pg_featureserv icon indicating copy to clipboard operation
pg_featureserv copied to clipboard
verified publisher icon CrunchyData

Using alpine instead of centos as a base image

Open simonseyock opened this issue 2 years ago • 5 comments

We ran a vulnerabilites scan on the image and detected quite some problems of which many are related to the centos base image.

I tried replacing the base image for alpine and used it in our project, it worked without any problems and reduced the size of the image by 90%.

image

I would suggest switching the base image if there are no bigger concerns about it.

simonseyock avatar Oct 18 '23 11:10 simonseyock

I found this PR, that also used a multistage build which seems not to be necessary: https://github.com/CrunchyData/pg_featureserv/pull/120

The only difference there in the image is the addition of the ca-certificates package. This is probably needed for https support which I did not test.

simonseyock avatar Oct 18 '23 11:10 simonseyock

Is this something which is doable? Either replacing the base image or adding a second alpine image?

I can work on developing the existing PR by @jingsam.

I like the multistage build idea thats included in the PR, I think that is a good approach to make the image building consistent between different build systems.

simonseyock avatar Oct 23 '23 10:10 simonseyock

@dr-jts or @pramsey, I don't want to bother, but do you have any opinions about this?

simonseyock avatar Jan 17 '24 08:01 simonseyock

We have a PR ongoing that will result in a much smaller base image, though still not an alpine base, see #154

pramsey avatar Jan 17 '24 16:01 pramsey

That looks quite promising, thanks!

simonseyock avatar Jan 18 '24 11:01 simonseyock