9
chore(kuma-init): try adding a user
slonka Oct 21, 2024
70668ef
chore(kuma-init): try adding a user copying passwd and group
slonka Oct 21, 2024
b4ede73
chore(kuma-init): add to dockerignore
slonka Oct 21, 2024
e606921
chore(kuma-init): remove fdescribe
slonka Oct 21, 2024
49ba919
Merge branch 'master' into chore/use-distroless-iptables-img
slonka Oct 21, 2024
9afa7fb
chore(ci): kick ci
slonka Oct 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions tools/releases/dockerfiles/kuma-init.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
# until there is a distroless iptables image we have to use something else
FROM ubuntu:jammy-20240808@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658
FROM gcr.io/k8s-staging-build-image/distroless-iptables:v0.6.4
ARG ARCH

RUN apt-get update && \
apt-get install --no-install-recommends -y iptables=1.8.7-1ubuntu5.2 iproute2=5.15.0-1ubuntu2 && \
jijiechen marked this conversation as resolved.
Show resolved Hide resolved
rm -rf /var/lib/apt/lists/*

COPY /build/artifacts-linux-$ARCH/kumactl/kumactl /usr/bin

# this will be from a base image once it is done
Expand All @@ -15,7 +10,9 @@ COPY /tools/releases/templates/LICENSE \

COPY /tools/releases/templates/NOTICE /kuma/NOTICE

RUN adduser --system --disabled-password --group kumactl --uid 5678
# Copy modified system files
COPY /tools/releases/templates/passwd /etc/passwd
COPY /tools/releases/templates/group /etc/group

ENTRYPOINT ["/usr/bin/kumactl"]
CMD ["install", "transparent-proxy"]
2 changes: 2 additions & 0 deletions tools/releases/dockerfiles/kuma-init.Dockerfile.dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,5 @@
!tools/releases/templates/LICENSE
!tools/releases/templates/NOTICE
!tools/releases/templates/README
!tools/releases/templates/group
!tools/releases/templates/passwd
6 changes: 6 additions & 0 deletions tools/releases/templates/group
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
root:x:0:
nobody:x:65534:
tty:x:5:
staff:x:50:
nonroot:x:65532:
slonka marked this conversation as resolved.
Show resolved Hide resolved
kumactl:x:5678:
4 changes: 4 additions & 0 deletions tools/releases/templates/passwd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
root:x:0:0:root:/root:/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/sbin/nologin
nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin
slonka marked this conversation as resolved.
Show resolved Hide resolved
kumactl:x:5678:5678::/tmp:/usr/sbin/nologin
Loading