Skip to content
This repository was archived by the owner on Jun 4, 2024. It is now read-only.

Update base docker images to use Debian 12 distroless static image#928

Merged
reedloden merged 1 commit intomasterfrom
reed/distroless-debian12
Sep 26, 2023
Merged

Update base docker images to use Debian 12 distroless static image#928
reedloden merged 1 commit intomasterfrom
reed/distroless-debian12

Conversation

@reedloden
Copy link
Copy Markdown
Contributor

@reedloden reedloden commented Sep 25, 2023
edited
Loading

Instead of chasing ever-changing commit hashes, just use the apppropriate tag for the distroless image. This aligns things to how teleport is handled (gravitational/teleport#31620).

Additionally, standardize on Debian 12 for everything (instead of a mix of 11 and 12). Also, use static over base. This means no glibc or libssl, which should be fine for these plugins.

Alternative to #924 and #915.

@reedloden reedloden added release-engineering Related to release engineering security Security Issues labels Sep 25, 2023
@reedloden reedloden requested a review from wadells September 25, 2023 22:13
@reedloden reedloden self-assigned this Sep 25, 2023
@reedloden reedloden mentioned this pull request Sep 25, 2023
Closed
@reedloden reedloden force-pushed the reed/distroless-debian12 branch from 6d64f30 to edc30fd Compare September 26, 2023 02:25
@reedloden reedloden changed the title Update base docker images to use Debian 12 distroless base image Update base docker images to use Debian 12 distroless static image Sep 26, 2023
@reedloden
Update base docker images to use Debian 12 distroless base image
b02a444 
Instead of chasing ever-changing commit hashes, just use the apppropriate
tag for the distroless image. This aligns things to how `teleport` is handled.

Additionally, standardize on Debian 12 for everything (instead of a mix of 11 and 12).

Alternative to #924 and #915.
@reedloden reedloden force-pushed the reed/distroless-debian12 branch from edc30fd to b02a444 Compare September 26, 2023 02:29
@reedloden reedloden merged commit efa67e1 into master Sep 26, 2023
@reedloden reedloden deleted the reed/distroless-debian12 branch September 26, 2023 02:35
@espadolini
Copy link
Copy Markdown
Contributor

espadolini commented Sep 29, 2023

This broke public.ecr.aws/gravitational/teleport-plugin-slack:14.0.1 because the binary inside is very much not static:

teleport-plugin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, Go BuildID=sb62wjCeHYTZN85Ku79e/28AjXaQ3faKD7cS4g4oB/AANtv5x_00Dhqk0pNj65/Zzx2amhxFyifyIEYnEzk, stripped

@espadolini espadolini mentioned this pull request Sep 29, 2023
Closed
reedloden added a commit that referenced this pull request Sep 29, 2023
@reedloden
Compile plugins as static (CGO_BUILD=0)
9db59c1 
The change to distroless static in #928 broke plugin binaries, as the distroless image
doesn't have glibc. However, there's no reason for the plugins to need glibc,
so just change them to all `CGO_BUILD=0`.

Additionally, fix one place where `GO_VERSION` wasn't properly set/updated.

Fixes #935.
@reedloden reedloden mentioned this pull request Sep 29, 2023
Merged
reedloden added a commit that referenced this pull request Sep 29, 2023
@reedloden
Compile plugins as static (CGO_ENABLED=0)
1bc2b3d 
The change to distroless static in #928 broke plugin binaries, as the distroless image
doesn't have glibc. However, there's no reason for the plugins to need glibc,
so just change them to all `CGO_ENABLED=0`.

Additionally, some minor fixes:
* Change one place where `GO_VERSION` wasn't properly set/updated.
* Correct build process for `access/email`.
* Remove reference to previously removed `access/example`.

Fixes #935.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@wadells wadells Awaiting requested review from wadells

@klizhentas klizhentas Awaiting requested review from klizhentas klizhentas is a code owner

@russjones russjones Awaiting requested review from russjones russjones is a code owner

@r0mant r0mant Awaiting requested review from r0mant r0mant is a code owner

@Joerger Joerger Awaiting requested review from Joerger Joerger is a code owner

@zmb3 zmb3 Awaiting requested review from zmb3 zmb3 is a code owner

@camscale camscale Awaiting requested review from camscale camscale is a code owner

@fheinecke fheinecke Awaiting requested review from fheinecke fheinecke is a code owner

@marcoandredinis marcoandredinis Awaiting requested review from marcoandredinis

@strideynet strideynet Awaiting requested review from strideynet

2 more reviewers

@tcsc tcsc tcsc approved these changes

@jakule jakule jakule approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@reedloden reedloden

Labels

release-engineering Related to release engineering security Security Issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@reedloden @espadolini @tcsc @jakule