From 6636210e125208c4699696010fe9b7263e288138 Mon Sep 17 00:00:00 2001
From: Aleksandr Zimin <alexandr.zimin@flant.com>
Date: Fri, 20 Sep 2024 18:25:03 +0300
Subject: [PATCH] fix

Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
---
 images/csi-nfs/werf.inc.yaml | 55 +++++++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/images/csi-nfs/werf.inc.yaml b/images/csi-nfs/werf.inc.yaml
index 718d2a9b..e38b0d7c 100644
--- a/images/csi-nfs/werf.inc.yaml
+++ b/images/csi-nfs/werf.inc.yaml
@@ -35,13 +35,66 @@ shell:
     - chmod +x /nfsplugin
 
 ---
-image: {{ $.ImageName }}
+{{ $csiBinaries := "/bin/mount /bin/umount /sbin/mount.nfs /sbin/mount.nfs4 /sbin/umount.nfs /sbin/umount.nfs4 /bin/tar /bin/gzip /bin/cp" }}
+---
+image: {{ $.ImageName }}-binaries-artifact
 from: {{ $.BASE_ALT_DEV }}
+final: false
+
+shell:
+  install:
+    - /binary_replace.sh -i "{{ $csiBinaries }}" -o /relocate
+
+---
+image: {{ $.ImageName }}-distroless-artifact
+from: {{ $.BASE_ALT_DEV }}
+final: false
+
+shell:
+  install:
+    - mkdir -p /relocate/bin /relocate/sbin /relocate/etc /relocate/etc/ssl /relocate/usr/bin /relocate/usr/sbin /relocate/usr/share
+    - cp -pr /tmp /relocate
+    - cp -pr /etc/passwd /etc/group /etc/hostname /etc/hosts /etc/shadow /etc/protocols /etc/services /etc/nsswitch.conf /relocate/etc
+    - cp -pr /usr/share/ca-certificates /relocate/usr/share
+    - cp -pr /usr/share/zoneinfo /relocate/usr/share
+    - cp -pr etc/ssl/cert.pem /relocate/etc/ssl
+    - cp -pr /etc/ssl/certs /relocate/etc/ssl
+    - echo "deckhouse:x:64535:64535:deckhouse:/:/sbin/nologin" >> /relocate/etc/passwd
+    - echo "deckhouse:x:64535:" >> /relocate/etc/group
+    - echo "deckhouse:!::0:::::" >> /relocate/etc/shadow
+
+---
+image: {{ $.ImageName }}-distroless
+from: {{ $.BASE_SCRATCH }}
+final: false
+
+import:
+  - image: {{ $.ImageName }}-distroless-artifact
+    add: /relocate
+    to: /
+    before: setup
+
+---
+image: {{ $.ImageName }}
+fromImage: {{ $.ImageName }}-distroless
 
 import:
   - image: {{ $.ImageName }}-golang-artifact
     add: /nfsplugin
     to: /nfsplugin
     before: setup
+  - image: {{ $.ImageName }}-binaries-artifact
+    add: /relocate
+    to: /
+    before: install
+    includePaths:
+      - '**/*'
+  - image: {{ $.ImageName }}-binaries-artifact
+    add: /lib64
+    to: /lib64
+    before: install
+    includePaths:
+      - 'libresolv*'
+      - 'libnss_dns*'
 docker:
   ENTRYPOINT: ["/nfsplugin"]