Good reasoning! Thanks! On Mon, May 18, 2020 at 6:39 PM Windham Wong <[email protected]> wrote:
> My experience is that, people tends to pick their container image OS based > on few criterias only: > 1) image size, alpine always win, then debian/centos and 3rd is > ubuntu/centos. alpine is always the smallest but not much library provided > and require to compile manually. debian is always good because it has > apt-get to provide loads of library. centos is cool as debian because it > also has good yum repo. ubuntu is always the last because it is fat, but it > provides very large range of libraries to use. > 2) kernel feature, as mentioned last email, ubuntu has issue with DNS and > some sort of network discover issues. I remember alpine has some as well, > because it is very plain, requires many fine tunes be done manually. in > this case, centos and debian should win. > 3) linux stream, obviously, alpine, debian/ubuntu, centos, are 3 different > streams that use different native tools. Poeple just pick their base image > based on what they often use in their life. However, I see a lot debian and > alpine on docker hub because they are just smaller in size. > 4. library support. Python library is a very good example in this case. As > Heron is turning to Python 3, which specifically Python 3.7+, some > discontinued based OS version does not provide the support anymore. We have > tested out that, debian9 supports only up to Python3.5, ubuntu 14.04 does > not support python3 and ubuntu 16.04 supports up to Python 3.5 only. > > I am not a big fan of using centos for docker. Concluding all 4 points > above, I believe keeping centos7 (if it supports python37), debian10 (not > debian9), ubuntu 18.04 (supports python3.7+) would be the best solution at > the moment. We have to cut off the old images due to our library upgrade > and this is unavoidable. Otherwise, we would have tons of issues sending in > about library support in the future and the workload could be a lot more > for just answering questions. > > Windham Wong > Co-Founder, Technical Director of > Stormeye.io, Hong Kong Managed Security Operation Center Limited > Email // [email protected] (mailto:[email protected]) > Phone // +852_3590_2212_|_+852_9832_0707 (tel:+85235902212) > Fax // +852_3590_2202 (tel:+852_3590_2202) > > On 5月 19 2020, at 6:09 早上, Josh Fischer <[email protected]> wrote: > > Hi All, I think using CentOS and either Debian or Ubuntu is a good idea. > I would pick Debian over Ubuntu for the reason that Nick pointed out in a > previous email of DNS issues in Kubernetes. I"ve copy and pasted a section > of Nick's previous email. ### Start I've run into issues with Ubuntu images > having DNS issues in Kubernetes. > https://github.com/kubernetes/kubeadm/issues/787 ### End As for what ends > up being the official Docker container I'm fine with either choice Debian > or CentOS. On Mon, May 18, 2020 at 2:10 AM Ning Wang wrote: > Yeah. For > binary release, the license is a huge factor. > > On Sun, May 17, 2020 at > 2:32 PM Josh Fischer wrote: > > > Hi All, > > > > When it comes to choosing > the official Apache Docker image for Heron we > > have to think of the > licensing issues first. Everything that is > installed > > into the > container at build time with the exception of the "FROM" > > statement in > the Dockerfile must be ALv2 compatible. OpenJDK is under > GPLv2 > > which > is not compatible with Apache. However we can get around this if > we > > > bring the OpenJDK into the container via a FROM statement. I've copied a > > > reply from Dave in our dev list in a previous email. See below. > > > > > ######## Start ######## > > Regarding OpenJDK and GPL2 - here is what Roman > the VP, Legal wrote when > > answering Beam’s questions. > > > > Roman > Shaposhnik commented on LEGAL-503: > > > ---------------------------------------- > > > > Hey [~altay] if you would > like to continue linking to the Docker release > > artifact from the > > > https://beam.apache.org > > you will have: > > 1. Transition to the > official ASF dockerhub org: > > https://hub.docker.com/u/apache > > 2. > Start including that binary convenience artifact into your VOTE > > threads > on Beam releases > > 3. Make sure that all Cat-X licenses are ONLY brought > into your > > container via FROM statements > > ######## End ######## > > > > > So at the end of the day, we need to use a container that has Java > > already > > installed in it so that when we create our official image we > can inherit > > that java containing image via a FROM statement. > > > > - > Josh > > > > > > On Sun, May 17, 2020 at 4:12 PM H W wrote: > > > > > We > use Centos 7 as well. > > > > > > On Sun, May 17, 2020 at 10:41 AM Nicholas > Nezis < > > [email protected]> > > > wrote: > > > > > > > Some > thoughts I'd like to add to the discussion: > > > > > > > > Debian and > Ubuntu are somewhat similar. Would it make sense to pick > one > > > of > > > > > those and pair with Centos? > > > > > > > > I've run into issues with > Ubuntu images having DNS issues in > > Kubernetes. > > > > > https://github.com/kubernetes/kubeadm/issues/787 > > > > > > > > Ubuntu > 14.04 should be removed. It was end of life last year. For > those > > > of > > > > > you using Heron in production, is anyone using Ubuntu 16? My vote > > would > > > be > > > > to remove it also. For what it's worth, my use case > is in K8s and we > > use > > > > the Centos7 image on a Centos 7 OS. > > > > > > > > > We should do a test of the official image and helm chart in > > Kubernetes > > > > (maybe with Kind https://kind.sigs.k8s.io/ ) as part > of our release > > > > process. This might be nice to add as an integration > test. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On > Sun, May 17, 2020, 12:37 PM Ning Wang > wrote: > > > > > > > > > That is a > good point. We need to adjust the OS version accordingly > > too. > > > > > > > > > > > On Sun, May 17, 2020 at 2:28 AM Windham Wong < > > > [email protected] > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > debian 10 has no python 2.7 support. Ubuntu 16.04 has no python > > > 3.7+ > > > > dev > > > > > > library support. hope this helps > > > > > > > -- > > > > > > Sent from myMail for Android Sunday, 17 May 2020, 11:34AM > +08:00 > > from > > > > > Ning > > > > > > Wang [email protected] : > > > > > > > > > > > > > >Hi, > > > > > > > > > > > > > >We have talked about > it a few times in different places. Let's > > make > > > a > > > > > > > >decision here. We don't have enough resources to support many > > docker > > > > > > OSes > > > > > > >(technically we only support Debian, Ubuntu, and > CentOS but each > > of > > > > them > > > > > > >has multiple versions). > > > > > > > > > > > > > > >Things we have agreed on (my understanding) > > > > > > > >- for binary release, we are going to choose one OS one > version. I > > > > > > > >remember that Debian 9 was the decision. An open question is: > do > > we > > > > want > > > > > > to > > > > > > >switch to Debian 10 now? > We haven't had a binary release yet, so > > > there > > > > > is > > > > > > > >still time. As the main target, I think 1. the image should > > compile > > > > > > > >successfully. and 2 the image should be tested: the tools and > an > > > > example > > > > > > >topology. > > > > > > > > > > > > > >- for > source release, we haven't talked about it very much. > > > > Personally I > > > > > > > >feel it is a reasonable expectation that, if we have the > Docker > > file > > > > in > > > > > > the > > > > > > >core folders, it > should at least compile. Otherwise, it's a > failed > > > > build > > > > > > > >hence a failed release. We are not going to test run the tools > and > > > > > > > examples > > > > > > >for each release though. > > > > > > > > > > > > > > >Finally, a question about OS versions. I believe at least two > > > > releases > > > > > > >should be supported because most people don't upgrade > to the > > latest > > > > > > version > > > > > > >when it is out in more > serious scenarios, hence IMO the second > > > oldest > > > > > > could > > > > > > > >often be more useful than the latest one from a convenience > > point > > of > > > > > view. > > > > > > >On the other hand, this is too > flexible, and we will spend time > > > > thinking > > > > > > >about it > again. I think a clear guideline could be helpful to > us. > > > For > > > > > > > >example: > > > > > > >- We only include only Debian (popular in the > server world) and > > > Ubuntu > > > > > > >(popular in servers and > workstations). > > > > > > >- for the main OS (Debian) we choose the latest > to compile and > > test > > > > for > > > > > > our > > > > > > >binary > release. > > > > > > >- for a given OS, only two versions (most likely the > most and > the > > > > second > > > > > > >recent releases) are included in > the core source code and they > > need > > > to > > > > > be > > > > > > > >fixed ASAP if they don't compile. > > > > > > >- OSs and other versions > could be included in a special folder > and > > > but > > > > > > >there is > no guarantee that the code will compile. Fixes from the > > > > > community > > > > > > > >are welcome. > > > > > > > > > > > > > > > > > > > > >How do > you guys think? > > > > > > >--ning > > > > > > > > > > > > > > > > > > > > > > > >
