Harden Docker Container Images
To ease the process of hardening docker images, Istio provides a set of images based on distroless images
Install distroless images
Follow the Installation Steps to setup Istio.
Add the option
--set tag=1.15.3-distroless to use the distroless images.
$ istioctl install --set tag=1.15.3-distroless
Non-essential executables and libraries are no longer part of the images when using the distroless variant.
- The attack surface is reduced. Include the smallest possible set of vulnerabilities.
- The images are smaller, which allows faster start-up.
See also the Why should I use distroless images? section in the official distroless README.