feat(distroless): Provide distroless container image #313
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SISheogorath
force-pushed
the
feature/distroless
branch
from
ab45ec2
to
12d91a9
Compare
This patch introduces a distroless container image, which cuts down the container content to the bare minimum. No shells, no package managers, nothing, just the hedgedoc. These constraints make this setup very robust, but also hard to debug without the right tools, therefore it's not recommended to be used by people who are not completely familiar with containers and low-level debugging tools. Nontheless this image should be very useful in Kubernetes deployments. Further, compared to the alpine container image, it'll further cut down dependencies while staying on glibc, which can prevent some common issues with musllib. The distroless image is based on Google distroless base image for nodejs: https://github.com/GoogleContainerTools/distroless/tree/55d918e07c9341f83519ab1fc6d8fe0197bca13f/nodejs Signed-off-by: Sheogorath <[email protected]>
SISheogorath
force-pushed
the
feature/distroless
branch
from
12d91a9
to
e1e1ed5
Compare
3 tasks
| WORKDIR /hedgedoc | ||
| RUN yarn install --production=false --frozen-lockfile | ||
| RUN yarn run build | ||
| RUN yarn install --production=true --frozen-lockfile |
There was a problem hiding this comment.
This command seems not to prune dev dependencies if called after a non-production install.
|
No, this should explicitly not become a standard image, because none of the |
|
As hedgedoc/hedgedoc#2315 was merged, can this go forward? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch introduces a distroless container image, which cuts down the
container content to the bare minimum. No shells, no package managers,
nothing, just the hedgedoc.
These constraints make this setup very robust, but also hard to debug
without the right tools, therefore it's not recommended to be used by
people who are not completely familiar with containers and low-level
debugging tools.
Nontheless this image should be very useful in Kubernetes deployments.
Further, compared to the alpine container image, it'll further cut down
dependencies while staying on glibc, which can prevent some common
issues with musllib.
The distroless image is based on Google distroless base image for
nodejs:
https://github.com/GoogleContainerTools/distroless/tree/55d918e07c9341f83519ab1fc6d8fe0197bca13f/nodejs
Depends on: hedgedoc/hedgedoc#2315