Skip to content

Rebase hyperkube image on debian-baseΒ #42589

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
Rebase hyperkube image on debian-base#42589
Assignees
ixdy
Labels
lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.sig/releaseCategorizes an issue or PR as relevant to SIG Release.
@timstclair

Description

@timstclair
timstclair
opened on Mar 6, 2017

#41915 adds the debian-base container image, which is intended to provide a standard base platform for Kubernetes images that require external dependencies. Advantages of debian base include:

  • Our team will maintain & update it (until we have automation in place)
  • Smaller footprint: it removes a lot of unecessary files like man pages and i18n packages.
  • Smaller attack surface: removes unnecessary dependencies like the init system and some system tools. In practice, most of these aren't exposed, but it does reduce the noise in CVE scans.

In theory this should be as simple as changing the base image, and changing apt-get to clean-install (e.g. #42090), but we need to verify that there weren't any implicit dependencies that were removed (e.g. bash).

/cc @aaronlevy @ixdy

xref: #40955

Metadata

Assignees

Labels

lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.sig/releaseCategorizes an issue or PR as relevant to SIG Release.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions