Use distroless image for operator image (#533)

* Use distroless image for operator image To avoid security issues switch to usage of distroless image. Also bumped go version to 1.19 Fixes: #508 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Add user setting in Dockerfile Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Revert setting USER in Dockerfile Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Use cr.io/distroless/static-debian11 Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Introduce DISTROLESS_DOCKER_REGISTRY arg Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> * Drop DISTROLESS_DOCKER_REGISTRY from Makefile Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com> --------- Signed-off-by: Ann Taraday <akamyshnikova@mirantis.com>
pravega · Mar 14, 2023 · 3d3e647 · 3d3e647
1 parent a4a345f
commit 3d3e647
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 9 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,7 @@
 ARG DOCKER_REGISTRY
-ARG ALPINE_VERSION=3.15
-FROM ${DOCKER_REGISTRY:+$DOCKER_REGISTRY/}golang:1.18-alpine${ALPINE_VERSION} as go-builder
+ARG DISTROLESS_DOCKER_REGISTRY
+ARG ALPINE_VERSION=3.17
+FROM ${DOCKER_REGISTRY:+$DOCKER_REGISTRY/}golang:1.19-alpine${ALPINE_VERSION} as go-builder
 
 ARG PROJECT_NAME=zookeeper-operator
 ARG REPO_PATH=github.com/pravega/$PROJECT_NAME
@@ -28,14 +29,10 @@ COPY controllers/ controllers/
 RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o /src/${PROJECT_NAME} \
     -ldflags "-X ${REPO_PATH}/pkg/version.Version=${VERSION} -X ${REPO_PATH}/pkg/version.GitSHA=${GIT_SHA}" main.go
 
-FROM ${DOCKER_REGISTRY:+$DOCKER_REGISTRY/}alpine:${ALPINE_VERSION} AS final
-
+FROM ${DISTROLESS_DOCKER_REGISTRY:-gcr.io/}distroless/static-debian11:nonroot AS final
 
 ARG PROJECT_NAME=zookeeper-operator
 
 COPY --from=go-builder /src/${PROJECT_NAME} /usr/local/bin/${PROJECT_NAME}
 
-RUN adduser -D ${PROJECT_NAME}
-USER ${PROJECT_NAME}
-
 ENTRYPOINT ["/usr/local/bin/zookeeper-operator"]
diff --git a/Makefile b/Makefile
@@ -130,10 +130,11 @@ build-go:
 		-o bin/$(EXPORTER_NAME)-windows-amd64.exe cmd/exporter/main.go
 
 build-image:
-	docker build --build-arg VERSION=$(VERSION) --build-arg DOCKER_REGISTRY=$(DOCKER_REGISTRY) --build-arg GIT_SHA=$(GIT_SHA) -t $(REPO):$(VERSION) .
+	docker build --build-arg VERSION=$(VERSION) --build-arg DOCKER_REGISTRY=$(DOCKER_REGISTRY) --build-arg DISTROLESS_DOCKER_REGISTRY=$(DISTROLESS_DOCKER_REGISTRY) --build-arg GIT_SHA=$(GIT_SHA) -t $(REPO):$(VERSION) .
 	docker tag $(REPO):$(VERSION) $(REPO):latest
 
 build-zk-image:
+
 	docker build --build-arg VERSION=$(VERSION)  --build-arg DOCKER_REGISTRY=$(DOCKER_REGISTRY) --build-arg GIT_SHA=$(GIT_SHA) -t $(APP_REPO):$(VERSION) ./docker
 	docker tag $(APP_REPO):$(VERSION) $(APP_REPO):latest
 

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/pravega/zookeeper-operator
 
-go 1.18
+go 1.19
 
 require (
 	github.com/ghodss/yaml v1.0.0