agent icon indicating copy to clipboard operation
agent copied to clipboard

Published 20 hours ago verified publisher icon optimizely

[ENHANCEMENT] Distroless images for optimizely agent.

Open yesudeep opened this issue 7 months ago • 3 comments

Description

Namaste,

  1. Distroless images are small and per our security team's guidance at Google, we're required to use those images for our deployments. To that effect, we're making a feature request to add the ability to build distroless images in addition to images built from scratch and Alpine Linux.

  2. We'd appreciate the ability to build using podman.

  3. And the ability to deploy built container images to the Google Artifact Registry.

For more information about distroless, please see: https://github.com/GoogleContainerTools/distroless.

Benefits

Low attack surface. High security standards.

Detail

We would like the ability to run:

   make \
     APP_VERSION=$(git rev-parse HEAD) \
     CONTAINERIZER=podman \
     IMAGE_TAG_PREFIX=<GAR-TAG> \
     ci_build_dockerimage_distroless push_image_distroless

Examples

Please see: https://github.com/GoogleContainerTools/distroless

Risks/Downsides

A little more tooling and build complexity.

yesudeep avatar Jul 09 '24 17:07 yesudeep