11-10, 14:35–15:05 (MST), Flex Space
Congrats - you’ve finally deployed a new ultra-secure “distroless” image with no shell, package manager or extraneous utilities. All was great until you hit an issue in prod and now you’ve no idea how to debug it!
Join me for a hands-on demonstration of various ways to troubleshoot these images without sacrificing the security as well as a discussion of the pros and cons of adopting distroless.
Some of the base image types we'll research:
* Google Distroless
* Wolfi
* scratch
Deploying images with minimal filesystem footprints is a known best practice to reduce CVE counts and limit the impact of an exploit or breach. Too many developers choose not to use the most minimal images because they feel the need to have tools to troubleshoot with.
Several open source utilities are available to alleviate the need for such tooling from shipping with our images. This session will teach developers and SREs about such tools and the mechanics of how they can be used in various deployment environments.
Eric is a 30+ year enterprise software developer, architect, and consultant with a focus on CI/CD, DevOps, and container-based solutions over the last decade. He is a Docker Captain, is certified in Kubernetes (CKA, CKAD, CKS), and has been a Docker user since 2013. As a Staff Solutions Architect at Chainguard, Eric helps teams deploy their applications securely by minimizing container image footprint and CVE counts.