This repository contains the code to build a small and secure distroless docker image for Flood running as an unprivileged user. The final images are built and hosted on the dockerhub and the documentation is hosted on gitlab pages
- 🥑 distroless minimal image
- 🤏 As few Docker layers as possible
- 🛡️ only basic runtime dependencies
- 🛡️ Runs as unprivileged user with minimal permissions
$ docker run -v /your/data/path/:/data \
-v /etc/localtime:/etc/localtime:ro \
-p 3000:3000 \
--read-only \
--user 1000:1000 \
guillaumedsde/flood-distroless:latest
version: "3.3"
services:
flood-distroless:
volumes:
- "/your/data/path/:/data"
- "/etc/localtime:/etc/localtime:ro"
ports:
- "3000:3000"
read_only: true
user: 1000:1000
image: "guillaumedsde/flood-distroless:latest"
Currently this container supports only one (but widely used) platform:
- linux/amd64
I am waiting to see if Google implement their distroless Java images for other platforms (e.g. ARM based), for more information, see here or here
A couple of projects really helped me out while developing this container:
- 💽 Flood the awesome software
- 🏁 s6-overlay A simple, relatively small yet powerful set of init script for managing processes (especially in docker containers)
- 🥑 Google's distroless base docker images
- 🐋 The Docker project (of course)