New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update image base to gcr.io/distroless/base-debian10:latest
#100566
Conversation
This change: * Updates the base image be based on `buster` (vs. the default `stretch`) * Consumes the fix for [CVE-2021-3449](https://security-tracker.debian.org/tracker/CVE-2021-3449) in GoogleContainerTools/distroless#700
/cc @justaugustus |
/assign |
/retest |
/lgtm /assign @liggitt |
/priority critical-urgent |
I don't object to the change, but for criticality/urgency, do we even build/use this image? |
@liggitt isn't it used in a conformance test? |
I think the one used in conformance is https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/sample-apiserver/artifacts/simple-image/Dockerfile |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dekkagaijin, justaugustus, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks Jordan! |
This change:
buster
(vs. the defaultstretch
)/kind bug