use distroless-base-nossl image (#5034)

* use distroless-base-nossl image It includes glibc which allows us to run envoy-proxy inside the container image Fixes: #5033 Signed-off-by: Arko Dasgupta <[email protected]> * add release note Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: Arko Dasgupta <[email protected]>
envoyproxy · Jan 14, 2025 · f6bb7f8 · f6bb7f8
1 parent 58a9b23
commit f6bb7f8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
@@ -39,5 +39,6 @@ deprecations: |
 
 # Other notable changes not covered by the above sections.
 Other changes: |
+  Modified the base container image to gcr.io/distroless/base-nossl:nonroot
   [SecurityPolicy] Modify the JWT Provider Issuer validation constraint
   Add support for Kubernetes 1.32.x in the test matrix, and remove support for Kubernetes 1.28.x.
diff --git a/tools/docker/envoy-gateway/Dockerfile b/tools/docker/envoy-gateway/Dockerfile
@@ -4,7 +4,7 @@ RUN mkdir -p /var/lib/eg
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
+FROM gcr.io/distroless/base-nossl:nonroot@sha256:2a803cc873dc1a69a33087ee10c75755367dd2c259219893504680480ad563f0
 ARG TARGETPLATFORM
 COPY $TARGETPLATFORM/envoy-gateway /usr/local/bin/
 COPY --from=source --chown=65532:65532 /var/lib /var/lib