chore(deps): remove unix utils from release image#14741
chore(deps): remove unix utils from release image#14741
Conversation
|
/test ? |
|
@janisz: The following commands are available to trigger required jobs: The following commands are available to trigger optional jobs: Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test all |
|
/test gke-nongroovy-compatibility-tests |
|
Images are ready for the commit at 98c5d9e. To use with deploy scripts, first |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #14741 +/- ##
=======================================
Coverage 49.20% 49.20%
=======================================
Files 2533 2533
Lines 185529 185529
=======================================
+ Hits 91287 91291 +4
+ Misses 87005 87003 -2
+ Partials 7237 7235 -2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
It's another package that we do not need to work but need to maintain e.g. if CVE if there we need to do a release. Eventually we would like to move from ubi-minimal to ubi-micro and drastically reduce number of installed packages. This is the first step. |
This is a noble goal, but I think we need to balance it against the inability to debug production issues. Unfortunately I don't know the frequency of high priority util-linux CVEs nor the frequency of cases where we need to |
|
We don't have |
|
To add to that, I do need certain tools in containers when I use them in some non-standard way or debug them. |
TIL! So we're already covered in terms of fixing CVEs and debugging production, since we don't make any promises about upstream images TTBOMK, and it's already not possible to use the tools in production setups.
With the new knowledge, I think it makes more sense to leave these around, since they can be useful during development. We "just" need to make sure we don't start depending on these. |
How about having a different image for release and development? I'm not a fan of this approach but I'd like to have minimal release image to reduce CVE surface. |
Maybe an |
|
@janisz: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Description
linux-utilswas added when we moved to ubi-minimal as it was required by e2e tests that useskillin main container.This need was removed when test was rewritten in go. So we can remove linux-utils.
Testing
Automated testing
How I validated my change
CI