Building a Golden Kubernetes Base Image for Dev Containers on EKS

Learn how to build a secure, standardized Kubernetes base image to use across dev containers in Amazon EKS. Improve productivity, security, and consistency.

Image of Author

Introduction

As platform engineering matures on Amazon EKS, many organizations want to offer developers a standardized, secure, and ready-to-use container image — often called a “golden image.”

This base image can be used by:

• Internal developer containers
• CI/CD pipelines
• Kubernetes jobs and init containers
• Pre-built dev containers for VS Code or GitHub Codespaces

In this blog, you’ll learn:

• ✅ Why golden base images are essential
• ✅ How to build and harden one
• ✅ What tools to include
• ✅ Best practices for managing and maintaining it
• ✅ Real-world examples from platform teams

Why Build a Golden Kubernetes Base Image?

Without a shared base image, each dev team builds their own — leading to:

• Inconsistent runtime environments
• Security drift across teams
• Bloated or vulnerable containers
• Extra time troubleshooting mismatches

A “golden” base image solves this by being:

• Secure — Built with minimal and trusted packages
• Tested — Verified against compliance, CVEs, and CIS Benchmarks
• Preloaded — With common tools like kubectl, helm, awscli
• Versioned — Tagged and maintained through CI/CD

🛠️ How to Build a Golden Base Image

✅ Step 1: Choose a Minimal Base

Start with a secure foundation. Good choices:

• debian:bullseye-slim
• ubuntu:minimal
• amazonlinux:2023
• distroless/base for advanced setups