I’ve been reading some of the recent Kubernetes discussions about updating containers for core K8s components to standardize on
distroless as their base image of choice.
That got me curious about Prometheus’ base image. I was surprised to see that it’s based on Busybox, since I’d heard that Busybox was a GPL-licensed project, and Prometheus is Apache licensed and sees widespread commercial use. I see that it’s prometheus’ own “fork” of Busybox, and that the fork declares an Apache license, but… that seems very strange and I wouldn’t think it’s possible to re-license something so trivially as that.
Before digging too much deeper on my own, I was curious to ask here about the history of this base image and understand how this Busybox base image isn’t GPL.
My actual original intent was that I was considering opening a Github issue to discuss changing the base image to
distroless, but I wasn’t expecting to see that the base image is maintained by the prometheus project itself or that it’s got apparent GPL dependencies.
Curious if there’s an interesting story there and how that might interact with whether the Prometheus project would want to talk about changing up the base docker image.