Blog

Introducing Sonobuoy v0.50

Vladimir Vivien, Wilson Husin

Mar 18, 2021

In December, we announced that Sonobuoy releases will be decoupled from Kubernetes releases along with plenty of other items on the roadmap. With this release, Sonobuoy continues to make progress and this write up highlights two of its major themes.

New version number

Previously the Sonobuoy version number was coupled with the Kubernetes release number. As part of the march toward version v1.0, we decided to break that incremental versioning scheme and decouple our releases from that of Kubernetes release cadence. To amplify this effort, we have decided to reset our release number scheme going from v0.20 to v0.50 to ensure that there is no perceived relation between a Sonobuoy release and a Kubernetes release. This is because all Sonobuoy binaries will support most Kubernetes releases.

Going distroless

One of the thorny issues that keeps occuring is the constant request for CVE remediations caused by programs bundled in Debian container images, which happens to be the base image for Sonobuoy. This usually happens when a security scan detects a vulnerability from a (likely outdated) component packaged in the operating system.

Today, we are excited to announce that Sonobuoy has gone Distroless! This means the Sonobuoy container image is now built without including any of the operating system items that are traditionally packaged with OS-based container images. As a direct result, this release managed to shed more than 60% of its size going from 99.6 MB, in the previous version, to 32 MB in this release.