switch to distroless static

2025-12-01 07:26:05 +07:00 · 2022-02-07 20:48:07 -08:00
parent 53d0fd7536
commit ca68f7d4a2
2 changed files with 1 additions and 9 deletions
--- a/images/haproxy/Dockerfile
+++ b/images/haproxy/Dockerfile
@@ -54,7 +54,7 @@ RUN mkdir -p "${STAGE_DIR}" && \
 # See: https://github.com/GoogleContainerTools/distroless/tree/main/base
 # See: https://github.com/GoogleContainerTools/distroless/tree/main/cc
 # This has /etc/passwd, tzdata, cacerts, glibc, libssl, openssl, and libgcc1
-FROM "gcr.io/distroless/cc-debian11"
+FROM "gcr.io/distroless/static-debian11"

 ARG STAGE_DIR="/opt/stage"

--- a/images/haproxy/stage-binary-and-deps.sh
+++ b/images/haproxy/stage-binary-and-deps.sh
@@ -86,14 +86,6 @@ main(){

    # stage the dependencies of the binary
    while IFS= read -r c_dep; do
-        # skip libc, libgcc1 we already have this in the distroless images
-        # NOTE: debian10 -> libggc1, debian11 -> libgcc-s1
-        # https://github.com/GoogleContainerTools/distroless/blob/47cf1c0554fdfc71604af0b8f6e19072f62e4f93/cc/BUILD#L10-L14
-        pkg="$(file_to_package "${c_dep}")"
-        if [[ "${pkg}" == "libc6" || "${pkg}" == "libgcc1" || "${pkg}" == "libgcc-s1" ]]; then
-            continue
-        fi
-        # otherwise stage dependency
        stage_file "${c_dep}" "${STAGE_DIR}"
    done < <(binary_to_libraries "${binary_path}")
 }