Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate UBI-micro for Ansible, Helm and SDK base images #6652

Open
fgiloux opened this issue Jan 2, 2024 · 8 comments
Open

Investigate UBI-micro for Ansible, Helm and SDK base images #6652

fgiloux opened this issue Jan 2, 2024 · 8 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Milestone
Backlog

Comments

@fgiloux
Copy link
Contributor

fgiloux commented Jan 2, 2024

Feature Request

Describe the problem you need a feature to resolve.

UBI-micro has a few advantages compared to UBI-minimal

  • smaller attack surface
  • no package manager
  • size

In addition it is not uncommon for image scanners to report vulnerabilities against versions of UBI-minimal. Even if they may be false positives it still creates burden for investigating them and makes acceptance more difficult on user side.

Describe the solution you'd like.

This is a follow up of #5619

Using UBI-micro would help with the points mentioned above.
@varshaprasad96
Copy link
Member

@fgiloux Thanks for raising this issue. We do not have a full picture on what needs to be done to move to ubi-micro. To get started, we would just have to swap the base image, check if the tests pass and proceed with debugging the issues. This is an investigative feature.

It would be helpful if someone from the community could take this up.

@varshaprasad96 varshaprasad96 added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Jan 8, 2024
@varshaprasad96 varshaprasad96 added this to the Backlog milestone Jan 8, 2024
@fgiloux
Copy link
Contributor Author

fgiloux commented Jan 9, 2024
edited
Loading

Hi @varshaprasad96 Thanks for the feedback.
I gave it a try but the repo does not compile currently. It depends on helm, which has a dependency on distribution/distribution, which has a dependency on github.com/mitchellh/osext, which does not exist any more.
I tried to work around it by pointing to a newer version of distribution/distribution but there were other dependency issues and I gave up. There is for instance #6569, which was raised for docker/distribution, which redirects to distribution/distribution

@fgiloux fgiloux mentioned this issue Jan 15, 2024
Closed
@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 12, 2024
@fgiloux
Copy link
Contributor Author

fgiloux commented Apr 13, 2024

/remove-lifecycle stale

@openshift-ci openshift-ci bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 13, 2024
@openshift-bot
Copy link

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 15, 2024
@openshift-bot
Copy link

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

@openshift-ci openshift-ci bot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 14, 2024
@fgiloux
Copy link
Contributor Author

fgiloux commented Aug 20, 2024

/remove-lifecycle stale

@fgiloux
Copy link
Contributor Author

fgiloux commented Aug 20, 2024

/remove-lifecycle rotten

@openshift-ci openshift-ci bot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

chore: replace the base image UBI-minimal by UBI-micro fgiloux/operator-sdk
3 participants
@openshift-bot @fgiloux @varshaprasad96