-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(distroless): Provide distroless container image #313
base: master
Are you sure you want to change the base?
Conversation
ab45ec2
to
12d91a9
Compare
This patch introduces a distroless container image, which cuts down the container content to the bare minimum. No shells, no package managers, nothing, just the hedgedoc. These constraints make this setup very robust, but also hard to debug without the right tools, therefore it's not recommended to be used by people who are not completely familiar with containers and low-level debugging tools. Nontheless this image should be very useful in Kubernetes deployments. Further, compared to the alpine container image, it'll further cut down dependencies while staying on glibc, which can prevent some common issues with musllib. The distroless image is based on Google distroless base image for nodejs: https://github.com/GoogleContainerTools/distroless/tree/55d918e07c9341f83519ab1fc6d8fe0197bca13f/nodejs Signed-off-by: Sheogorath <[email protected]>
12d91a9
to
e1e1ed5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Despite being still a draft I took a look at the new Dockerfile and it seems like a good idea.
Maybe the distroless image could become the new :latest
in the future of HD1.
WORKDIR /hedgedoc | ||
RUN yarn install --production=false --frozen-lockfile | ||
RUN yarn run build | ||
RUN yarn install --production=true --frozen-lockfile |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This command seems not to prune dev dependencies if called after a non-production install.
No, this should explicitly not become a standard image, because none of the |
As hedgedoc/hedgedoc#2315 was merged, can this go forward? |
This patch introduces a distroless container image, which cuts down the
container content to the bare minimum. No shells, no package managers,
nothing, just the hedgedoc.
These constraints make this setup very robust, but also hard to debug
without the right tools, therefore it's not recommended to be used by
people who are not completely familiar with containers and low-level
debugging tools.
Nontheless this image should be very useful in Kubernetes deployments.
Further, compared to the alpine container image, it'll further cut down
dependencies while staying on glibc, which can prevent some common
issues with musllib.
The distroless image is based on Google distroless base image for
nodejs:
https://github.com/GoogleContainerTools/distroless/tree/55d918e07c9341f83519ab1fc6d8fe0197bca13f/nodejs
Depends on: hedgedoc/hedgedoc#2315