Open howardjohn opened 1 year ago
Actually a lower effort middle ground may just be to add the packages to https://github.com/GoogleContainerTools/distroless/blob/main/debian_packages.yaml (and maybe similar files, not sure just that one is sufficient). I think that would allow us to just import the repo and use our BUILD
file without forking. Still a bit painful dealing with bazel but not as bad as a fork
Yeah I think someone was interested in moving the necessary items into rules_distroless, I need to followup on that.
Istio currently maintains a small fork to build a custom image that is basically base + iptables.
This is a bit painful, as maintaining a fork is not easy to keep up with and the bazel and .deb fetching experience is rough.
To ease this, it would help to either have:
iptables
image, that has exactly the packages we have and nothing more (I realize this is very demanding/picky, but want to be upfront on what would be required for us to adopt a different image - in particular, there must be no openssl).apko
is pretty trivial: