Using baseless images for Cloudflow itself

[huntc]

Has any consideration been given to the distribution of Cloudflow Docker image "from scratch" i.e. without a base image?

The benefits of doing so include:

• less concern over the licenses of dependencies
• reduced security vulnerabilities as they are confined to the host operating system (and perhaps more easily addressed)
• smaller image sizes making distribution easier

Base images could also be introduced as a deploy-time concern via the kubectl cloudflow command e.g.

kubectl cloudflow deploy /path/to/sensor-data-scala/target/sensor-data-scala.json

...where sensor-data-scala.json provides a base image to be included.

[andreaTP]

The current images are based on Alpine Linux. This PR https://github.com/lightbend/cloudflow/pull/911 eases the path ahead on having "from scratch" base images.

We discussed various possible approaches to the problem:

• make the "distro dependent" commands directly and easily configurable, so that a user can swap the starting base image without much burden
• build on top of a distroless base (e.g. https://github.com/GoogleContainerTools/distroless) without adding additional tools (no wget/tar etc.etc.)