Dealing with ci / prod image mismatches?

I’ve got some python apps that use circleci for testing on ci and run on kubernetes in prod. Currently, we run debian-based images for both environments – the legacy circleci python image in test and the docker python image in staging/prod.

The new cimg images look superior on ci but are based on ubuntu, which would introduce a mismatch in our environments. Is there a recommended way to deal with this? I’d prefer to avoid maintaining my own base images but from what I can tell none of the other combinations are ideal:

  • cimg in ci, debian in k8s: possibility that issues aren’t detected until staging/prod
  • cimg in ci, ubuntu in k8s: larger prod images compared to slim-buster
  • debian (legacy image) in ci, debian in k8s: worse performing builds, possibility of image deprecation
  • cimg in ci and k8s: unneeded packages included on staging/prod