UBI: switch to ubi-minimal image
UBI: switch to ubi-minimal image
Build the UBI and FIPS Cloud Native GitLab containers
on the ubi-minimal container image. Reduces both base
image size and eliminates nuisance items such as
empty files in the base package set that trigger
false positives in security scanner results.
Related https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3400
Related https://gitlab.com/gitlab-org/charts/gitlab/-/issues/1741
Related https://gitlab.com/gitlab-org/charts/gitlab/-/issues/4117
What does this MR do?
Related to reduction of base image, and automatic removal of some items offending security scanners, this tests using ubi-minimal
in place of ubi
as basis for UBI / FIPS images.
Related issues
Related to Investigate using microdnf instead of adding dn... (gitlab-org/charts/gitlab#3400 - closed)
Related to CNG: Use Distroless base image (gitlab-org/charts/gitlab#1741)
Related to Replace UBI with UBI-minimal in GitLab images (gitlab-org/charts/gitlab#4117 - closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated => 530 MB, across compressed layers
Edited by Robert Marshall