Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update minio chart to use chainguard latest-dev images #31

Closed
wants to merge 1 commit into from
Closed

chore: update minio chart to use chainguard latest-dev images #31

wants to merge 1 commit into from

Conversation

zachariahmiller
Copy link
Contributor

Description

update minio chart to use chainguard latest-dev images for minio.
...

Related Issue

Fixes #

Relates to #

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@zachariahmiller zachariahmiller linked an issue Dec 13, 2023 that may be closed by this pull request
Update the minio dev-stack package to use chainguard images #28
Open
jeff-mccoy
jeff-mccoy reviewed Dec 19, 2023
View reviewed changes
Copy link
Member

@jeff-mccoy jeff-mccoy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you clarify why we are doing this really ugly script? Is this a chainguard ism?

@mjnagel
Copy link
Contributor

mjnagel commented Dec 19, 2023
edited
Loading

@jeff-mccoy Zach can probably confirm but if I'm remembering right its a copy from the upstream image to get to parity for the chainguard image. Upstream minio provides that script (see here and the script here), but the chainguard image doesn't have it. So running the chainguard image with the upstream chart doesn't work out of the box, because it expects that entrypoint.

@zachariahmiller
Copy link
Contributor Author

The community helm chart doesn't let us override the container entrypoint and on it expects the script in the container. For minio itself this required doing the ugly script volume mount and using the latest-dev chainguard image. For minio-client, it was just using sh so it only required the latest-dev image. These were still much smaller than the upstream but not as small as the images without a shell.

FWIW this would have been possible to avoid and just use the latest chainguard images if we were using the minio operator to deploy minio as that chart is more flexible, but would have been a bigger lift and would have some additional overhead in-cluster.

@mjnagel
Copy link
Contributor

mjnagel commented Mar 26, 2024
edited
Loading

@zachariahmiller thoughts on closing this (and the related issue)? I'm not sure the pain here is worth the benefits of the change (although I'd love the slimmer images and less cve surface area). Maybe can re-evaluate if we have a diff image solution or build our own slimmer image here for minio itself 🙃

Edit: for what its worth, looks like the upstream image has slimmed down by about half since the original issue:

❯ docker images | grep minio
quay.io/minio/minio                                                     latest                  19980ec05da4   3 days ago      153MB

@zachariahmiller
Copy link
Contributor Author

Yeah totally

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeff-mccoy jeff-mccoy jeff-mccoy left review comments

@mikevanhemert mikevanhemert mikevanhemert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update the minio dev-stack package to use chainguard images
4 participants
@zachariahmiller @mjnagel @jeff-mccoy @mikevanhemert