+1, the change to Ubuntu (hopefully) also reduces the ripple effect for downstream customizers of the image.
On Thu, Sep 1, 2022 at 10:00 AM Chesnay Schepler <ches...@apache.org> wrote: > Unless anyone objects I will announce the switch on Monday via the > mailing lists / twitter and execute it on Wednesday. > > On 01/09/2022 14:27, Chesnay Schepler wrote: > > The e2e tests have passed successfully for the updated > > 1.14/1.15/master images. > > > > On 01/09/2022 11:05, Chesnay Schepler wrote: > >> Thanks Xingbo. Should've known that the Flink side relies on the > >> distro name, sorry for the inconvenience. > >> > >> On 01/09/2022 06:55, Xingbo Huang wrote: > >>> Thanks Chesnay for driving this. I found a problem with image name > >>> change[1] and I have created a PR[2] to fix it. > >>> > >>> Best, > >>> Xingbo > >>> > >>> [1] https://issues.apache.org/jira/browse/FLINK-29161 > >>> [2] https://github.com/apache/flink/pull/20726 > >>> > >>> Chesnay Schepler <ches...@apache.org> 于2022年8月31日周三 17:15写道: > >>> > >>>> I will optimistically merge the PRs that make the switch so we can > >>>> gather some e2e testing data. > >>>> > >>>> On 30/08/2022 14:51, Chesnay Schepler wrote: > >>>>> yes, alpine would have similar issues as CentOS. As for usability, > >>>>> from personal experience it has always been a bit of a drag to extend > >>>>> or use manually because it is such a minimal image. > >>>>> > >>>>> On 30/08/2022 14:45, Matthias Pohl wrote: > >>>>>> Thanks for bringing this up, Chesnay. Can you elaborate a bit > >>>>>> more on > >>>>>> what > >>>>>> you mean when referring to Alpine as being "not as user-friendly"? > >>>>>> Doesn't > >>>>>> it come with the same issue that switching to CentOS comes with > >>>>>> that we > >>>>>> have to update our scripts (I'm thinking of apt in particular)? > >>>>>> Or what > >>>>>> else did you have in mind in terms of user-friendliness? I would > >>>>>> imagine > >>>>>> selecting the required packages would be a bit more tedious. > >>>>>> > >>>>>> I'm wondering whether we considered the security aspect. A more > >>>>>> minimal > >>>>>> Alpine base image might reduce the risk of running into CVEs. But > >>>>>> then; > >>>>>> it's also the question how fast those CVEs are actually fixed on > >>>>>> average > >>>>>> (now comparing Ubuntu and Alpine for instance). Or is this even a > >>>>>> concern > >>>>>> for us? > >>>>>> > >>>>>> I didn't find any clear answers around that topic with a quick > >>>>>> Google > >>>>>> search. [1] was kind of interesting to read. > >>>>>> > >>>>>> Anyway, I definitely see the benefits of just switching to Ubuntu > >>>>>> due to > >>>>>> the fact that it also relies on Debian's package management > >>>>>> (reducing > >>>>>> the > >>>>>> migration effort) and that we're using it for our CI builds > >>>>>> (consistency). > >>>>>> > >>>>>> +1 for going with Ubuntu if security is not a big concern > >>>>>> > >>>>>> Best, > >>>>>> Matthias > >>>>>> > >>>>>> [1] > >>>>>> > >>>> > https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/ > >>>> > >>>>>> > >>>>>> On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler > >>>>>> <ches...@apache.org> > >>>>>> wrote: > >>>>>> > >>>>>>> Hello, > >>>>>>> > >>>>>>> during the release of the 1.15.2 images > >>>>>>> <https://github.com/docker-library/official-images/pull/13065> > >>>>>>> it was > >>>>>>> noted that we use the openjdk:8/11 images, which have been > >>>>>>> deprecated > >>>>>>> <https://github.com/docker-library/openjdk/issues/505> and thus no > >>>>>>> longer receive any updates. > >>>>>>> > >>>>>>> There are a number of alternatives, the most promising being > >>>>>>> Eclipse > >>>>>>> Temurin <https://hub.docker.com/_/eclipse-temurin>, the > >>>>>>> successor of > >>>>>>> AdoptOpenJDK, since it's vendor neutral. > >>>>>>> > >>>>>>> This would imply a switch of distros from Debian to most likely > >>>>>>> Ubuntu > >>>>>>> 22.04 (Alpine isn't as user-friendly, and CentOS is likely > >>>>>>> incompatible > >>>>>>> with existing images using our images as a base). We are also > >>>>>>> running > >>>>>>> our CI on Ubuntu, so I don't expect any issues. > >>>>>>> > >>>>>>> Let me know what you think. > >>>>>>> > >>>>>>> The required changes on our side appear to be minimal; I have > >>>>>>> already > >>>>>>> prepared a PR <https://github.com/apache/flink-docker/pull/130>. > >>>>>>> > >>>> > >> > > > >