Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes rock base to bare #11

Merged
merged 1 commit into from
Nov 5, 2024
Merged

Changes rock base to bare #11

merged 1 commit into from
Nov 5, 2024

Conversation

claudiubelu
Copy link
Contributor

@claudiubelu claudiubelu commented Oct 25, 2024
edited
Loading

Switching to a bare-based image will reduce the overall image size and reduces attack surface area.

The image is supposed to run a script, thus we need a few packages installed.

ddptool is not statically built, so it still depends on /lib and /lib64, which is why we're adding base-files.

Switch the container user to root. It is supposed to have access to certain host folders through hostPath mounts, and thus, it should be able to modify them (e.g.: create /var/log/sriovdp folder).

We can no longer use ensure_image_contains_paths to check if files exist in the rock images, since they are now bare-based. Instead, we can use ensure_image_contains_paths_bare, which checks the image layers instead. Because of this, we need sufficient permissions to check the /var/lib/docker folder.

@claudiubelu claudiubelu requested a review from a team as a code owner October 25, 2024 08:26
@claudiubelu claudiubelu marked this pull request as draft October 25, 2024 08:26
@claudiubelu claudiubelu marked this pull request as ready for review October 25, 2024 16:20
@claudiubelu claudiubelu marked this pull request as draft October 28, 2024 10:34
@claudiubelu claudiubelu force-pushed the change-base-to-bare branch 2 times, most recently from 33e1b34 to da15c94 Compare October 28, 2024 21:37
@claudiubelu
Changes rock base to bare
569288c 
Switching to a bare-based image will reduce the overall image size
and reduces attack surface area.

The image is supposed to run a script, thus we need a few packages
installed.

ddptool is not statically built, so it still depends on /lib and /lib64,
which is why we're adding base-files.

Switch the container user to root. It is supposed to have access to
certain host folders through hostPath mounts, and thus, it should be
able to modify them (e.g.: create /var/log/sriovdp folder).

We can no longer use ensure_image_contains_paths to check if files exist
in the rock images, since they are now bare-based. Instead, we can use
ensure_image_contains_paths_bare, which checks the image layers instead.
Because of this, we need sufficient permissions to check the
/var/lib/docker folder.
@claudiubelu claudiubelu marked this pull request as ready for review October 28, 2024 22:36
maci3jka
maci3jka approved these changes Nov 1, 2024
View reviewed changes
Copy link
Contributor

@maci3jka maci3jka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@bschimke95 bschimke95 merged commit f460423 into canonical:main Nov 5, 2024
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maci3jka maci3jka maci3jka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@claudiubelu @maci3jka @bschimke95