Merge pull request #1027 from marquiz/devel/image-full

images: base the default image on distroless/base

Makefile

@@ -73,14 +73,15 @@ IMAGE_BUILD_ARGS = --build-arg VERSION=$(VERSION) \
                 --build-arg BASE_IMAGE_MINIMAL=$(BASE_IMAGE_MINIMAL)
 
 IMAGE_BUILD_ARGS_FULL = --target full \
-                	-t $(IMAGE_TAG) \
-	    		$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)) \
-	    		$(IMAGE_BUILD_EXTRA_OPTS) ./
+                        -t $(IMAGE_TAG)-full \
+                        $(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)-full) \
+                        $(IMAGE_BUILD_EXTRA_OPTS) ./
 
 IMAGE_BUILD_ARGS_MINIMAL = --target minimal \
-                	   -t $(IMAGE_TAG)-minimal \
-	            	   $(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)-minimal) \
-	            	   $(IMAGE_BUILD_EXTRA_OPTS) ./
+                           -t $(IMAGE_TAG) \
+                           -t $(IMAGE_TAG)-minimal \
+                           $(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag) -t $(tag)-minimal) \
+                           $(IMAGE_BUILD_EXTRA_OPTS) ./
 
 all: image
 
@@ -187,7 +188,7 @@ e2e-test:
 	    -nfd.pull-if-not-present=$(E2E_PULL_IF_NOT_PRESENT) \
 	    -ginkgo.focus="\[kubernetes-sigs\]" \
 	    $(if $(OPENSHIFT),-nfd.openshift,)
-	$(GO_CMD) test -v ./test/e2e/ -args -nfd.repo=$(IMAGE_REPO) -nfd.tag=$(IMAGE_TAG_NAME)-minimal \
+	$(GO_CMD) test -v ./test/e2e/ -args -nfd.repo=$(IMAGE_REPO) -nfd.tag=$(IMAGE_TAG_NAME)-full \
 	    -kubeconfig=$(KUBECONFIG) \
 	    -nfd.e2e-config=$(E2E_TEST_CONFIG) \
 	    -nfd.pull-if-not-present=$(E2E_PULL_IF_NOT_PRESENT) \
@@ -197,7 +198,12 @@ e2e-test:
 push:
 	$(IMAGE_PUSH_CMD) $(IMAGE_TAG)
 	$(IMAGE_PUSH_CMD) $(IMAGE_TAG)-minimal
-	for tag in $(IMAGE_EXTRA_TAGS); do $(IMAGE_PUSH_CMD) $$tag; $(IMAGE_PUSH_CMD) $$tag-minimal; done
+	$(IMAGE_PUSH_CMD) $(IMAGE_TAG)-full
+	for tag in $(IMAGE_EXTRA_TAGS); do \
+	    $(IMAGE_PUSH_CMD) $$tag; \
+	    $(IMAGE_PUSH_CMD) $$tag-minimal; \
+	    $(IMAGE_PUSH_CMD) $$tag-full; \
+	done
 
 push-all: ensure-buildx yamls
 	$(IMAGE_BUILDX_CMD) --push $(IMAGE_BUILD_ARGS) $(IMAGE_BUILD_ARGS_FULL)
@@ -205,7 +211,7 @@ push-all: ensure-buildx yamls
 
 poll-images:
 	set -e; \
-	tags="$(foreach tag,$(IMAGE_TAG_NAME) $(IMAGE_EXTRA_TAG_NAMES),$(tag) $(tag)-minimal)" \
+	tags="$(foreach tag,$(IMAGE_TAG_NAME) $(IMAGE_EXTRA_TAG_NAMES),$(tag) $(tag)-minimal $(tag)-full)" \
 	base_url=`echo $(IMAGE_REPO) | sed -e s'!\([^/]*\)!\1/v2!'`; \
 	for tag in $$tags; do \
 	    image=$(IMAGE_REPO):$$tag \

docs/deployment/image-variants.md

@@ -15,21 +15,24 @@ sort: 1
 
 ---
 
-NFD currently offers two variants of the container image. The "full" variant is
+NFD currently offers two variants of the container image. The "minimal" variant is
 currently deployed by default. Released container images are available for
 x86_64 and Arm64 architectures.
 
-## Full
-
-This image is based on [debian:bullseye-slim](https://hub.docker.com/_/debian)
-and contains a full Linux system for running shell-based nfd-worker hooks and
-doing live debugging and diagnosis of the NFD images.
-
 ## Minimal
 
 This is a minimal image based on
 [gcr.io/distroless/base](https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md)
 and only supports running statically linked binaries.
 
-The container image tag has suffix `-minimal`
-(e.g. `{{ site.container_image }}-minimal`)
+For backwards compatibility a container image tag with suffix `-minimal`
+(e.g. `{{ site.container_image }}-minimal`) is provided.
+
+## Full
+
+This image is based on [debian:bullseye-slim](https://hub.docker.com/_/debian)
+and contains a full Linux system for running shell-based nfd-worker hooks and
+doing live debugging and diagnosis of the NFD images.
+
+The container image tag has suffix `-full`
+(e.g. `{{ site.container_image }}-full`).

docs/reference/worker-configuration-reference.md

@@ -336,6 +336,11 @@ Hooks are DEPRECATED since v0.12.0 release and support will be removed in a
 future release. Use
 [feature files](../usage//customization-guide.md#feature-files) instead.
 
+Note: The default NFD container image only supports statically linked binaries.
+Use the [full](../deployment/image-variants.md#full) image variant for a
+slightly more extensive environment that additionally supports bash and perl
+runtimes.
+
 Related tracking issues:
 
 1. Config option to disable hooks [#859](https://github.com/kubernetes-sigs/node-feature-discovery/issues/859).

docs/usage/customization-guide.md

@@ -257,9 +257,8 @@ on the nfd-master command line.
 **DEPRECATED** The `local` source executes hooks found in
 `/etc/kubernetes/node-feature-discovery/source.d/`. The hook files must be
 executable and they are supposed to print all discovered features in `stdout`.
-With ELF binaries static linking is recommended as the selection of system
-libraries available in the NFD release image is very limited. Other runtimes
-currently supported by the NFD image are bash and perl.
+Since NFD v0.13 the default container image only supports statically linked ELF
+binaries.
 
 `stderr` output of hooks is propagated to NFD log so it can be used for
 debugging and logging.
@@ -284,8 +283,9 @@ sources:
 directory. It is the user's responsibility to review the hooks for e.g.
 possible security implications.
 
-**NOTE:** The [minimal](../deployment/image-variants.md#minimal) image
-variant only supports running statically linked binaries.
+**NOTE:** The [full](../deployment/image-variants.md#full) image variant
+provides backwards-compatibility with older NFD versions by including a more
+expanded environment, supporting bash and perl runtimes.
 
 ### Feature files