feat(distroless): Provide distroless container image#313
Open
SISheogorath wants to merge 1 commit intomasterfrom
Open
feat(distroless): Provide distroless container image#313SISheogorath wants to merge 1 commit intomasterfrom
SISheogorath wants to merge 1 commit intomasterfrom
Conversation
SISheogorath
force-pushed
the
feature/distroless
branch
from
ab45ec2 to
12d91a9
Compare
This patch introduces a distroless container image, which cuts down the container content to the bare minimum. No shells, no package managers, nothing, just the hedgedoc. These constraints make this setup very robust, but also hard to debug without the right tools, therefore it's not recommended to be used by people who are not completely familiar with containers and low-level debugging tools. Nontheless this image should be very useful in Kubernetes deployments. Further, compared to the alpine container image, it'll further cut down dependencies while staying on glibc, which can prevent some common issues with musllib. The distroless image is based on Google distroless base image for nodejs: https://github.com/GoogleContainerTools/distroless/tree/55d918e07c9341f83519ab1fc6d8fe0197bca13f/nodejs Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
SISheogorath
force-pushed
the
feature/distroless
branch
from
12d91a9 to
e1e1ed5
Compare
3 tasks
Member
ErikMichelson
left a comment
ErikMichelson
left a comment
There was a problem hiding this comment.
Despite being still a draft I took a look at the new Dockerfile and it seems like a good idea.
Maybe the distroless image could become the new :latest in the future of HD1.
| WORKDIR /hedgedoc | ||
| RUN yarn install --production=false --frozen-lockfile | ||
| RUN yarn run build | ||
| RUN yarn install --production=true --frozen-lockfile |
Member
There was a problem hiding this comment.
This command seems not to prune dev dependencies if called after a non-production install.
Contributor
Author
|
No, this should explicitly not become a standard image, because none of the |
Member
|
As hedgedoc/hedgedoc#2315 was merged, can this go forward? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This patch introduces a distroless container image, which cuts down the
container content to the bare minimum. No shells, no package managers,
nothing, just the hedgedoc.
These constraints make this setup very robust, but also hard to debug
without the right tools, therefore it's not recommended to be used by
people who are not completely familiar with containers and low-level
debugging tools.
Nontheless this image should be very useful in Kubernetes deployments.
Further, compared to the alpine container image, it'll further cut down
dependencies while staying on glibc, which can prevent some common
issues with musllib.
The distroless image is based on Google distroless base image for
nodejs:
https://github.com/GoogleContainerTools/distroless/tree/55d918e07c9341f83519ab1fc6d8fe0197bca13f/nodejs
Depends on: hedgedoc/hedgedoc#2315