@@ -28,8 +28,20 @@ FROM k8s.gcr.io/build-image/debian-base:buster-v1.9.0 as debian
2828# Install necessary dependencies
2929# google_nvme_id script depends on the following packages: nvme-cli, xxd, bash
3030RUN clean-install util-linux e2fsprogs mount ca-certificates udev xfsprogs nvme-cli xxd bash
31+
3132# Since we're leveraging apt to pull in dependencies, we use `gcr.io/distroless/base` because it includes glibc.
32- FROM gcr.io/distroless/base-debian11
33+ FROM gcr.io/distroless/base-debian11 as distroless-base
34+
35+ # The distroless amd64 image has a target triplet of x86_64
36+ FROM distroless-base AS distroless-amd64
37+ ENV LIB_DIR_PREFIX x86_64
38+
39+ # The distroless arm64 image has a target triplet of aarch64
40+ FROM distroless-base AS distroless-arm64
41+ ENV LIB_DIR_PREFIX aarch64
42+
43+ FROM distroless-$TARGETARCH
44+
3345# Copy necessary dependencies into distroless base.
3446COPY --from=builder /go/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver/bin/gce-pd-csi-driver /gce-pd-csi-driver
3547COPY --from=debian /etc/mke2fs.conf /etc/mke2fs.conf
@@ -60,21 +72,30 @@ COPY --from=debian /bin/grep /bin/grep
6072COPY --from=debian /bin/sed /bin/sed
6173COPY --from=debian /bin/ln /bin/ln
6274
63- # Copy x86 shared libraries into distroless base.
64- COPY --from=debian /lib/x86_64-linux-gnu/libblkid.so.1 /lib/x86_64-linux-gnu/libblkid.so.1
65- COPY --from=debian /lib/x86_64-linux-gnu/libcom_err.so.2 /lib/x86_64-linux-gnu/libcom_err.so.2
66- COPY --from=debian /lib/x86_64-linux-gnu/libext2fs.so.2 /lib/x86_64-linux-gnu/libext2fs.so.2
67- COPY --from=debian /lib/x86_64-linux-gnu/libe2p.so.2 /lib/x86_64-linux-gnu/libe2p.so.2
68- COPY --from=debian /lib/x86_64-linux-gnu/libmount.so.1 /lib/x86_64-linux-gnu/libmount.so.1
69- COPY --from=debian /lib/x86_64-linux-gnu/libpcre.so.3 /lib/x86_64-linux-gnu/libpcre.so.3
70- COPY --from=debian /lib/x86_64-linux-gnu/libreadline.so.5 /lib/x86_64-linux-gnu/libreadline.so.5
71- COPY --from=debian /lib/x86_64-linux-gnu/libselinux.so.1 /lib/x86_64-linux-gnu/libselinux.so.1
72- COPY --from=debian /lib/x86_64-linux-gnu/libtinfo.so.6 /lib/x86_64-linux-gnu/libtinfo.so.6
73- COPY --from=debian /lib/x86_64-linux-gnu/libuuid.so.1 /lib/x86_64-linux-gnu/libuuid.so.1
74- COPY --from=debian /usr/lib/x86_64-linux-gnu/libattr.so.1 /usr/lib/x86_64-linux-gnu/libattr.so.1
75- COPY --from=debian /usr/lib/x86_64-linux-gnu/libacl.so.1 /usr/lib/x86_64-linux-gnu/libacl.so.1
75+ # Copy shared libraries into distroless base.
76+ COPY --from=debian /lib/${LIB_DIR_PREFIX}-linux-gnu/libblkid.so.1 \
77+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libcom_err.so.2 \
78+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libdevmapper.so.1.02.1 \
79+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libe2p.so.2 \
80+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libext2fs.so.2 \
81+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libgcc_s.so.1 \
82+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libmount.so.1 \
83+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libpcre.so.3 \
84+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libreadline.so.5 \
85+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libselinux.so.1 \
86+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libtinfo.so.6 \
87+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libudev.so.1 \
88+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libuuid.so.1 \
89+ /lib/${LIB_DIR_PREFIX}-linux-gnu/libz.so.1 /lib/${LIB_DIR_PREFIX}-linux-gnu/
90+
91+ COPY --from=debian /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libacl.so.1 \
92+ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libattr.so.1 \
93+ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicudata.so.63 \
94+ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicui18n.so.63 \
95+ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libicuuc.so.63 \
96+ /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/libstdc++.so.6 /usr/lib/${LIB_DIR_PREFIX}-linux-gnu/
7697
7798# Copy NVME support required script and rules into distroless base.
7899COPY deploy/kubernetes/udev/google_nvme_id /lib/udev_containerized/google_nvme_id
79100
80- ENTRYPOINT ["/gce-pd-csi-driver" ]
101+ ENTRYPOINT ["/gce-pd-csi-driver" ]
0 commit comments