[ENHANCE] Reduce footprint of UBI image #716
Labels
kind/enhancement
New feature or request
Comments
|
@karl-johan-grahn Could please review the PR and merge if accepted? |
|
@karl-johan-grahn @SheryarButt Can you please cut a new release? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently the UBI based image is based off ubi-minimal which is has >100 packages most of which are not needed. This creates vulnerability churn and an increased attack surface
Describe the solution you'd like
Created an image directory in the first stage of the build that contains the minimum set of files to run a non-statically compiled Go app and be scannable by image vulnerability scanners. An RPM database is then created just for the packages in the image dir both this and the libs are then copied to the final base image.
Describe alternatives you've considered
Another option could have been to use UBI micro but this has more packages than this solution and also doesn't have a package manager which makes getting package updates more complicated when the CI is not running on RHEL.
Additional context
We have an internal requirement for compliance to use UBI based packages in the image which is why simply can't use the distroless image already provided
The text was updated successfully, but these errors were encountered: