Open naveensrinivasan opened 2 years ago
Hey @naveensrinivasan - thanks so much for the suggestion! So far we're been doing our best to minimize our container size by using docker-slim, internally, but I don't believe we ever did that for this one... in either case, good call and thanks for the pointer - we're always open to new techniques and it sounds like there are some additional benefits there, as you describe. We'll dig into this and see how it compares to creating one with docker-slim. Hope you're enjoying your GoKart rides :)
Use
ko
to build docker images.ko
https://github.com/google/ko by default uses distroless images.Motivation for moving to distroless images.
The containers are not signed. The distroless images are signed. https://github.com/GoogleContainerTools/distroless#how-do-i-verify-distroless-images
https://github.com/praetorian-inc/gokart/blob/3865894b2632144e3ea90f08ff59d3d3597bbf70/Dockerfile#L3