Skip to content

Commit

Permalink
Update debug build base images to remove openssl
Browse files Browse the repository at this point in the history 
This completes the work started in #5540

Fixes #5544

We can't use distroless since they don't have a nossl cc image: GoogleContainerTools/distroless#1210

Chainguard have added this (-dev rather than :debug) to their image collection: chainguard-images/images#187

Following advice here, using their busybox is the best replacement for `gcr.io/distroless/static:debug` chainguard-images/images#368 (comment)

Signed-off-by: Charlie Egan <charlie@styra.com>
  • Loading branch information
@charlieegan3
charlieegan3 committed Mar 22, 2023
1 parent 9163bbd commit 107cace
Showing 1 changed file with 9 additions and 10 deletions.
19 changes: 9 additions & 10 deletions Makefile
View file
Expand Up @@ -335,32 +335,31 @@ ifneq ($(GOARCH),arm64) # build only static images for arm64
--build-arg BIN_DIR=$(RELEASE_DIR) \
--platform linux/$* \
.
# TODO: update busybox shell debug images to image without openssl
$(DOCKER) build \
-t $(DOCKER_IMAGE):$(VERSION)-debug \
--build-arg BASE=gcr.io/distroless/cc:debug \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic:latest-dev \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--platform linux/$* \
.
$(DOCKER) build \
-t $(DOCKER_IMAGE):$(VERSION)-rootless \
--build-arg OPA_DOCKER_IMAGE_TAG=rootless \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic:latest \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--platform linux/$* \
.
endif
$(DOCKER) build \
-t $(DOCKER_IMAGE):$(VERSION)-static \
--build-arg BASE=cgr.dev/chainguard/static \
--build-arg BASE=cgr.dev/chainguard/static:latest \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--build-arg BIN_SUFFIX=_static \
--platform linux/$* \
.

$(DOCKER) build \
-t $(DOCKER_IMAGE):$(VERSION)-static-debug \
--build-arg BASE=gcr.io/distroless/static:debug \
--build-arg BASE=cgr.dev/chainguard/busybox:latest-glibc \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--build-arg BIN_SUFFIX=_static \
--platform linux/$* \
Expand All @@ -371,31 +370,31 @@ endif
push-manifest-list-%: ensure-executable-bin
$(DOCKER) buildx build \
--tag $(DOCKER_IMAGE):$* \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic:latest \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--platform $(DOCKER_PLATFORMS) \
--push \
.
# TODO: update busybox shell debug images to image without openssl
$(DOCKER) buildx build \
--tag $(DOCKER_IMAGE):$*-debug \
--build-arg BASE=gcr.io/distroless/cc:debug \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic:latest-dev \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--platform $(DOCKER_PLATFORMS) \
--push \
.
$(DOCKER) buildx build \
--tag $(DOCKER_IMAGE):$*-rootless \
--build-arg OPA_DOCKER_IMAGE_TAG=rootless \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic \
--build-arg BASE=cgr.dev/chainguard/cc-dynamic:latest \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--platform $(DOCKER_PLATFORMS) \
--push \
.

$(DOCKER) buildx build \
--tag $(DOCKER_IMAGE):$*-static \
--build-arg BASE=cgr.dev/chainguard/static \
--build-arg BASE=cgr.dev/chainguard/static:latest \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--build-arg BIN_SUFFIX=_static \
--platform $(DOCKER_PLATFORMS_STATIC) \
Expand All @@ -404,7 +403,7 @@ push-manifest-list-%: ensure-executable-bin

$(DOCKER) buildx build \
--tag $(DOCKER_IMAGE):$*-static-debug \
--build-arg BASE=gcr.io/distroless/static:debug \
--build-arg BASE=cgr.dev/chainguard/busybox:latest-glibc \
--build-arg BIN_DIR=$(RELEASE_DIR) \
--build-arg BIN_SUFFIX=_static \
--platform $(DOCKER_PLATFORMS_STATIC) \
Expand Down

0 comments on commit 107cace

Please sign in to comment.