Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Look into using distroless runtime images #101

Open
jonjohnsonjr opened this issue Sep 30, 2019 · 6 comments
Open

Look into using distroless runtime images #101

jonjohnsonjr opened this issue Sep 30, 2019 · 6 comments
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@jonjohnsonjr
Copy link

We currently use random images from dockerhub as the runtime images instead of gcr.io/distroless.

This has some performance benefits due to locality of images when running any of this on GCP.
@simonz130
Copy link

Who is maintaining these images?
Is there a delta between what's found at gcr.io/distroless and docker registry?

@jonjohnsonjr
Copy link
Author

Who is maintaining these images?

We are! (well... our organizational cousins are): https://github.com/GoogleContainerTools/distroless

Is there a delta between what's found at gcr.io/distroless and docker registry?

Yeah, distroless doesn't contain a shell or any random binaries. This results in smaller images and a smaller attack surface for vulnerabilities.

@balopat
Copy link

balopat commented Dec 17, 2019

+1 on this for minimal images - I just tried the python guestbook app from Hungary, the image is 1.1GB and that takes 3.7minutes just to push to eu.gcr.io.

@simonz130 simonz130 added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. and removed enhancement labels Jul 14, 2020
@simonz130 simonz130 added the priority: p2 Moderately-important priority. Fix may not be included in next release. label Jul 14, 2020
@j-windsor j-windsor added priority: p3 Desirable enhancement or fix. May not be included in next release. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Aug 21, 2020
@ace-n
Copy link
Contributor

ace-n commented Aug 17, 2022

N.B: some of our images (everything except Java and Golang) have been moved to Alpine linux for performance reasons.

This might be worth trying for Java and Golang at some point.

@ace-n ace-n mentioned this issue Aug 17, 2022
Closed
@ace-n
Copy link
Contributor

ace-n commented Aug 25, 2022
edited

@jonjohnsonjr distroless Java images don't seem to support ARM, which is required for GKE.

Is that something y'all plan to add? If not, do you mind if I close this issue?

@jonjohnsonjr
Copy link
Author

Java images don't seem to support ARM

The debian11 variants do, e.g. https://explore.ggcr.dev/?image=gcr.io/distroless/java17-debian11:nonroot

See https://github.com/GoogleContainerTools/distroless#docker for current images.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@JustinBeckwith @j-windsor @balopat @ace-n @murog @jonjohnsonjr @simonz130 @yoshi-automation and others