├── .gitignore
├── compose
    └── docker-compose.yml
├── k8s
    └── pod.yml
└── postgres-distroless
    ├── Dockerfile
    ├── builder
        ├── Dockerfile
        └── build.sh
    └── packages.json


/.gitignore:
--------------------------------------------------------------------------------
1 | postgres-distroless/image


--------------------------------------------------------------------------------
/compose/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | services:
 2 |   db:
 3 |     image: laurentgoderre689/postgres-distroless
 4 |     user: postgres
 5 |     volumes:
 6 |       - pgdata:/var/lib/postgresql/data/
 7 |     depends_on:
 8 |       db-init:
 9 |         condition: service_completed_successfully
10 | 
11 |   db-init:
12 |     image: postgres:alpine3.18
13 |     environment:
14 |       POSTGRES_PASSWORD: example
15 |     volumes:
16 |       - pgdata:/var/lib/postgresql/data/
17 |     user: postgres
18 |     command: docker-ensure-initdb.sh
19 | 
20 | volumes:
21 |   pgdata:


--------------------------------------------------------------------------------
/k8s/pod.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: kubecon-postgress-pod
 5 |   labels:
 6 |     app.kubernetes.io/name: KubeConPostgress
 7 | spec:
 8 |   containers:
 9 |   - name: postgress
10 |     image: laurentgoderre689/postgres-distroless
11 |     securityContext:
12 |       runAsUser: 70
13 |       runAsGroup: 70
14 |     volumeMounts:
15 |     - name: db
16 |       mountPath: /var/lib/postgresql/data/
17 |   # initContainers:
18 |   # - name: init-postgress
19 |   #   image: postgres:alpine3.18
20 |   #   env:
21 |   #     - name: POSTGRES_PASSWORD
22 |   #       valueFrom:
23 |   #         secretKeyRef:
24 |   #           name: kubecon-postgress-admin-pwd
25 |   #           key: password
26 |   #   command: ['docker-ensure-initdb.sh']
27 |   #   volumeMounts:
28 |   #   - name: db
29 |   #     mountPath: /var/lib/postgresql/data/
30 |   volumes:
31 |   - name: db
32 |     emptyDir: {}
33 |     


--------------------------------------------------------------------------------
/postgres-distroless/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine as users
 2 | 
 3 | RUN echo 'postgres:x:70:70:Postgres:/var/lib/postgresql:/bin/false' > /passwd \
 4 |     && echo 'postgres:x:70:postgres' > /group
 5 | 
 6 | # -----
 7 | 
 8 | FROM laurentgoderre689/alpine-builder as packages
 9 | 
10 | COPY packages.json /packages.json
11 | 
12 | RUN build /packages.json
13 | 
14 | # -----
15 | 
16 | FROM scratch
17 | 
18 | ENV PGDATA=/var/lib/postgresql/data
19 | ENV PATH=/usr/local/bin/:/usr/bin/:/bin
20 | 
21 | COPY --from=users /passwd /group /etc/
22 | 
23 | COPY --from=packages /build /
24 | 
25 | COPY --from=postgres:16-alpine3.18 /usr/local/bin/ /usr/local/bin/
26 | COPY --from=postgres:16-alpine3.18 /usr/local/lib/ /usr/local/lib/
27 | COPY --from=postgres:16-alpine3.18 /usr/local/share/postgresql/ /usr/local/share/postgresql
28 | COPY --from=postgres:16-alpine3.18 --chown=70:70 --chmod=777 /var/lib/postgresql /var/lib/postgresql
29 | COPY --from=postgres:16-alpine3.18 --chown=70:70 /var/run/postgresql/ /var/run/postgresql/
30 | 
31 | VOLUME /var/lib/postgresql/data
32 | 
33 | STOPSIGNAL SIGINT
34 | 
35 | EXPOSE 5432
36 | CMD ["postgres"]
37 | 


--------------------------------------------------------------------------------
/postgres-distroless/builder/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:3.18
 2 | 
 3 | RUN set -ex; \
 4 |     apk update; \
 5 |     apk add \
 6 |         bash \
 7 |         jq; \
 8 |     mkdir /build;
 9 | 
10 | COPY build.sh /usr/bin/build
11 | 
12 | VOLUME /build


--------------------------------------------------------------------------------
/postgres-distroless/builder/build.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -Eeo pipefail
 3 | 
 4 | currentAlpine="v$(grep '^VERSION' /etc/os-release | grep -o -E '=([0-9]*\.[0-9]*)' | cut -c2-)"
 5 | packages=( $(jq -r 'keys_unsorted[]' $1) )
 6 | sbom="[]"
 7 | 
 8 | for package in "${packages[@]}"; do
 9 |     packageVersion=$(jq -r ".[\"$package\"].version" $1)
10 |     alpineVersion=$(jq -r ".[\"$package\"].alpine | select( . != null )" $1)
11 |     alpineVersion="${alpineVersion:-$currentAlpine}"
12 | 
13 |     if [ -z "$(cat /etc/apk/repositories | grep \/alpine\/$alpineVersion\/)" ]; then
14 |         echo -e "https://dl-cdn.alpinelinux.org/alpine/$alpineVersion/main\nhttps://dl-cdn.alpinelinux.org/alpine/$alpineVersion/community" > /etc/apk/repositories
15 |         apk update > /dev/null
16 |     fi
17 | 
18 |     # Validates version exists
19 |     apk add -s "$package=$packageVersion" > /dev/null
20 | 
21 |     echo "Fetching $package version $packageVersion"
22 |     tar="$(apk fetch "$package" | awk '{print $2}')"
23 | 
24 |     echo "Extracting"
25 |     tar -xf "$tar.apk" -C /build
26 | done
27 | 


--------------------------------------------------------------------------------
/postgres-distroless/packages.json:
--------------------------------------------------------------------------------
  1 | {
  2 |     "ca-certificates-bundle": {
  3 |         "version": "20230506-r0"
  4 |     },
  5 |     "icu-data-full": {
  6 |         "version": "73.2-r2"
  7 |     },
  8 |     "icu-libs": {
  9 |         "version": "73.2-r2"
 10 |     },
 11 |     "keyutils-libs": {
 12 |         "version": "1.6.3-r3"
 13 |     },
 14 |     "krb5-conf": {
 15 |         "version": "1.0-r2"
 16 |     },
 17 |     "krb5-libs": {
 18 |         "version": "1.20.1-r1"
 19 |     },
 20 |     "libc-utils": {
 21 |         "version": "0.7.2-r5"
 22 |     },
 23 |     "libcom_err": {
 24 |         "version": "1.47.0-r2"
 25 |     },
 26 |     "libcrypto3": {
 27 |         "version": "3.1.4-r1"
 28 |     },
 29 |     "libedit": {
 30 |         "version": "20221030.3.1-r1"
 31 |     },
 32 |     "libffi": {
 33 |         "version": "3.4.4-r2"
 34 |     },
 35 |     "libgcc": {
 36 |         "version": "12.2.1_git20220924-r10"
 37 |     },
 38 |     "libgcrypt": {
 39 |         "version": "1.10.2-r1"
 40 |     },
 41 |     "libgpg-error": {
 42 |         "version": "1.47-r1"
 43 |     },
 44 |     "libldap": {
 45 |         "version": "2.6.5-r0"
 46 |     },
 47 |     "libsasl": {
 48 |         "version": "2.1.28-r4"
 49 |     },
 50 |     "libssl3": {
 51 |         "version": "3.1.4-r1"
 52 |     },
 53 |     "libstdc++": {
 54 |         "version": "12.2.1_git20220924-r10"
 55 |     },
 56 |     "libuuid": {
 57 |         "version": "2.38.1-r8"
 58 |     },
 59 |     "libverto": {
 60 |         "version": "0.3.2-r2"
 61 |     },
 62 |     "libxml2": {
 63 |         "version": "2.11.6-r0"
 64 |     },
 65 |     "libxslt": {
 66 |         "version": "1.1.38-r0"
 67 |     },
 68 |     "llvm15-libs": {
 69 |         "version": "15.0.7-r6"
 70 |     },
 71 |     "lz4-libs": {
 72 |         "version": "1.9.4-r4"
 73 |     },
 74 |     "musl": {
 75 |         "version": "1.2.4-r2"
 76 |     },
 77 |     "musl-utils": {
 78 |         "version": "1.2.4-r2"
 79 |     },
 80 |     "scanelf": {
 81 |         "version": "1.3.7-r1"
 82 |     },
 83 |     "ssl_client": {
 84 |         "version": "1.36.1-r5"
 85 |     },
 86 |     "tzdata": {
 87 |         "version": "2023d-r0"
 88 |     },
 89 |     "xz-libs": {
 90 |         "version": "5.4.3-r0"
 91 |     },
 92 |     "zlib": {
 93 |         "version": "1.2.13-r1"
 94 |     },
 95 |     "zstd": {
 96 |         "version": "1.5.5-r4"
 97 |     },
 98 |     "zstd-libs": {
 99 |         "version": "1.5.5-r4"
100 |     }
101 | }


--------------------------------------------------------------------------------