starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 04:45:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[PR #275] rebase acme-dns docker image on google distroless #368

New issue
Open
opened 2026-03-13 16:20:07 +03:00 by kerem · 0 comments
kerem commented 2026-03-13 16:20:07 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/acme-dns/acme-dns/pull/275
Author: @slippycheeze
Created: 8/30/2021
Status: 🔄 Open

Base: masterHead: master

📝 Commits (1)

  • 4792ded rebase acme-dns docker image on google distroless

📊 Changes

1 file changed (+17 additions, -12 deletions)

View changed files

📝 Dockerfile (+17 -12)

📄 Description

Improvements over the current Dockerfile are:

It uses the GoogleContainerTools/distroless static image as base,
removing everything from the container including the shell, dynamic
linker, etc.

It builds a fully static acme-dns binary, including static-linking the
CGO components, to be able to run without any dynamic linking, or libc,
on the target system.

It assembles the "release" layout of the application and support
directories on the builder, then copies them wholesale to the
final image.

It only copies the acme-dns binary; it exclused the .git
directory, and all other files, that are shipped in the current image.

It uses a shallow checkout to build, which is appropriate since the
builder is a throw-away image and will be destroyed when the build
process is done.

It uses the latest version of golang 1.*, ensuring that improvements and
security fixes are picked up automatically.

Limitations:

The distroless image doesn't provide anything beyond the bare minimum to run
the static binary – notably, no /bin/sh is present.

If this is a concern the best strategy would be to add a second image,
deploying FROM gcr.io/distroless/static:debug which provides busybod as
/bin/sh and the rest of the standard utilities.

I have not implemented this solution at this time.

Background:

The Google distroless images provide a base for running software containers
with the absolute bare minimum of files. For more details see
https://github.com/GoogleContainerTools/distroless

This bases the acme-dns docker image off the distroless "static" image,
gcr.io/distroless/static, which is suitable for running fully static
application in languages like go – it has no dynamic linker.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/acme-dns/acme-dns/pull/275 **Author:** [@slippycheeze](https://github.com/slippycheeze) **Created:** 8/30/2021 **Status:** 🔄 Open **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`4792ded`](https://github.com/acme-dns/acme-dns/commit/4792dedcbeb8f0eda5f1816d130d11ed20d2916c) rebase acme-dns docker image on google distroless ### 📊 Changes **1 file changed** (+17 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `Dockerfile` (+17 -12) </details> ### 📄 Description Improvements over the current Dockerfile are: It uses the GoogleContainerTools/distroless static image as base, removing everything from the container including the shell, dynamic linker, etc. It builds a fully static acme-dns binary, including static-linking the CGO components, to be able to run without any dynamic linking, or libc, on the target system. It assembles the "release" layout of the application and support directories on the builder, then copies them wholesale to the final image. It *only* copies the `acme-dns` binary; it exclused the `.git` directory, and all other files, that are shipped in the current image. It uses a shallow checkout to build, which is appropriate since the builder is a throw-away image and will be destroyed when the build process is done. It uses the latest version of golang 1.*, ensuring that improvements and security fixes are picked up automatically. Limitations: The distroless image doesn't provide anything beyond the bare minimum to run the static binary – notably, no `/bin/sh` is present. If this is a concern the best strategy would be to add a second image, deploying `FROM gcr.io/distroless/static:debug` which provides busybod as `/bin/sh` and the rest of the standard utilities. I have not implemented this solution at this time. Background: The Google distroless images provide a base for running software containers with the absolute bare minimum of files. For more details see https://github.com/GoogleContainerTools/distroless This bases the acme-dns docker image off the distroless "static" image, `gcr.io/distroless/static`, which is suitable for running fully static application in languages like go – it has no dynamic linker. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#368
No description provided.