distroless image not really distroless? Not running under alpine.. #35008
Description
hi guys
my struggle is with dockerizing envoy. specifially, i have a component that needs an alpine base image.
i am aware that there was envoy-alpine builds, but those are deprecated in favor of the distroless images (as mentioned in #21758). but it seems they are not really distroless, as they are not able to run inside an alpine container.
first, we start with a simple dockerfile:
FROM alpine:3
COPY --from=envoyproxy/envoy:distroless-v1.30.3 /usr/local/bin/envoy /usr/local/bin/envoy
RUN chmod +x /usr/local/bin/envoy
let's build and try to use it
$ docker build -t alp -f Dockerfile-alpine .
$ docker run --rm -ti alp /usr/local/bin/envoy --help
exec /usr/local/bin/envoy: no such file or directory
hm, let's see ldd output:
$ docker run --rm -ti alp ldd /usr/local/bin/envoy
/lib64/ld-linux-x86-64.so.2 (0x7ff9fd73f000)
libm.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7ff9fd73f000)
librt.so.1 => /lib64/ld-linux-x86-64.so.2 (0x7ff9fd73f000)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x7ff9fd73f000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7ff9fd73f000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7ff9fd73f000)
Error loading shared library
: No such file or directory (needed by /usr/local/bin/envoy)
Error relocating /usr/local/bin/envoy: __memcpy_chk: symbol not found
Error relocating /usr/local/bin/envoy: __memset_chk: symbol not found
Error relocating /usr/local/bin/envoy: __strcpy_chk: symbol not found
Error relocating /usr/local/bin/envoy: __strncpy_chk: symbol not found
Error relocating /usr/local/bin/envoy: __fdelt_chk: symbol not found
Error relocating /usr/local/bin/envoy: fcntl64: symbol not found
Error relocating /usr/local/bin/envoy: pthread_cond_clockwait: symbol not found
Error relocating /usr/local/bin/envoy: __memmove_chk: symbol not found
ok - let's try to add some musl/glibc/compat things as suggested over the internet
apk add --no-cache libc6-compat gcompat musl-dev
build and run again
$ docker run --rm -ti alp ldd /usr/local/bin/envoy
/lib64/ld-linux-x86-64.so.2 (0x7f70eed88000)
libm.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f70eed88000)
librt.so.1 => /lib64/ld-linux-x86-64.so.2 (0x7f70eed88000)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x7f70eed88000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7f70eed88000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f70eed88000)
ld-linux-x86-64.so.2 => /lib/ld-linux-x86-64.so.2 (0x7f70e9e99000)
Error relocating /usr/local/bin/envoy: __memcpy_chk: symbol not found
Error relocating /usr/local/bin/envoy: __memset_chk: symbol not found
Error relocating /usr/local/bin/envoy: __strcpy_chk: symbol not found
Error relocating /usr/local/bin/envoy: __strncpy_chk: symbol not found
Error relocating /usr/local/bin/envoy: __fdelt_chk: symbol not found
Error relocating /usr/local/bin/envoy: fcntl64: symbol not found
Error relocating /usr/local/bin/envoy: pthread_cond_clockwait: symbol not found
Error relocating /usr/local/bin/envoy: __memmove_chk: symbol not found
Error relocating /usr/local/bin/envoy: __vsnprintf_chk: symbol not found
Error relocating /usr/local/bin/envoy: backtrace: symbol not found
Error relocating /usr/local/bin/envoy: backtrace_symbols: symbol not found
Error relocating /usr/local/bin/envoy: __longjmp_chk: symbol not found
Error relocating /usr/local/bin/envoy: strtoll_l: symbol not found
Error relocating /usr/local/bin/envoy: strtoull_l: symbol not found
Error relocating /usr/local/bin/envoy: __cxa_thread_atexit_impl: symbol not found
Error relocating /usr/local/bin/envoy: __register_atfork: symbol not found
Error relocating /usr/local/bin/envoy: __libc_stack_end: symbol not found
now it seems all *.so files are found but we still have those symbol not found errors.
Assumption?
The name distroless suggests that it is truly a portable, statically linked binary. Many (especially golang) projects provide similar binaries which run on alpine without any issues. Is this assumption incorrect? Shouldn't it also run under alpine?
Thanks so much for all your efforts, love the project!