Creating Distroless Docker Container Images with eLxr

Contents:

• Creating a Distroless Java 17 Container Image
• Creating a Distroless Node.js 18 Container Image

Overview

“Distroless” images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution. By design, they deploy only what is necessary for your application to run and nothing else. This makes them lightweight, reduces to possibilities of CVEs and other possible vulnerabilities, and simplifies overall development.

While distroless images provide advantages due to their size, scope, and system resources, they also have inherent limitations. For example, distroless images do not include a shell. This limits debugging and troubleshooting activities inside the container. To overcome this limitation, you can also run the application in a non-distroless image, or optionally add debugging tools in a separate, non-production, build stage. Once you resolve any issue, you can release the application in a distroless container.

This tutorial includes procedures for creating and running Java and Node.js distroless containers. Building distroless containers requires the following:

• A host environment with Docker and Java 17 or Node.js 18 installed and set up.

• A source application to run. Example “Hello World” applications are included to help get you up and running.

• A multistage Dockerfile with a build and a production stage, which creates the container.

You should have a working knowledge of Docker containers and be familiar with Java or Node.js development and building Java or Node.js applications.

To continue, choose one of the following procedures:

• Creating a Distroless Java 17 Container Image

• Creating a Distroless Node.js 18 Container Image