gloo
gloo copied to clipboard
solo-io
Distroless
Gloo Edge Product
Open Source
Gloo Edge Version
1.15.x
Is your feature request related to a problem? Please describe.
Alpine is no longer supported for our purposes so we moved to ubuntu to mimic upstream and decided to hold off at the time on adding a distroless build. Turns out some of the libraries in the image used by upstream are include some packages we dont want to have around.
Describe the solution you'd like
Get a distroless option for those who dont want full ubuntu shenanagins
Describe alternatives you've considered
No response
Additional Context
No response
We no longer consider this a release blocker for 1.16. This is intended to be released in a subsequent patch release. Confirmed with @SantoDE
https://github.com/solo-io/gloo/issues/6084 is a duplicate issue. I am closing that one, in favor of this more recently created issue, but I wanted to keep the context
Definition of done:
- For 1.17, we will publish distroless variants of our images, in addition, to our existing images.
- We will make it possible in the Helm chart to define that distroless variants should be used
- We will provide user facing documentation around this functionality
- We will work with the field to enable adoption
List of problematic libraries that should not be included are :
- berkleydb
The following images now have a distroless variant :
- caching-ee
- discovery-ee
- discovery-ee-fips
- ext-auth-plugins
- extauth-ee
- extauth-ee-fips
- gloo-ee
- gloo-ee-envoy-wrapper
- gloo-ee-envoy-wrapper-fips
- gloo-ee-fips
- observability-ee
- rate-limit-ee
- rate-limit-ee-fips
- sds-ee
- sds-ee-fips
Having discussed on slack, have decided to :
- Add support for fed images
Adding distroless variants to all images created by gloo edge in https://github.com/solo-io/gloo/pull/9278
This will be in v1.17.0
Distroless images can be specified via the helm value global.image.variant to distroless or fips-distroless