[pjmlp]

In the kind of corporate environments I work on, you won't be doing any SSH into the production containers.

Nothing that a classical UNIX admin would expect is installed on those images.

[mk89]

... we had to wait for k8s 1.25 to get ephemeral containers to get some tools ... (https://kubernetes.io/docs/tasks/debug/debug-application/deb...)

[Tainnor]

Those kind of corporate environments would also never use a technology like MirageOS that very few people know how to use.

[pjmlp]

In those kind of corporate environments liability is a concern, and something like MirageOS would be quite appealing.

These are the same kind of environments where CI/CD can only fetch from internal repos, where stuff only gets installed after IT and legal had a say on it.

[insanitybit]

Sure they would. I've be interested in Mirage and I don't believe that developers should have SSH access to systems.

I could see the value in a debug port or something, though. But giving full remote code execution is total overkill.

[isilofi]

Yes. Welcome to the hell of "No debugging, no fixing anything. Call vendor support and hope for the best"

[pjmlp]

It is more like, what isn't there can't be used for CVEs.