kolide · hazcod · Nov 13, 2019 · Nov 13, 2019 · Nov 13, 2019 · Nov 13, 2019
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
-FROM alpine
-MAINTAINER Kolide Developers <engineering@kolide.co>
-
-RUN apk --update add ca-certificates
+FROM gcr.io/distroless/base-debian10:nonroot
+LABEL author Kolide Developers <engineering@kolide.co>
+USER nonroot
 
 COPY ./build/binary-bundle/linux/fleet ./build/binary-bundle/linux/fleetctl /usr/bin/
 
-CMD ["fleet", "serve"]
+EXPOSE 8080
+CMD ["/usr/bin/fleet", "serve"]
diff --git a/Makefile b/Makefile
@@ -107,10 +107,10 @@ endif
 build: fleet fleetctl
 
 fleet: .prefix .pre-build .pre-fleet
-	go build -i -o build/${OUTPUT} -ldflags ${KIT_VERSION} ./cmd/fleet
+	go build -i -o build/${OUTPUT} -ldflags ${KIT_VERSION} -ldflags "-w -s -extldflags '-static'" ./cmd/fleet
 
 fleetctl: .prefix .pre-build .pre-fleetctl
-	go build -i -o build/fleetctl -ldflags ${KIT_VERSION} ./cmd/fleetctl
+	go build -i -o build/fleetctl -ldflags ${KIT_VERSION} -ldflags "-w -s -extldflags '-static'" ./cmd/fleetctl
 
 lint-js:
 	yarn run eslint frontend --ext .js,.jsx