Rebase container images from alpine to debian-base. #294
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Hi @yuwenma. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/assign bowei |
|
/assign @rramkumar1 |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
Gentle ping. Can I get a review on this? |
|
/unassign rramkumar1 /assign pavithrar |
|
@yuwenma: GitHub didn't allow me to assign the following users: pavithrar, zihongz. Note that only kubernetes members and repo collaborators can be assigned and that issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
When switching to distroless, will we lose a shell on kube-dns containers? |
yes, we will. |
|
Tried building the new images and bring up a cluster with @prameshj, it seems like the sidecar is having issue coming up: |
@zihong, do you have any insights what this error may come from? I don't know what the |
|
@yuwenma I was under the impression that |
The image works fine if the user is removed from the sidecar Dockerfile. |
|
According to the offline discussion, dns is currently rebased to kube custom debian-base instead of distroless for debugging convenience. |
|
@yuwenma would you mind modifying Dockerfile.node-cache line 15 with the same debian image as well? We need to pick up fixes to CVEs, i was trying to see if we can change all base images in this same PR. |
Done 😃 |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: prameshj, yuwenma The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
MrHohn
changed the title
Updated containers:kube-dns, sidecar
Context:KEP: Rebase k8s images to distroless
Test:
make imagescan create the following imagesstaging-k8s.gcr.io/k8s-dns-sidecar-amd64
staging-k8s.gcr.io/k8s-dns-node-cache-amd64
staging-k8s.gcr.io/k8s-dns-kube-dns-amd64
staging-k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64
staging-k8s.gcr.io/k8s-dns-dnsmasq-amd64
docker run -e <with required flags like service host/port> <Kube-DNS-IMAGE-ID>can successfully upstart a container.