Bret Fisher has updated a comprehensive review of node.js in docker, including node image selection, CI, CD, which docker image to use, etc. I am not a fan of node; but it is very popular so I, and everyone else, need to support it. And since k8s domination is sweeping the fashion trends around the world, we must all bow to our container masters and support these heavy frameworks as well. I disagree with Bret's analysis of security concerns for a container base distro. I firmly believe there is no attack service like no attack surface, so I personally prefer the distroless image maintained by the evil search giant (ESG). Bret's analysis is a point-in-time, so tracking and re-analyzing his choices is still a moving target. In general, one should make a selection based on long-term viability and projected maintenance support of one's components (get on a train and stay on it for a few years). But his analysis is fantastic and worth reading.
1 comment:
\\I firmly believe there is no attack service like no attack surface, so I personally prefer the distroless image
And even better if that is your own virtual machine on bare hardware. ;-)
Well, so far I heard only about few such sytems, as prototypes.
But it looks like very possible and even only possible way to go into the future.
Custom made hardware, with custom made builds, which best possible effectivness for a task at hand.
Post a Comment