Vanilla containers typically include the kitchen sink, with artifacts often including enormous amounts of code that aren’t needed to run the container in production. That wastes resources and fattens the attack surface. For example, a Python container pulled from Docker Hub is about 30 times the size as the equivalent kontainer built from the same source code.
- Include only the necessary functionality
- Smaller attack surface
- Smaller blast radius
- Reduced image size