From 9af9717f16f9ae18811195a78607f0b772db4b52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= <batuhan.apaydin@trendyol.com>
Date: Thu, 21 Jul 2022 09:37:56 +0300
Subject: [PATCH] chore: use new distroless base image provided by distroless
 org (#4219)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* chore: use new distroless base image provided by distroless org

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* chore: remove unnecessary user instruction

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
---
 cmd/cli/kubectl-kyverno/Dockerfile | 5 +----
 cmd/initContainer/Dockerfile       | 4 +---
 cmd/kyverno/Dockerfile             | 6 +-----
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/cmd/cli/kubectl-kyverno/Dockerfile b/cmd/cli/kubectl-kyverno/Dockerfile
index 66fc1b7958..8ae8f02f35 100644
--- a/cmd/cli/kubectl-kyverno/Dockerfile
+++ b/cmd/cli/kubectl-kyverno/Dockerfile
@@ -25,13 +25,10 @@ RUN --mount=type=bind,target=. \
     CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/cli/kubectl-kyverno/
 
 # Packaging stage
-FROM scratch
+FROM ghcr.io/distroless/static:latest
 
 LABEL maintainer="Kyverno"
 
 COPY --from=builder /output/kyverno /
-COPY --from=builder /etc/passwd /etc/passwd
-
-USER 10001
 
 ENTRYPOINT ["./kyverno"]
\ No newline at end of file
diff --git a/cmd/initContainer/Dockerfile b/cmd/initContainer/Dockerfile
index 20c7918543..041cd3a0b0 100644
--- a/cmd/initContainer/Dockerfile
+++ b/cmd/initContainer/Dockerfile
@@ -25,13 +25,11 @@ RUN --mount=type=bind,target=. \
     CGO_ENABLED=0 xx-go build -o /output/kyvernopre -ldflags="${LD_FLAGS}" -v ./cmd/initContainer/
 
 # Packaging stage
-FROM scratch
+FROM ghcr.io/distroless/static:latest
 
 LABEL maintainer="Kyverno"
 
 COPY --from=builder /output/kyvernopre /
-COPY --from=builder /etc/passwd /etc/passwd
 
-USER 10001
 
 ENTRYPOINT ["./kyvernopre"]
diff --git a/cmd/kyverno/Dockerfile b/cmd/kyverno/Dockerfile
index d533091be3..d386857f24 100644
--- a/cmd/kyverno/Dockerfile
+++ b/cmd/kyverno/Dockerfile
@@ -29,13 +29,9 @@ RUN --mount=type=bind,target=. \
     CGO_ENABLED=0 xx-go build -o /output/kyverno -ldflags="${LD_FLAGS}" -v ./cmd/kyverno/
 
 # Packaging stage
-FROM scratch
+FROM ghcr.io/distroless/static:latest
 
 LABEL maintainer="Kyverno"
 COPY --from=builder /output/kyverno /
-COPY --from=builder /etc/passwd /etc/passwd
-COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-
-USER 10001
 
 ENTRYPOINT ["./kyverno"]