You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@yunikorn.apache.org by "Wilfred Spiegelenburg (Jira)" <ji...@apache.org> on 2021/02/02 02:23:00 UTC

[jira] [Commented] (YUNIKORN-485) docker file using go based image

    [ https://issues.apache.org/jira/browse/YUNIKORN-485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17276800#comment-17276800 ] 

Wilfred Spiegelenburg commented on YUNIKORN-485:
------------------------------------------------

YUNIKORN-448 introduced further dockerfiles used for the tests. These files use \{{golang:1.15.2}} as the image which has 40+ high severity issues. We really should not use them, not even in test.

> docker file using go based image
> --------------------------------
>
>                 Key: YUNIKORN-485
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-485
>             Project: Apache YuniKorn
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.9
>            Reporter: Wilfred Spiegelenburg
>            Assignee: Wilfred Spiegelenburg
>            Priority: Critical
>              Labels: pull-request-available
>
> The current docker file used for building the scheduler image references a go based image.
> deployments/image/configmap/Dockerfile
> {code:java}
> FROM golang:1.12.13-alpine3.10{code}
> We do not need go in that image and we should not be using it. A plain OS image wth the tools added we need is smaller and less prone for security issues



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@yunikorn.apache.org
For additional commands, e-mail: issues-help@yunikorn.apache.org