search

sustainable-computing-io / kepler

Kepler (Kubernetes-based Efficient Power Level Exporter) uses eBPF to probe performance counters and other system stats, use ML models to estimate workload energy consumption based on these stats, and exports them as Prometheus metrics
https://sustainable-computing.io
Apache License 2.0
1.19k stars 184 forks source link

feat: move from ubi to ubi-minimal #1825

Closed maichouni-mitek closed 3 weeks ago

maichouni-mitek commented 1 month ago

This PR should close https://github.com/sustainable-computing-io/kepler/issues/1826. Using a smaller base image has several benefits:

A picture is worth a thousand words:

image image image

The vulnerabilities we see above (as of 2024/10/24, in kepler:release-0.7.12) are inherited from the base image. They are in the python namespace, which is not needed at all in the kepler image, and which is why https://github.com/sustainable-computing-io/kepler/pull/1361 cannot get rid of them.

Thank you.

github-actions[bot] commented 1 month ago

🤖 SeineSailor

Here is a concise summary of the pull request changes:

Summary: This pull request updates the build/Dockerfile to reduce the attack surface, storage footprint, and potential vulnerabilities by switching to the ubi9/ubi-minimal:latest base image. Key changes include:

Impact: These changes do not affect the external interface or behavior of the code, and no alterations to function signatures, global data structures, or variables are observed. The updated base image and package management approach should improve the overall security and efficiency of the Docker image.

Observation: The changes are well-contained within the build/Dockerfile and do not introduce any apparent risks or side effects. However, it may be beneficial to verify that the updated image still meets all necessary dependencies and requirements for the project.

maichouni-mitek commented 4 weeks ago

@sthaha , would you please start the GHAs?

rootfs commented 4 weeks ago

@vimalk78 can you take a look? thanks

maichouni-mitek commented 3 weeks ago

@rootfs, @marceloamaral, @sthaha, can you please help with the image test? Thank you very much.

sthaha commented 3 weeks ago

@SamYuan1990 @maichouni-mitek could you please elaborate what you meant by image-test ?

SamYuan1990 commented 3 weeks ago

@SamYuan1990 @maichouni-mitek could you please elaborate what you meant by image-test ?

@rootfs and I once made a CI job https://github.com/sustainable-computing-io/kepler/actions/workflows/image_pr.yml. The job can build an temp image with a specific PR as code base.

As our PR level testing almost running on GHA VM, which is not a BM instance, at meanwhile, this PR has base image change, to ensure the change does not harmful, we can use this PR level CI to build a PR level image and tested on a BM instance if necessary.

Well, unfortunately I don't have a BM instance which able to support to test...as my laptop is mac without GPU, so ....that's the reason I comment it out as PR review result in previous.

vimalk78 commented 3 weeks ago

LGTM.

built images and pushed

quay.io/vimalkum/kepler:v0.7.12-31-gcb7b058a-linux-amd64-dcgm

quay.io/vimalkum/kepler:v0.7.12-31-gcb7b058a-linux-amd64-habana