You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by Xingbo Huang <hx...@gmail.com> on 2022/09/01 04:55:19 UTC
Re: [DISCUSS] Switch docker iamge base to Eclipse Temurin
Thanks Chesnay for driving this. I found a problem with image name
change[1] and I have created a PR[2] to fix it.
Best,
Xingbo
[1] https://issues.apache.org/jira/browse/FLINK-29161
[2] https://github.com/apache/flink/pull/20726
Chesnay Schepler <ch...@apache.org> 于2022年8月31日周三 17:15写道:
> I will optimistically merge the PRs that make the switch so we can
> gather some e2e testing data.
>
> On 30/08/2022 14:51, Chesnay Schepler wrote:
> > yes, alpine would have similar issues as CentOS. As for usability,
> > from personal experience it has always been a bit of a drag to extend
> > or use manually because it is such a minimal image.
> >
> > On 30/08/2022 14:45, Matthias Pohl wrote:
> >> Thanks for bringing this up, Chesnay. Can you elaborate a bit more on
> >> what
> >> you mean when referring to Alpine as being "not as user-friendly"?
> >> Doesn't
> >> it come with the same issue that switching to CentOS comes with that we
> >> have to update our scripts (I'm thinking of apt in particular)? Or what
> >> else did you have in mind in terms of user-friendliness? I would imagine
> >> selecting the required packages would be a bit more tedious.
> >>
> >> I'm wondering whether we considered the security aspect. A more minimal
> >> Alpine base image might reduce the risk of running into CVEs. But then;
> >> it's also the question how fast those CVEs are actually fixed on average
> >> (now comparing Ubuntu and Alpine for instance). Or is this even a
> >> concern
> >> for us?
> >>
> >> I didn't find any clear answers around that topic with a quick Google
> >> search. [1] was kind of interesting to read.
> >>
> >> Anyway, I definitely see the benefits of just switching to Ubuntu due to
> >> the fact that it also relies on Debian's package management (reducing
> >> the
> >> migration effort) and that we're using it for our CI builds
> >> (consistency).
> >>
> >> +1 for going with Ubuntu if security is not a big concern
> >>
> >> Best,
> >> Matthias
> >>
> >> [1]
> >>
> https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/
> >>
> >>
> >> On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler <ch...@apache.org>
> >> wrote:
> >>
> >>> Hello,
> >>>
> >>> during the release of the 1.15.2 images
> >>> <https://github.com/docker-library/official-images/pull/13065> it was
> >>> noted that we use the openjdk:8/11 images, which have been deprecated
> >>> <https://github.com/docker-library/openjdk/issues/505> and thus no
> >>> longer receive any updates.
> >>>
> >>> There are a number of alternatives, the most promising being Eclipse
> >>> Temurin <https://hub.docker.com/_/eclipse-temurin>, the successor of
> >>> AdoptOpenJDK, since it's vendor neutral.
> >>>
> >>> This would imply a switch of distros from Debian to most likely Ubuntu
> >>> 22.04 (Alpine isn't as user-friendly, and CentOS is likely incompatible
> >>> with existing images using our images as a base). We are also running
> >>> our CI on Ubuntu, so I don't expect any issues.
> >>>
> >>> Let me know what you think.
> >>>
> >>> The required changes on our side appear to be minimal; I have already
> >>> prepared a PR <https://github.com/apache/flink-docker/pull/130>.
> >>>
> >
>
>
Re: [DISCUSS] Switch docker iamge base to Eclipse Temurin
Posted by Thomas Weise <th...@apache.org>.
+1, the change to Ubuntu (hopefully) also reduces the ripple effect for
downstream customizers of the image.
On Thu, Sep 1, 2022 at 10:00 AM Chesnay Schepler <ch...@apache.org> wrote:
> Unless anyone objects I will announce the switch on Monday via the
> mailing lists / twitter and execute it on Wednesday.
>
> On 01/09/2022 14:27, Chesnay Schepler wrote:
> > The e2e tests have passed successfully for the updated
> > 1.14/1.15/master images.
> >
> > On 01/09/2022 11:05, Chesnay Schepler wrote:
> >> Thanks Xingbo. Should've known that the Flink side relies on the
> >> distro name, sorry for the inconvenience.
> >>
> >> On 01/09/2022 06:55, Xingbo Huang wrote:
> >>> Thanks Chesnay for driving this. I found a problem with image name
> >>> change[1] and I have created a PR[2] to fix it.
> >>>
> >>> Best,
> >>> Xingbo
> >>>
> >>> [1] https://issues.apache.org/jira/browse/FLINK-29161
> >>> [2] https://github.com/apache/flink/pull/20726
> >>>
> >>> Chesnay Schepler <ch...@apache.org> 于2022年8月31日周三 17:15写道:
> >>>
> >>>> I will optimistically merge the PRs that make the switch so we can
> >>>> gather some e2e testing data.
> >>>>
> >>>> On 30/08/2022 14:51, Chesnay Schepler wrote:
> >>>>> yes, alpine would have similar issues as CentOS. As for usability,
> >>>>> from personal experience it has always been a bit of a drag to extend
> >>>>> or use manually because it is such a minimal image.
> >>>>>
> >>>>> On 30/08/2022 14:45, Matthias Pohl wrote:
> >>>>>> Thanks for bringing this up, Chesnay. Can you elaborate a bit
> >>>>>> more on
> >>>>>> what
> >>>>>> you mean when referring to Alpine as being "not as user-friendly"?
> >>>>>> Doesn't
> >>>>>> it come with the same issue that switching to CentOS comes with
> >>>>>> that we
> >>>>>> have to update our scripts (I'm thinking of apt in particular)?
> >>>>>> Or what
> >>>>>> else did you have in mind in terms of user-friendliness? I would
> >>>>>> imagine
> >>>>>> selecting the required packages would be a bit more tedious.
> >>>>>>
> >>>>>> I'm wondering whether we considered the security aspect. A more
> >>>>>> minimal
> >>>>>> Alpine base image might reduce the risk of running into CVEs. But
> >>>>>> then;
> >>>>>> it's also the question how fast those CVEs are actually fixed on
> >>>>>> average
> >>>>>> (now comparing Ubuntu and Alpine for instance). Or is this even a
> >>>>>> concern
> >>>>>> for us?
> >>>>>>
> >>>>>> I didn't find any clear answers around that topic with a quick
> >>>>>> Google
> >>>>>> search. [1] was kind of interesting to read.
> >>>>>>
> >>>>>> Anyway, I definitely see the benefits of just switching to Ubuntu
> >>>>>> due to
> >>>>>> the fact that it also relies on Debian's package management
> >>>>>> (reducing
> >>>>>> the
> >>>>>> migration effort) and that we're using it for our CI builds
> >>>>>> (consistency).
> >>>>>>
> >>>>>> +1 for going with Ubuntu if security is not a big concern
> >>>>>>
> >>>>>> Best,
> >>>>>> Matthias
> >>>>>>
> >>>>>> [1]
> >>>>>>
> >>>>
> https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/
> >>>>
> >>>>>>
> >>>>>> On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler
> >>>>>> <ch...@apache.org>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> Hello,
> >>>>>>>
> >>>>>>> during the release of the 1.15.2 images
> >>>>>>> <https://github.com/docker-library/official-images/pull/13065>
> >>>>>>> it was
> >>>>>>> noted that we use the openjdk:8/11 images, which have been
> >>>>>>> deprecated
> >>>>>>> <https://github.com/docker-library/openjdk/issues/505> and thus no
> >>>>>>> longer receive any updates.
> >>>>>>>
> >>>>>>> There are a number of alternatives, the most promising being
> >>>>>>> Eclipse
> >>>>>>> Temurin <https://hub.docker.com/_/eclipse-temurin>, the
> >>>>>>> successor of
> >>>>>>> AdoptOpenJDK, since it's vendor neutral.
> >>>>>>>
> >>>>>>> This would imply a switch of distros from Debian to most likely
> >>>>>>> Ubuntu
> >>>>>>> 22.04 (Alpine isn't as user-friendly, and CentOS is likely
> >>>>>>> incompatible
> >>>>>>> with existing images using our images as a base). We are also
> >>>>>>> running
> >>>>>>> our CI on Ubuntu, so I don't expect any issues.
> >>>>>>>
> >>>>>>> Let me know what you think.
> >>>>>>>
> >>>>>>> The required changes on our side appear to be minimal; I have
> >>>>>>> already
> >>>>>>> prepared a PR <https://github.com/apache/flink-docker/pull/130>.
> >>>>>>>
> >>>>
> >>
> >
>
>
Re: [DISCUSS] Switch docker iamge base to Eclipse Temurin
Posted by Chesnay Schepler <ch...@apache.org>.
Unless anyone objects I will announce the switch on Monday via the
mailing lists / twitter and execute it on Wednesday.
On 01/09/2022 14:27, Chesnay Schepler wrote:
> The e2e tests have passed successfully for the updated
> 1.14/1.15/master images.
>
> On 01/09/2022 11:05, Chesnay Schepler wrote:
>> Thanks Xingbo. Should've known that the Flink side relies on the
>> distro name, sorry for the inconvenience.
>>
>> On 01/09/2022 06:55, Xingbo Huang wrote:
>>> Thanks Chesnay for driving this. I found a problem with image name
>>> change[1] and I have created a PR[2] to fix it.
>>>
>>> Best,
>>> Xingbo
>>>
>>> [1] https://issues.apache.org/jira/browse/FLINK-29161
>>> [2] https://github.com/apache/flink/pull/20726
>>>
>>> Chesnay Schepler <ch...@apache.org> 于2022年8月31日周三 17:15写道:
>>>
>>>> I will optimistically merge the PRs that make the switch so we can
>>>> gather some e2e testing data.
>>>>
>>>> On 30/08/2022 14:51, Chesnay Schepler wrote:
>>>>> yes, alpine would have similar issues as CentOS. As for usability,
>>>>> from personal experience it has always been a bit of a drag to extend
>>>>> or use manually because it is such a minimal image.
>>>>>
>>>>> On 30/08/2022 14:45, Matthias Pohl wrote:
>>>>>> Thanks for bringing this up, Chesnay. Can you elaborate a bit
>>>>>> more on
>>>>>> what
>>>>>> you mean when referring to Alpine as being "not as user-friendly"?
>>>>>> Doesn't
>>>>>> it come with the same issue that switching to CentOS comes with
>>>>>> that we
>>>>>> have to update our scripts (I'm thinking of apt in particular)?
>>>>>> Or what
>>>>>> else did you have in mind in terms of user-friendliness? I would
>>>>>> imagine
>>>>>> selecting the required packages would be a bit more tedious.
>>>>>>
>>>>>> I'm wondering whether we considered the security aspect. A more
>>>>>> minimal
>>>>>> Alpine base image might reduce the risk of running into CVEs. But
>>>>>> then;
>>>>>> it's also the question how fast those CVEs are actually fixed on
>>>>>> average
>>>>>> (now comparing Ubuntu and Alpine for instance). Or is this even a
>>>>>> concern
>>>>>> for us?
>>>>>>
>>>>>> I didn't find any clear answers around that topic with a quick
>>>>>> Google
>>>>>> search. [1] was kind of interesting to read.
>>>>>>
>>>>>> Anyway, I definitely see the benefits of just switching to Ubuntu
>>>>>> due to
>>>>>> the fact that it also relies on Debian's package management
>>>>>> (reducing
>>>>>> the
>>>>>> migration effort) and that we're using it for our CI builds
>>>>>> (consistency).
>>>>>>
>>>>>> +1 for going with Ubuntu if security is not a big concern
>>>>>>
>>>>>> Best,
>>>>>> Matthias
>>>>>>
>>>>>> [1]
>>>>>>
>>>> https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/
>>>>
>>>>>>
>>>>>> On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler
>>>>>> <ch...@apache.org>
>>>>>> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> during the release of the 1.15.2 images
>>>>>>> <https://github.com/docker-library/official-images/pull/13065>
>>>>>>> it was
>>>>>>> noted that we use the openjdk:8/11 images, which have been
>>>>>>> deprecated
>>>>>>> <https://github.com/docker-library/openjdk/issues/505> and thus no
>>>>>>> longer receive any updates.
>>>>>>>
>>>>>>> There are a number of alternatives, the most promising being
>>>>>>> Eclipse
>>>>>>> Temurin <https://hub.docker.com/_/eclipse-temurin>, the
>>>>>>> successor of
>>>>>>> AdoptOpenJDK, since it's vendor neutral.
>>>>>>>
>>>>>>> This would imply a switch of distros from Debian to most likely
>>>>>>> Ubuntu
>>>>>>> 22.04 (Alpine isn't as user-friendly, and CentOS is likely
>>>>>>> incompatible
>>>>>>> with existing images using our images as a base). We are also
>>>>>>> running
>>>>>>> our CI on Ubuntu, so I don't expect any issues.
>>>>>>>
>>>>>>> Let me know what you think.
>>>>>>>
>>>>>>> The required changes on our side appear to be minimal; I have
>>>>>>> already
>>>>>>> prepared a PR <https://github.com/apache/flink-docker/pull/130>.
>>>>>>>
>>>>
>>
>
Re: [DISCUSS] Switch docker iamge base to Eclipse Temurin
Posted by Chesnay Schepler <ch...@apache.org>.
The e2e tests have passed successfully for the updated 1.14/1.15/master
images.
On 01/09/2022 11:05, Chesnay Schepler wrote:
> Thanks Xingbo. Should've known that the Flink side relies on the
> distro name, sorry for the inconvenience.
>
> On 01/09/2022 06:55, Xingbo Huang wrote:
>> Thanks Chesnay for driving this. I found a problem with image name
>> change[1] and I have created a PR[2] to fix it.
>>
>> Best,
>> Xingbo
>>
>> [1] https://issues.apache.org/jira/browse/FLINK-29161
>> [2] https://github.com/apache/flink/pull/20726
>>
>> Chesnay Schepler <ch...@apache.org> 于2022年8月31日周三 17:15写道:
>>
>>> I will optimistically merge the PRs that make the switch so we can
>>> gather some e2e testing data.
>>>
>>> On 30/08/2022 14:51, Chesnay Schepler wrote:
>>>> yes, alpine would have similar issues as CentOS. As for usability,
>>>> from personal experience it has always been a bit of a drag to extend
>>>> or use manually because it is such a minimal image.
>>>>
>>>> On 30/08/2022 14:45, Matthias Pohl wrote:
>>>>> Thanks for bringing this up, Chesnay. Can you elaborate a bit more on
>>>>> what
>>>>> you mean when referring to Alpine as being "not as user-friendly"?
>>>>> Doesn't
>>>>> it come with the same issue that switching to CentOS comes with
>>>>> that we
>>>>> have to update our scripts (I'm thinking of apt in particular)? Or
>>>>> what
>>>>> else did you have in mind in terms of user-friendliness? I would
>>>>> imagine
>>>>> selecting the required packages would be a bit more tedious.
>>>>>
>>>>> I'm wondering whether we considered the security aspect. A more
>>>>> minimal
>>>>> Alpine base image might reduce the risk of running into CVEs. But
>>>>> then;
>>>>> it's also the question how fast those CVEs are actually fixed on
>>>>> average
>>>>> (now comparing Ubuntu and Alpine for instance). Or is this even a
>>>>> concern
>>>>> for us?
>>>>>
>>>>> I didn't find any clear answers around that topic with a quick Google
>>>>> search. [1] was kind of interesting to read.
>>>>>
>>>>> Anyway, I definitely see the benefits of just switching to Ubuntu
>>>>> due to
>>>>> the fact that it also relies on Debian's package management (reducing
>>>>> the
>>>>> migration effort) and that we're using it for our CI builds
>>>>> (consistency).
>>>>>
>>>>> +1 for going with Ubuntu if security is not a big concern
>>>>>
>>>>> Best,
>>>>> Matthias
>>>>>
>>>>> [1]
>>>>>
>>> https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/
>>>
>>>>>
>>>>> On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler
>>>>> <ch...@apache.org>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> during the release of the 1.15.2 images
>>>>>> <https://github.com/docker-library/official-images/pull/13065> it
>>>>>> was
>>>>>> noted that we use the openjdk:8/11 images, which have been
>>>>>> deprecated
>>>>>> <https://github.com/docker-library/openjdk/issues/505> and thus no
>>>>>> longer receive any updates.
>>>>>>
>>>>>> There are a number of alternatives, the most promising being Eclipse
>>>>>> Temurin <https://hub.docker.com/_/eclipse-temurin>, the successor of
>>>>>> AdoptOpenJDK, since it's vendor neutral.
>>>>>>
>>>>>> This would imply a switch of distros from Debian to most likely
>>>>>> Ubuntu
>>>>>> 22.04 (Alpine isn't as user-friendly, and CentOS is likely
>>>>>> incompatible
>>>>>> with existing images using our images as a base). We are also
>>>>>> running
>>>>>> our CI on Ubuntu, so I don't expect any issues.
>>>>>>
>>>>>> Let me know what you think.
>>>>>>
>>>>>> The required changes on our side appear to be minimal; I have
>>>>>> already
>>>>>> prepared a PR <https://github.com/apache/flink-docker/pull/130>.
>>>>>>
>>>
>
Re: [DISCUSS] Switch docker iamge base to Eclipse Temurin
Posted by Chesnay Schepler <ch...@apache.org>.
Thanks Xingbo. Should've known that the Flink side relies on the distro
name, sorry for the inconvenience.
On 01/09/2022 06:55, Xingbo Huang wrote:
> Thanks Chesnay for driving this. I found a problem with image name
> change[1] and I have created a PR[2] to fix it.
>
> Best,
> Xingbo
>
> [1] https://issues.apache.org/jira/browse/FLINK-29161
> [2] https://github.com/apache/flink/pull/20726
>
> Chesnay Schepler <ch...@apache.org> 于2022年8月31日周三 17:15写道:
>
>> I will optimistically merge the PRs that make the switch so we can
>> gather some e2e testing data.
>>
>> On 30/08/2022 14:51, Chesnay Schepler wrote:
>>> yes, alpine would have similar issues as CentOS. As for usability,
>>> from personal experience it has always been a bit of a drag to extend
>>> or use manually because it is such a minimal image.
>>>
>>> On 30/08/2022 14:45, Matthias Pohl wrote:
>>>> Thanks for bringing this up, Chesnay. Can you elaborate a bit more on
>>>> what
>>>> you mean when referring to Alpine as being "not as user-friendly"?
>>>> Doesn't
>>>> it come with the same issue that switching to CentOS comes with that we
>>>> have to update our scripts (I'm thinking of apt in particular)? Or what
>>>> else did you have in mind in terms of user-friendliness? I would imagine
>>>> selecting the required packages would be a bit more tedious.
>>>>
>>>> I'm wondering whether we considered the security aspect. A more minimal
>>>> Alpine base image might reduce the risk of running into CVEs. But then;
>>>> it's also the question how fast those CVEs are actually fixed on average
>>>> (now comparing Ubuntu and Alpine for instance). Or is this even a
>>>> concern
>>>> for us?
>>>>
>>>> I didn't find any clear answers around that topic with a quick Google
>>>> search. [1] was kind of interesting to read.
>>>>
>>>> Anyway, I definitely see the benefits of just switching to Ubuntu due to
>>>> the fact that it also relies on Debian's package management (reducing
>>>> the
>>>> migration effort) and that we're using it for our CI builds
>>>> (consistency).
>>>>
>>>> +1 for going with Ubuntu if security is not a big concern
>>>>
>>>> Best,
>>>> Matthias
>>>>
>>>> [1]
>>>>
>> https://jfrog.com/knowledge-base/why-use-ubuntu-as-a-docker-base-image-when-alpine-exists/
>>>>
>>>> On Tue, Aug 30, 2022 at 11:40 AM Chesnay Schepler <ch...@apache.org>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> during the release of the 1.15.2 images
>>>>> <https://github.com/docker-library/official-images/pull/13065> it was
>>>>> noted that we use the openjdk:8/11 images, which have been deprecated
>>>>> <https://github.com/docker-library/openjdk/issues/505> and thus no
>>>>> longer receive any updates.
>>>>>
>>>>> There are a number of alternatives, the most promising being Eclipse
>>>>> Temurin <https://hub.docker.com/_/eclipse-temurin>, the successor of
>>>>> AdoptOpenJDK, since it's vendor neutral.
>>>>>
>>>>> This would imply a switch of distros from Debian to most likely Ubuntu
>>>>> 22.04 (Alpine isn't as user-friendly, and CentOS is likely incompatible
>>>>> with existing images using our images as a base). We are also running
>>>>> our CI on Ubuntu, so I don't expect any issues.
>>>>>
>>>>> Let me know what you think.
>>>>>
>>>>> The required changes on our side appear to be minimal; I have already
>>>>> prepared a PR <https://github.com/apache/flink-docker/pull/130>.
>>>>>
>>