You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@yunikorn.apache.org by "Wilfred Spiegelenburg (Jira)" <ji...@apache.org> on 2021/02/02 02:23:00 UTC
[jira] [Commented] (YUNIKORN-485) docker file using go based image
[ https://issues.apache.org/jira/browse/YUNIKORN-485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17276800#comment-17276800 ]
Wilfred Spiegelenburg commented on YUNIKORN-485:
------------------------------------------------
YUNIKORN-448 introduced further dockerfiles used for the tests. These files use \{{golang:1.15.2}} as the image which has 40+ high severity issues. We really should not use them, not even in test.
> docker file using go based image
> --------------------------------
>
> Key: YUNIKORN-485
> URL: https://issues.apache.org/jira/browse/YUNIKORN-485
> Project: Apache YuniKorn
> Issue Type: Bug
> Components: build
> Affects Versions: 0.9
> Reporter: Wilfred Spiegelenburg
> Assignee: Wilfred Spiegelenburg
> Priority: Critical
> Labels: pull-request-available
>
> The current docker file used for building the scheduler image references a go based image.
> deployments/image/configmap/Dockerfile
> {code:java}
> FROM golang:1.12.13-alpine3.10{code}
> We do not need go in that image and we should not be using it. A plain OS image wth the tools added we need is smaller and less prone for security issues
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org