security: use distroless base image to address critical Vulnerabilities

Command: trivy image --severity CRITICAL gcr.io/etcd-development/etcd:v3.4.22 -f json -o 3.4.22_image_critical.json Signed-off-by: Benjamin Wang <wachao@vmware.com>
2024-09-27 06:25:44 +00:00 · 2022-12-19 08:04:42 +08:00
parent 9d37e7626a
commit c1bec6bd97
3 changed files with 15 additions and 6 deletions
--- a/Dockerfile-release.ppc64le
+++ b/Dockerfile-release.ppc64le
@@ -1,5 +1,8 @@
-# TODO: move to k8s.gcr.io/build-image/debian-base-ppc64le:bullseye-1.y.z when patched
-FROM ppc64le/debian:bullseye-20210927
+FROM --platform=linux/ppc64le busybox:1.34.1 as source
+FROM --platform=linux/ppc64le gcr.io/distroless/base-debian11
+
+COPY --from=source /bin/sh /bin/sh
+COPY --from=source /bin/mkdir /bin/mkdir

 ADD etcd /usr/local/bin/
 ADD etcdctl /usr/local/bin/