Reduce the attack surface of our container images by auditing and removing non-essential packages (e.g., curl). Transition to minimal base images such as ubi-micro to ensure we’re only bundling what’s strictly required by the application. This minimizes CVE exposure, decreases image size, and reduces maintenance overhead.

For tools removed from the base images, ideally we should provide documentation so customers can use ephemeral or sidecar containers to run these commands as needed.

Acceptance Criteria:

• Audit and strip down container images to the bare minimum required packages.
• Standardize on using micro base images (e.g., ubi-micro).
• (optional) document workflow for customers to use ephemeral containers for any excluded utilities.