Harden Docker Container Images

To ease the process of hardening docker images, Istio provides a set of images based on distroless images

Install distroless images

Follow the Installation Steps to setup Istio. Add the option --set tag=1.8.0-distroless to use the distroless images.

$ istioctl install --set tag=1.8.0-distroless

Benefits

Non-essential executables and libraries are no longer part of the images when using the distroless variant.

  • The attack surface is reduced. Include the smallest possible set of vulnerabilities.
  • The images are smaller, which allows faster start-up.

See also the Why should I use distroless images? section in the official distroless README.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!