distroless runtime images
Could be mixed up with the #25 (closed) (Add Alpine images to project) but the issue is pretty different actually. The distroless images bring two main benefits size and security. As the size is absolutelly neligleble in this case as runtime libraries are huge anyways. But for the security: it decrease the surface of attack significantly.
distroless images
https://github.com/GoogleContainerTools/distroless There are distroless images for the Debian
This image contains a minimal Linux, glibc-based system. It is intended for use directly by "mostly-statically compiled" languages like Go, Rust or D.
Statically compiled applications (Go) that do not require libc can use the gcr.io/distroless/static image, which contains:
ca-certificates
A /etc/passwd entry for a root user
A /tmp directory
tzdata
Most other applications (and Go apps that require libc/cgo) should start with gcr.io/distroless/base, which contains all of the packages in gcr.io/distroless/static, and
glibc
libssl
openssl
The images doesn't contain app managers and shell consoles though. What is correct for runtime images from my point of the view.
Alpine
https://dwdraju.medium.com/distroless-is-for-security-if-not-for-size-6eac789f695f
We shouldn't mix the distroless images with the Alpine. Actually now I am migrating our Alpine 12MB images to the Distroles 16MB images because they are more safer.