[ENHANCEMENT] Distroless images for optimizely agent.

[yesudeep]

Description

Namaste,

1. Distroless images are small and per our security team's guidance at Google, we're required to use those images for our deployments. To that effect, we're making a feature request to add the ability to build distroless images in addition to images built from scratch and Alpine Linux.

2. We'd appreciate the ability to build using podman.

3. And the ability to deploy built container images to the Google Artifact Registry.

For more information about distroless, please see: https://github.com/GoogleContainerTools/distroless.

Benefits

Low attack surface. High security standards.

Detail

We would like the ability to run:

   make \
     APP_VERSION=$(git rev-parse HEAD) \
     CONTAINERIZER=podman \
     IMAGE_TAG_PREFIX=<GAR-TAG> \
     ci_build_dockerimage_distroless push_image_distroless

Examples

Please see: https://github.com/GoogleContainerTools/distroless

Risks/Downsides

A little more tooling and build complexity.

[yesudeep]

We will be sending a PR for your review shortly.

[yesudeep]

https://github.com/optimizely/agent/pull/419 should fulfill this security feature request.

[mikechu-optimizely]

Hi @yesudeep. Thanks for opening the PR. Let us review this issue and your solution and get back with you short. I've created internal ticket FSSDK-10402