Alpine is a small image and rose to fame at the time when other alternatives were several hundred megabytes in size. This is no longer true and there are better alternatives.

There are 3 issues with Alpine:

  1. You will get random bugs related to the use of musl libc
  2. Security patches aren’t released frequently enough
  3. There is no CVE database

To expand on point 3 which is what most people argue against here are some facts. There are over 13,000 vulnerabilities reported in 2018. Teams at Redhat, Ubuntu and Debian review every CVE and update their database to state if the vulnerability effects their packages or not. While this is not a perfect system these teams provide an invaluable service to those who want to know and therefore patch their systems.

Alpine has alpine-secdb which is updated by a single person and has around 100 commits. This so woefully inadequate from a security perspective it’s funny. The result of this means that depending on which vulnerability scanner you use on Alpine you’ll get different results. Some will compare directly to the global CVE database and report multiple issues. Some will solely use alpine-secdb and hope that this single person has really reviewed all 13,000+ CVE’s this year alone (which I find to be quite a weird leap of faith).

For these reasons we recommend switching from Alpine to either RHEL, Debian or Ubuntu.

Tell us about a new Kubernetes application

Newsletter

Never miss a thing! Sign up for our newsletter to stay updated.

About

Discover and learn about everything Kubernetes

Navigation