New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use distroless image as the base image, run Katib components as a non-root user #1664
Comments
Can you please explain the benefits of using distroless and non-root user in this case? Is it for security issues? |
@gaocegege Thank you for your comment!
Sure, that's one of the benefits. Distroless is a very small image because it does not include shell, etc. I believe that making Katib components smaller is beneficial. Besides, It does not have the image version tag such as alpine(ex. 3.7), we do not need to think about updating the image. |
Gotcha. As you know, there are many users which k8s is 1.14/1.16, I am not sure if it works for them. |
I understood users using K8s <=1.16 can use an older version of Katib in the following discussion.
Although, I think we should discuss the time of change image because distroless image is difficult to debug without the ephemeral debug container feature. |
Yes, I agree. SGTM |
This is just sharing. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
/lifecycle frozen |
/kind discussion
Once the ephemeral debug containers feature is available by default, we might better change the base image from the alpine to the distroless image, run Katib components as a non-root user.
Ref:
The text was updated successfully, but these errors were encountered: