Description
Namaste,
-
Distroless images are small and per our security team's guidance at Google, we're required to use those images for our deployments. To that effect, we're making a feature request to add the ability to build distroless images
in addition to images built from scratch and Alpine Linux.
-
We'd appreciate the ability to build using podman.
-
And the ability to deploy built container images to the Google Artifact Registry.
For more information about distroless, please see: https://github.com/GoogleContainerTools/distroless.
Benefits
Low attack surface.
High security standards.
Detail
We would like the ability to run:
make \
APP_VERSION=$(git rev-parse HEAD) \
CONTAINERIZER=podman \
IMAGE_TAG_PREFIX=<GAR-TAG> \
ci_build_dockerimage_distroless push_image_distroless
Examples
Please see: https://github.com/GoogleContainerTools/distroless
Risks/Downsides
A little more tooling and build complexity.
Description
Namaste,
Distroless images are small and per our security team's guidance at Google, we're required to use those images for our deployments. To that effect, we're making a feature request to add the ability to build distroless images
in addition to images built from scratch and Alpine Linux.
We'd appreciate the ability to build using podman.
And the ability to deploy built container images to the Google Artifact Registry.
For more information about distroless, please see: https://github.com/GoogleContainerTools/distroless.
Benefits
Low attack surface.
High security standards.
Detail
We would like the ability to run:
Examples
Please see: https://github.com/GoogleContainerTools/distroless
Risks/Downsides
A little more tooling and build complexity.