Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use alpine docker image instead of ubuntu #335

Closed
yanivagman opened this issue Nov 26, 2020 · 0 comments · Fixed by #341
Closed

Use alpine docker image instead of ubuntu #335

yanivagman opened this issue Nov 26, 2020 · 0 comments · Fixed by #341

Comments

@yanivagman
Copy link
Collaborator

yanivagman commented Nov 26, 2020
edited
Loading

Moving to alpine will reduce ~50MB (non compressed) by installing the following packages for "fat" image:

FROM golang:alpine
RUN apk update
RUN apk add clang llvm make gcc libc6-compat coreutils linux-headers musl-dev elfutils-dev libelf-static zlib-static
...

And for "slim" image, will reduce the image size to less than 10MB (non compressed):
FROM alpine
RUN apk update
RUN apk add libc6-compat elfutils-dev
...

Other advantages of moving to alpine:
Faster CI times (as apk update and apk add are much faster than apt parallels),
Smaller attack surface

If we choose to go in this path, we should also statically link tracee as alpine uses musl (standalone tracee binary compiled using alpine will have musl dependency).
Statically linking the code has its own advantages, as it will remove the libc, libelf and zlib dependencies.
Another security advantage if statically linking is that the binary then can't be preloaded
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use alpine image instead of ubuntu yanivagman/tracee
1 participant
@yanivagman