Add Dockerfile template for distroless in native mode #14315
Conversation
ghost
added
area/codestarts
area/devtools
| COPY {buildtool.build-dir}/*-runner /application | ||
|
|
||
| EXPOSE 8080 | ||
| USER 1001 |
There was a problem hiding this comment.
There are only 3 users in distroless passwd file: root (0), nobody (65534) and nonroot (65532)
https://github.com/GoogleContainerTools/distroless/blob/master/base/testdata/base.yaml#L40
There was a problem hiding this comment.
nonroot should be good.
nobody might be too limited.
|
+1 here However it may make sense to keep the tag as future graalVM version might require more/fewer libs to run which could create issues for our users. |
|
About the tag, we can fix this in quarkus-images, as we do for the binary s2i (using the permanent 1.0 flag) |
|
Since the PR https://github.com/quarkusio/quarkus-images/pull/121/files has been merged to use 1.0 I think this PR is ready to review @cescoffier |
|
LGTM |
|
@ia3andy do we have to maintain the ftl templates or could we get rid of them now? Or at least decide we don't add new ones? |
|
@gsmet I think we can drop the legacy support now, we need a PR for this. I believe @aloubyansky has removed it on his new platform branch, but I am not sure when it's going to get in. |
A PR to build a distroless image has been merged here : quarkusio/quarkus-images#118
This PR adds a new Dockerfile template to showcase how to use it.
Question :
Do we really need graalvm version + java version in the image tag name ? Since this is a distroless version, java is not installed in the image so it may be confusing.
A next step could be to update the guide. What do you think ?
cc @cescoffier and @matthyx