New base image #187
New base image #187
Conversation
|
What is the size of the new image compared to the CentOS based one? Can you run a security scan and compare it against the CentOS one? |
|
I have done that. The size is 823MB compared to 888MB with CentOS. About vulnerabilities with ubuntu I get with trivy I get 62 vulnerabilities: 36Low and 26Medium, CentOS: 802, LOW: 422, MEDIUM: 378, HIGH: 2 |
docker-vertica/Dockerfile
Outdated
| && /usr/sbin/groupadd -r verticadba --gid ${DBADMIN_GID} \ | ||
| && /usr/sbin/useradd -r -m -s /bin/bash -g verticadba --uid ${DBADMIN_UID} dbadmin \ | ||
| && /etc/init.d/ssh start \ |
There was a problem hiding this comment.
Why do we start the ssh server here? It won't be running when we start the container.
There was a problem hiding this comment.
Yes it is useless. I had a "Missing privilege separation directory: /run/sshd" and adding this seems to fix that. The true fix was just to create the /run/sshd dir. So Yes I will remove this in my next commit.
docker-vertica/Dockerfile
Outdated
|
|
||
| ADD ./packages/init.d.functions /etc/rc.d/init.d/functions | ||
|
|
||
|
|
||
| # make the "en_US.UTF-8" locale so vertica will be utf-8 enabled by default | ||
| RUN apt-get update && apt-get install -y locales && rm -rf /var/lib/apt/lists/* \ |
There was a problem hiding this comment.
Can we combine this RUN command with the one below? That will save a layer in the docker image.
docker-vertica/Dockerfile
Outdated
|
|
||
| && rm -rf /run/nologin \ | ||
| # Moving this because on Ubuntu crontab files are in /var/spool/cron/crontabs/ | ||
| && mv /var/spool/cron/dbadmin /var/spool/cron/crontabs/ \ |
There was a problem hiding this comment.
We copy dbadmin at line 98. Can we just change the destination directory and remove this line?
docker-vertica/Dockerfile
Outdated
| # Permit ssh connections | ||
| && rm -rf /run/nologin | ||
|
|
||
| && rm -rf /run/nologin \ |
There was a problem hiding this comment.
Does this nologin file exist in ubuntu? I thought was a CentOS/RHEL thing.
There was a problem hiding this comment.
No it does not exit. I forgot to remove it.
|
Also, we should have a changie for this to indicate we changed the OS that the container runs in. |
|
Can you add ubuntu to the tests/external-images-build.txt file? |
This PR replace the base image of the vertica-k8s. It was CentOS 7 before and now it uses a recent ubuntu image. Some changes have been made mainly in the Dockerfile to have a valid and lighter image.