insertish
commented
2 months ago Okay, turns this has some unintended consequences.
For whatever reason, the events server tends to use about half of our system resources using the distroless images.
gcr.io/distroless/cc-debian12:nonroot: stupidly high CPU usage; no obvious causedebian:bookworm-slim: CPU usage is nominal; works as intended
argh i screwed up testing, creating a new issue
What happened?
A container should be as small as possible with only the necessary libraries to run, so I would like to warn against using a base image such as debian which has a set of libraries that may be necessary for those who use it but which have security flaws already listed in docker.
https://hub.docker.com/layers/library/debian/bullseye-slim/images/sha256-9af4db29e828a4d08c7819f9e0972e2dbdac575e73c6438630c83bd79f49c8aa?context=repo&tab=vulnerabilities
As these libraries are not used by revolt, I implemented distrolless which has other advantages such as being lighter but the main one is security so I strongly recommend using it follow the link to the PR.
https://github.com/revoltchat/backend/pull/297