[PR #274] [CLOSED] rebase acme-dns docker image on google distroless #370

New issue

Closed

opened 2026-03-13 16:20:07 +03:00 by kerem · 0 comments

kerem commented 2026-03-13 16:20:07 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/acme-dns/acme-dns/pull/274
Author: @slippycheeze
Created: 8/30/2021
Status: ❌ Closed

Base: master ← Head: patch-1

---

📝 Commits (2)

• 4e4f9d9 rebase acme-dns docker image on google distroless
• d7488e7 Update Dockerfile

📊 Changes

1 file changed (+17 additions, -12 deletions)

View changed files

📝 Dockerfile (+17 -12)

📄 Description

This rewritten Dockerfile improves the acme-dns image in a number of ways:

It uses the GoogleContainerTools/distroless static image as base, removing
everything from the container including the shell, dynamic linker, etc.

It builds a fully static acme-dns binary, including static-linking the CGO
components, to be able to run without any dynamic linking, or libc, on the
target system.

It assembles the "release" layout of the application and support directories
on the builder, then copies them wholesale to the final image.

It only copies the acme-dns binary; it exclused the .git directory,
and all other files, that are shipped in the current image.

It uses a shallow checkout to build, which is appropriate since the builder
is a throw-away image and will be destroyed when the build process is done.

Limitations:

The distroless image doesn't provide anything beyond the bare minimum to run
the static binary – notably, no /bin/sh is present.

If this is a concern the best strategy would be to add a second image,
deploying FROM gcr.io/distroless/static:debug which provides busybod as
/bin/sh and the rest of the standard utilities.

I have not implemented this solution at this time.

Background:

The Google distroless images provide a base for running software containers
with the absolute bare minimum of files. For more details see
https://github.com/GoogleContainerTools/distroless

This bases the acme-dns docker image off the distroless "static" image,
gcr.io/distroless/static, which is suitable for running fully static
application in languages like go – it has no dynamic linker.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/acme-dns/acme-dns/pull/274 **Author:** [@slippycheeze](https://github.com/slippycheeze) **Created:** 8/30/2021 **Status:** ❌ Closed **Base:** `master` ← **Head:** `patch-1` --- ### 📝 Commits (2) - [`4e4f9d9`](https://github.com/acme-dns/acme-dns/commit/4e4f9d941345848b056771d2f175fe03a6d40f05) rebase acme-dns docker image on google distroless - [`d7488e7`](https://github.com/acme-dns/acme-dns/commit/d7488e737b670337b6be3b0f90b743d65abdbda2) Update Dockerfile ### 📊 Changes **1 file changed** (+17 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `Dockerfile` (+17 -12) </details> ### 📄 Description This rewritten Dockerfile improves the acme-dns image in a number of ways: It uses the GoogleContainerTools/distroless static image as base, removing everything from the container including the shell, dynamic linker, etc. It builds a fully static acme-dns binary, including static-linking the CGO components, to be able to run without any dynamic linking, or libc, on the target system. It assembles the "release" layout of the application and support directories on the builder, then copies them wholesale to the final image. It *only* copies the `acme-dns` binary; it exclused the `.git` directory, and all other files, that are shipped in the current image. It uses a shallow checkout to build, which is appropriate since the builder is a throw-away image and will be destroyed when the build process is done. Limitations: The distroless image doesn't provide anything beyond the bare minimum to run the static binary – notably, no `/bin/sh` is present. If this is a concern the best strategy would be to add a second image, deploying `FROM gcr.io/distroless/static:debug` which provides busybod as `/bin/sh` and the rest of the standard utilities. I have not implemented this solution at this time. Background: The Google distroless images provide a base for running software containers with the absolute bare minimum of files. For more details see https://github.com/GoogleContainerTools/distroless This bases the acme-dns docker image off the distroless "static" image, `gcr.io/distroless/static`, which is suitable for running fully static application in languages like go – it has no dynamic linker. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-13 16:20:07 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix_dockerhub

dockerhub

readme2.0

goreleaser_action

refactoring

linter_update_config

update_deps_122

dependabot/go_modules/github.com/valyala/fasthttp-1.34.0

deps_bump

update_goreleaser

update_golint

deps_update

update_dockerfile

v2.0.2

v2.0.1

v2.0

v1.1

v1.0

v0.8

v0.7.2

v0.7.1

v0.7

v0.6

v0.5

v0.4

v0.3.2

v0.3.1

v0.3

v0.2

v0.1

Labels

Clear labels   

Documentation

  

Documentation

  

bug

  

enhancement

  

feature request

  

feature request

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

security

  

security

  

testing

No labels

Documentation

Documentation

bug

enhancement

feature request

feature request

help wanted

pull-request

question

security

security

testing

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/acme-dns#370

No description provided.