Use to ko build containers

[naveensrinivasan]

Use ko to build docker images. ko https://github.com/google/ko by default uses distroless images.

Motivation for moving to distroless images.

Rebasing the k8s images to distroless/static can make the images thinner, safer and less vulnerable.
https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/1729-rebase-images-to-distroless/README.md#motivation

The containers are not signed.
The distroless images are signed. https://github.com/GoogleContainerTools/distroless#how-do-i-verify-distroless-images

docker trust inspect --pretty golang:1.16-alpine

No signatures for golang:1.16-alpine


Administrative keys for golang:1.16-alpine

  Repository Key:	fb57d64910e2f7fa4456e938c547398305f26c15c76e9de89f76e4f32e1fd0bc
  Root Key:	c6b86f21ae272f3ae27b8da8a5762df97f09d6d0604ab49dd1d9920c6e25b65b

gokart/Dockerfile

Line 3 in 3865894

FROM golang:1.16-alpine

[isp1r0]

Hey @naveensrinivasan - thanks so much for the suggestion! So far we're been doing our best to minimize our container size by using docker-slim, internally, but I don't believe we ever did that for this one... in either case, good call and thanks for the pointer - we're always open to new techniques and it sounds like there are some additional benefits there, as you describe. We'll dig into this and see how it compares to creating one with docker-slim. Hope you're enjoying your GoKart rides :)