security: use distroless base image to address critical Vulnerabilities

Command:
trivy image --severity CRITICAL gcr.io/etcd-development/etcd:v3.5.6 -f json -o 3.5.6_image_critical.json

Signed-off-by: Benjamin Wang <wachao@vmware.com>
This commit is contained in:
Benjamin Wang
2022-12-19 07:49:05 +08:00
parent 410a987cbf
commit b766840c3b
4 changed files with 21 additions and 8 deletions

View File

@@ -1,5 +1,9 @@
# TODO: move to k8s.gcr.io/build-image/debian-base-s390x:bullseye-1.y.z when patched
FROM s390x/debian:bullseye-20220328
FROM --platform=linux/s390x busybox:1.34.1 as source
FROM --platform=linux/s390x gcr.io/distroless/base-debian11
COPY --from=source /bin/sh /bin/sh
COPY --from=source /bin/mkdir /bin/mkdir
ADD etcd /usr/local/bin/
ADD etcdctl /usr/local/bin/