Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENHANCEMENT] Distroless images for optimizely agent. #418

Open
yesudeep opened this issue Jul 9, 2024 · 3 comments · May be fixed by #419
Open

[ENHANCEMENT] Distroless images for optimizely agent. #418

yesudeep opened this issue Jul 9, 2024 · 3 comments · May be fixed by #419
Labels
acknowledged The team has acknowledged the issue enhancement New feature or request

Comments

@yesudeep
Copy link

yesudeep commented Jul 9, 2024
edited
Loading

Description

Namaste,

  1. Distroless images are small and per our security team's guidance at Google, we're required to use those images for our deployments. To that effect, we're making a feature request to add the ability to build distroless images
    in addition to images built from scratch and Alpine Linux.

  2. We'd appreciate the ability to build using podman.

  3. And the ability to deploy built container images to the Google Artifact Registry.

For more information about distroless, please see: https://github.com/GoogleContainerTools/distroless.

Benefits

Low attack surface.
High security standards.

Detail

We would like the ability to run:

   make \
     APP_VERSION=$(git rev-parse HEAD) \
     CONTAINERIZER=podman \
     IMAGE_TAG_PREFIX=<GAR-TAG> \
     ci_build_dockerimage_distroless push_image_distroless

Examples

Please see: https://github.com/GoogleContainerTools/distroless

Risks/Downsides

A little more tooling and build complexity.
@yesudeep yesudeep added the enhancement New feature or request label Jul 9, 2024
@yesudeep
Copy link
Author

yesudeep commented Jul 9, 2024

We will be sending a PR for your review shortly.

@yesudeep yesudeep linked a pull request Jul 9, 2024 that will close this issue
Open
3 tasks
@yesudeep
Copy link
Author

yesudeep commented Jul 9, 2024

#419 should fulfill this security feature request.

@mikechu-optimizely
Copy link
Contributor

mikechu-optimizely commented Jul 10, 2024
edited
Loading

Hi @yesudeep. Thanks for opening the PR. Let us review this issue and your solution and get back with you short. I've created internal ticket FSSDK-10402

@mikechu-optimizely mikechu-optimizely added the acknowledged The team has acknowledged the issue label Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
acknowledged The team has acknowledged the issue enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[FSSDK-10402] feat: add the ability to build distroless images for optimizely yesudeep/agent
2 participants
@yesudeep @mikechu-optimizely