Use distroless to build Conformance image

In order to avoid noisy / false positive CVE image scanning, Conformance
image is now be built based on Distroless.

Signed-off-by: Wilson Husin <whusin@vmware.com>

cluster/images/conformance/Dockerfile

@@ -14,12 +14,17 @@
 
 ARG BASEIMAGE
 
+FROM gcr.io/k8s-staging-build-image/debian-base:v2.1.3 as base
+
 FROM ${BASEIMAGE}
 
+# This is a dependency for `kubectl diff` tests
+COPY --from=base /usr/bin/diff /usr/local/bin/
+
 COPY ginkgo /usr/local/bin/
 COPY e2e.test /usr/local/bin/
 COPY kubectl /usr/local/bin/
-COPY run_e2e.sh /run_e2e.sh
+COPY gorunner /run_e2e.sh
 COPY gorunner /gorunner
 COPY cluster /kubernetes/cluster
 WORKDIR /usr/local/bin
@@ -32,4 +37,4 @@ ENV E2E_VERBOSITY="4"
 ENV RESULTS_DIR="/tmp/results"
 ENV KUBECONFIG=""
 
-CMD [ "/bin/bash", "-c", "/run_e2e.sh" ]
+CMD [ "/gorunner" ]

cluster/images/conformance/Makefile

@@ -31,7 +31,7 @@ E2E_GO_RUNNER_BIN?=$(shell test -f $(LOCAL_OUTPUT_PATH)/go-runner && echo $(LOCA
 
 CLUSTER_DIR?=$(shell pwd)/../../../cluster/
 
-BASEIMAGE=debian:stable-slim
+BASEIMAGE=gcr.io/distroless/base:nonroot
 TEMP_DIR:=$(shell mktemp -d -t conformanceXXXXXX)
 
 all: build