Convert from alpine to distroless image with shell
115 views
Skip to first unread message
Shahria Kazi
Jan 11, 2022, 10:26:59 PM1/11/22
to Distroless Users
Greetings distroless community,
I am trying to convert the below Dockerfile to build off of a distroless base image instead of an alpine image.
FROM alpine:3.7
WORKDIR /
CMD ["/bin/sh", "-c", "--"]
The only problem is that the Deployment resource where this container image is being used has some shell commands, hence i need to install shell into the distroless image. Below is part of the Deployment yaml file:
containers:
- name: my-container
image: {{ .Values.image.acr }}
imagePullPolicy: Always
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do sleep 60; done;" ]
So far, I have tried to build the image using multi-stage builds, however, it's still not working for me:
FROM alpine:3.7 as builder
WORKDIR /
CMD ["/bin/sh", "-c", "--"]
FROM gcr.io/distroless/static
COPY --from=builder / /bin
When I run the container, i see this error: Error: failed to create containerd task: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown.
FROM alpine:3.7
WORKDIR /
CMD ["/bin/sh", "-c", "--"]
The only problem is that the Deployment resource where this container image is being used has some shell commands, hence i need to install shell into the distroless image. Below is part of the Deployment yaml file:
containers:
- name: my-container
image: {{ .Values.image.acr }}
imagePullPolicy: Always
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do sleep 60; done;" ]
So far, I have tried to build the image using multi-stage builds, however, it's still not working for me:
FROM alpine:3.7 as builder
WORKDIR /
CMD ["/bin/sh", "-c", "--"]
FROM gcr.io/distroless/static
COPY --from=builder / /bin
When I run the container, i see this error: Error: failed to create containerd task: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown.
In addition, I have tried to install shell into the image using this command:
RUN apt-get update && apt-get install bash
however, the command itself requires shell being present. I was not able to find anything online related to this. I will appreciate your help!
Andrew Latham
Jan 11, 2022, 10:43:20 PM1/11/22
to Distroless Users
Shahria
Distroless' design will likely not fit your use case. If you need the shell then you may want to use a full distro.
--
You received this message because you are subscribed to the Google Groups "Distroless Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to distroless-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/distroless-users/32b82bc2-65ce-4518-970a-19063f6386ban%40googlegroups.com.
- Andrew "lathama" Latham -
Evan Jones
Jan 12, 2022, 7:50:36 AM1/12/22
to distrole...@googlegroups.com
There are two workarounds if you really still want to use distroless;
1. Use the :debug images: They include busybox, which has an implementation of /bin/sh. This should likely "just work" with the Dockerfile you shared?
2. Install bash (or some other shell) from Debian into your image. I have done this to install graphviz and its dependent libraries into a Distroless image. You will need to modify this example, but this should give you a general idea: https://github.com/evanj/pprofweb/blob/master/Dockerfile#L1-L7
--
You received this message because you are subscribed to the Google Groups "Distroless Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to distroless-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/distroless-users/32b82bc2-65ce-4518-970a-19063f6386ban%40googlegroups.com.
Evan Jones
https://www.evanjones.ca/
https://www.evanjones.ca/
Reply all
Reply to author
Forward
0 new messages