[GitHub] [pulsar] hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more maybe 2 videos from a third party for this topic would help... Which Base Container Images Should We Use? Why Debian, Ubuntu etc is a terrible choice... https://www.youtube.com/watch?v=82ZCJw9poxM How to Debug Kubernetes Applications With Ephemeral Containers (the right way) https://www.youtube.com/watch?v=qKb6loAEPV0 GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-6531007 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more sure you are right about false positives! ..but even if the absolute numbers are lower e.g. with a new release of pulsar and an included distro, the mechanism keeps always alive: the more code within a package, the more chances for vulnerabilities. And if the absolute number is low on release day, it will always be higher next week... GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5851978 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more thanks for positive feedback and adding hints for possibilities and classification! -> clicking the up vote button may help to gain further visibility for this topic :-) GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5846869 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more hmm maybe distroless is not the only suitable approach to pay-in on goals named above for distroless coming from related https://github.com/apache/pulsar/discussions/20095#discussioncomment-5836331 Example from the other side: Kafka broker (and Zookeeper) compiled to native using Quarkus and GraalVM https://github.com/ozangunalp/kafka-native GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5836467 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more for example regarding security, see sources of vulnerabilities in pulsars helm chart. Even an update to latest version of everything would not solve the main problem, that included distros always add a huge part of vulnerabilities => **included distros simply add more code, with more chances for vulnerabilities to be introduced.** ![2023-05-08_10h27_11](https://user-images.githubusercontent.com/5681880/236776051-4bc5b625-313d-4794-a745-396ec6acffc2.png) see https://artifacthub.io/packages/helm/apache/pulsar?modal=security-report=vulnerabilities GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5835696 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more as @michaeljmarshall already said `Note that using a distroless base image is not a viable option for pulsar 2.x because we use shell scripts to configure each component before executing the java command and changing that configuration paradigm would be a breaking change.` https://github.com/apache/pulsar/issues/11269#issuecomment-896325282 => maybe it's a high value long term topic for Pulsar 4.0 GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5835523 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org