[knowhy]

Building from source seems me the only way to get to a reasonable state when it comes to security patching.

However these modern stacks contain a lot of small parts. The article gives the kiwigrid/k8s-sidecar as an example. Also, well shown in the article, it is not as easy as copying some commands to your own Dockerfile. Look at the busybox image using glibc from another debian image.

It's not reasonable in the sense that it is a hell lot of work and would require more time and effort the average devops/sre/whatever (team) has.

It would also go against the promise that Kubernetes would make things easy because you could just do helm install stable/prometheus