Scratch image as base image of Skipper docker image

[sepehrdaddev]

Is your feature request related to a problem? Please describe. Today skipper uses alpine 3 as a docker base image for docker images, while alpine 3 is one of most minimal docker images out there, it still comes with some unnecessary things such as busybox which can increase the security risk due to its increased attack surface.

Describe the solution you would like Being a Go application, skipper can be used as a static binary and packaged as a docker image using scratch as a base and ca-certificates. as ca-certificates are the only necessary things needs to run skipper (apart from the static builds), this will reduce the attack surface drastically and hence lower risk of any breaches.

Would you like to work on it? Yes, but no time (likely)

[Ritish134]

Are you looking for these configurations in a docker image ??

Dockerfile

• Start from scratch FROM scratch

• Copy ca-certificates COPY --from=alpine:latest /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

• Copy the Skipper binary into the container COPY skipper /skipper

• Set the entry point for Skipper ENTRYPOINT ["/skipper"]

[szuecs]

@Ritish134 yes

[Ritish134]

Could you please guide what next steps to perform to solve this issue ...

[szuecs]

@Ritish134 either you do it or someone else will do it or we decide it's a nice idea but we won't have time. Feel free to learn more about the topic, but we can't guide you there.

[szuecs]

This issue can be dangerous to do, because it can break all kind of readinessProbes or livenessProbes. I added label "architectural" and "breaking change" because it seems to be very dangerous change, but looks "simple".