From c6e0dd109b99e03c57397ccfacdb1c6e9e6736f8 Mon Sep 17 00:00:00 2001 From: Rajath Agasthya Date: Tue, 19 May 2026 22:07:40 -0500 Subject: [PATCH] Ship static busybox shell in k8s-device-plugin image Flip the base from *-dev* to non-*-dev* distroless and source a static busybox from debian:trixie-slim. The device-plugin entrypoint and any shell-based lifecycle hooks continue to work via /bin/sh and busybox applet symlinks layered into the final image. Part of NVIDIA/cloud-native-team#299. Signed-off-by: Rajath Agasthya --- deployments/container/Dockerfile | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/deployments/container/Dockerfile b/deployments/container/Dockerfile index b92d44541..27c7a444f 100644 --- a/deployments/container/Dockerfile +++ b/deployments/container/Dockerfile @@ -40,11 +40,24 @@ ARG VERSION="N/A" ARG GIT_COMMIT="unknown" RUN make PREFIX=/artifacts cmds -FROM nvcr.io/nvidia/distroless/go:v4.0.5-dev AS application +# Build a static busybox layout: one binary plus applet symlinks (sh, rm, +# ln, sleep, cat, ...) so PATH-resolved commands in init-container wrappers +# and lifecycle hooks keep working on the non-*-dev* distroless base. +FROM debian:trixie-slim AS shell +RUN apt-get update \ + && apt-get install -y --no-install-recommends busybox-static \ + && rm -rf /var/lib/apt/lists/* \ + && mkdir /busybox \ + && cp /bin/busybox /busybox/busybox \ + && /busybox/busybox --install -s /busybox + +FROM nvcr.io/nvidia/distroless/go:v4.0.5 AS application USER 0:0 -SHELL ["/busybox/sh", "-c"] -RUN ln -s /busybox/sh /bin/sh + +COPY --from=shell /busybox /busybox +RUN ["/busybox/ln", "-s", "/busybox/sh", "/bin/sh"] +ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/busybox ENV NVIDIA_DISABLE_REQUIRE="true" ENV NVIDIA_VISIBLE_DEVICES=all