I will optimistically merge the PRs that make the switch so we can
gather some e2e testing data.
On 30/08/2022 14:51, Chesnay Schepler wrote:
yes, alpine would have similar issues as CentOS. As for usability,
from personal experience it has always been a bit of a drag to extend
or use manually because it is such a minimal image.
On 30/08/2022 14:45, Matthias Pohl wrote:
Thanks for bringing this up, Chesnay. Can you elaborate a bit more on
what
you mean when referring to Alpine as being "not as user-friendly"?
Doesn't
it come with the same issue that switching to CentOS comes with that we
have to update our scripts (I'm thinking of apt in particular)? Or what
else did you have in mind in terms of user-friendliness? I would imagine
selecting the required packages would be a bit more tedious.
I'm wondering whether we considered the security aspect. A more minimal
Alpine base image might reduce the risk of running into CVEs. But then;
it's also the question how fast those CVEs are actually fixed on average
(now comparing Ubuntu and Alpine for instance). Or is this even a
concern
for us?
I didn't find any clear answers around that topic with a quick Google
search. [1] was kind of interesting to read.
Anyway, I definitely see the benefits of just switching to Ubuntu due to
the fact that it also relies on Debian's package management (reducing
the
migration effort) and that we're using it for our CI builds
(consistency).
+1 for going with Ubuntu if security is not a big concern
Best,
Matthias
[1]
https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/
On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler <ches...@apache.org>
wrote:
Hello,
during the release of the 1.15.2 images
<https://github.com/docker-library/official-images/pull/13065> it was
noted that we use the openjdk:8/11 images, which have been deprecated
<https://github.com/docker-library/openjdk/issues/505> and thus no
longer receive any updates.
There are a number of alternatives, the most promising being Eclipse
Temurin <https://hub.docker.com/_/eclipse-temurin>, the successor of
AdoptOpenJDK, since it's vendor neutral.
This would imply a switch of distros from Debian to most likely Ubuntu
22.04 (Alpine isn't as user-friendly, and CentOS is likely incompatible
with existing images using our images as a base). We are also running
our CI on Ubuntu, so I don't expect any issues.
Let me know what you think.
The required changes on our side appear to be minimal; I have already
prepared a PR <https://github.com/apache/flink-docker/pull/130>.
