-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: replace the base image UBI-minimal by UBI-micro #6662
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FROM registry.access.redhat.com/ubi8:8.7 | ||
FROM registry.access.redhat.com/ubi8/ubi-micro:8.9 | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. does ubi-micro include the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe we should not migrate scorecard to UBI-Micro. It is not that important as it does not end up as a base image of the end product operator. |
||
## Create a new non-root user to run as | ||
ENV HOME=/opt/scorecard-untar \ | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you elaborate on why this was removed?
I believe that Go is required to be present in the final image due to the go plugin running things like
go mod tidy
at the end of scaffolding of files. Without Go being present in the final image, using this image will fail to scaffold Go based operator projects.I believe that the ubi micro images don't include a package manager so we might be able to
COPY --from=builder ...
the necessary stuff to have Go "installed" in the final image.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That should be removed from the runtime not the builder image.
go mod tidy
should be run at build time in the builder image. Is that not the case?If I understand you correctly you are saying that the same image is used for build and run time. If that's the case it should get split for introducing UBI-micro. Adding golang, tar would kill the purpose (reducing the attack surface) of the exercise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The
go mod tidy
operation that I am referring to is run as part of the scaffolding logic that gets run when you are creating a new Go based operator project usingoperator-sdk init ...
. Due to this, Go must be installed in the final image.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am probably missing the target. For golang operator there is in kubebuilder:
FROM gcr.io/distroless/static:nonroot
this gets replaced in operator-sdk so that
operator-sdk init
generates (without removing the comment about distroless :-) )FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
This is where I would like to see ubi-micro.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That replacement should only occur in an operator scaffolded with the OpenShift version of the operator-sdk and not the community (operator-framework) version of the operator-sdk.