Reduce the number of image we maintain here #1839
Comments
vdemeester
added
kind/question
|
If the cli and hub teams are interested in maintaining their own images, that'd be great. |
|
💯 I ran a grype scan on images we reference in plumbing a few weeks ago and the results were not great 😅 https://gist.github.com/wlynch/117da1f0e102e699ac13bc33d9f5cf40 For simple images upstream SGTM, and https://images.chainguard.dev/ also exists with a bunch of available images that we can use - most If there's interest, I can revive #1735 to build images with apko that would allow us to mix-and-match apk packages as we want - Wolfi packages are maintained by Chainguard, but we can also source from Alpine repositories directly if we need to. |
I wonder if we could reduce the number of images we maintain here to the minimum and rely more on upstream images instead. Few examples:
skopeohas upstream images, and I am not even sure where it is used in our infrastructuretkncould be managed directly ontektoncd/cli, published at release time (and thus, having tagged version aligned with release)hubis very similar to thiskohas an upstream image we could use as well I think (same, it would be tagged per version I think, cc @imjasonh)ko-gcloudis a bit trickierkubectlI am not sure, but it keels like there might be some official or semi-official / maintained image alreadyopenssh-serveris.. a wonder to me, not sure where / how we use that one evenI don't think it has a huge impact on cost (registry side), but, less things to maintain is less work 🙃 .
test-runneris not really concerned as it is the image used byprow, so it has everything in it. If we manage to get out of prow in the future, this image would become deprecated.cc @wlynch @afrittoli @tektoncd/plumbing-maintainers
(Sidenote: we could also migrate the one we can to
apkomaybe ?)The text was updated successfully, but these errors were encountered: