search

kubernetes / autoscaler

Autoscaling components for Kubernetes
Apache License 2.0
8.04k stars 3.96k forks source link

Upgrade Autoscaler Components to use Debian 12 Distroless #6832

Open jhawkins1 opened 5 months ago

jhawkins1 commented 5 months ago

Which component are you using?: Cluster Autoscaler and VPA

Is your feature request designed to solve a problem? If so describe the problem this feature should solve.:

Since Debian 12 Distroless is available, as well as, the latest releases of Kubernetes and many of the Kubernetes related projects have moved to Debian 12, we would request that Autoscaler Components move to Debian 12 Distroless. The other benefit of moving to Debian 12 is there is a population of current and future Operating System Vulnerabilities (CVEs) that Debian is not addressing in Debian 11 but only Debian 12.

Alignment of OS to other Kubernetes related Projects. Reduces fan-out of multiple OSes or different versions of OSes across components. Potential benefits as to being able to obtain OS patches for vulnerabilities where Debian has decided only to fix in latest LTS release.

Describe the solution you'd like.: Upgrade Autoscaler components to use Debian 12 Distroless.

Describe any alternative solutions you've considered.: n/a

Additional context.: n/a

kady1711 commented 4 months ago

Following up on the feature request for upgrading the Autoscaler components, specifically Cluster Autoscaler and VPA, to Debian 12 Distroless. This upgrade is crucial for ensuring these components align with the broader Kubernetes ecosystem, which has largely transitioned to Debian 12. The primary motivation for this request is the enhanced security posture Debian 12 offers, particularly regarding the handling of operating system vulnerabilities (CVEs) that are not being addressed in Debian 11.

The benefits of this migration include improved alignment with Kubernetes-related projects, reduced complexity in managing multiple OS versions, and enhanced security through access to OS patches for vulnerabilities addressed exclusively in the latest LTS release.

Could you please provide an update on the status of this request? Specifically, it would be helpful to know if there is a targeted release date or version number by which this upgrade is expected to be completed.

adrianmoisey commented 3 months ago

/area cluster-autoscaler /area vertical-pod-autoscaler

adrianmoisey commented 4 weeks ago

/remove-area vertical-pod-autoscaler