-
Notifications
You must be signed in to change notification settings - Fork 349
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scratch image as base image of Skipper docker image #2951
Comments
Are you looking for these configurations in a docker image ?? Dockerfile
|
@Ritish134 yes |
Could you please guide what next steps to perform to solve this issue ... |
@Ritish134 either you do it or someone else will do it or we decide it's a nice idea but we won't have time. |
This issue can be dangerous to do, because it can break all kind of readinessProbes or livenessProbes. I added label "architectural" and "breaking change" because it seems to be very dangerous change, but looks "simple". |
Is your feature request related to a problem? Please describe.
Today skipper uses alpine 3 as a docker base image for docker images, while alpine 3 is one of most minimal docker images out there, it still comes with some unnecessary things such as busybox which can increase the security risk due to its increased attack surface.
Describe the solution you would like
Being a Go application, skipper can be used as a static binary and packaged as a docker image using scratch as a base and ca-certificates.
as ca-certificates are the only necessary things needs to run skipper (apart from the static builds), this will reduce the attack surface drastically and hence lower risk of any breaches.
Would you like to work on it?
Yes, but no time (likely)
The text was updated successfully, but these errors were encountered: