container base image needs to be updated #41390

kannanlakshmi · 2019-10-07T16:59:14Z

@keith-mcclellan is working on putting CRDB container image back on the Redhat registry as this is required for any partnership between Redhat and Cockroach Labs. We appear to be using some stale base images for our containers https://github.com/cockroachdb/cockroach/blob/2168fe87d168520989488859e88ee39301f8bb6b/build/builder/Dockerfile
Base images tend to have security vulnerabilities and this will need to addressed before he can proceed with the Redhat marketplace.

cc @keith-mcclellan for more information as he found the older images

cc @kenliu for triage

keith-mcclellan · 2019-10-07T18:18:21Z

I found at least two spots where we're pinning ourselves to old base images:

https://github.com/cockroachdb/cockroach/blob/2168fe87d168520989488859e88ee39301f8bb6b/build/deploy/Dockerfile

FROM debian:9.8-slim should be the latest LTS which would be stretch-slim (currently maps to 9.11-slim)

https://github.com/cockroachdb/cockroach/blob/2168fe87d168520989488859e88ee39301f8bb6b/build/builder/Dockerfile

FROM ubuntu:xenial-20170915 should at a minimum be FROM ubuntu:xenial but better bionic (latest LTS)

keith-mcclellan · 2019-10-07T18:19:34Z

Red Hat is specifically asking us to support a version of the database on their UBI though, where they manage the security patching for the underlying dependencies

kenliu · 2019-10-31T00:35:58Z

@bobvawter FYI I'm adding this to the backlog

kenliu · 2019-11-12T16:49:02Z

@bobvawter can look at this as part of revving the go version

kenliu · 2020-01-28T20:15:54Z

we're going to work on this in the next week or two

bobvawter · 2020-02-12T17:16:12Z

Related: #44905

kenliu · 2020-02-25T15:24:53Z

@bobvawter any update on this issue?

bobvawter · 2020-02-27T14:17:13Z

Per discussion with release team, the consensus is to hold until the 20.1 release goes out, since the changing the base image will impact testing. Also coordinating with @aaron-crl viz security requirements. Will update this ticket with notes from that chat.

bobvawter · 2020-05-12T19:26:10Z

Now that the release is out, will get back to this after landing the updated TeamCity agent OS image.

49593: build: Upgrade base image to deployment dockerfile r=bobvawter a=bobvawter This change updates the deployment base image from Debian 9.8 to 9.12. Fixes: #41390 Release note (build change): Release Docker images are now built on Debian 9.12. Co-authored-by: Bob Vawter <[email protected]>

This change updates the deployment base image from Debian 9.8 to 9.12. Fixes: cockroachdb#41390 Release note (build change): Release Docker images are now built on Debian 9.12.

kenliu · 2020-08-25T19:37:15Z

Reopening this because we hadn't yet updated the base image to use the latest redhat UBI

kenliu · 2020-08-25T19:38:36Z

Before we close out this issue, we need to follow up with Keith to understand better what the release process is for distributing to the RedHat marketplace.

https://marketplace.redhat.com/en-us/products/cockroachdb-operator

jlinder · 2020-11-10T20:50:20Z

Current status:

For 20.2.0 and forward, we are using the ubi8/ubi-minimal image as the base image for our docker images
We met with Keith to get the process for publishing docker images to the Red Hat Marketplace. We've pushed images for the 20.1.7, 20.1.8 and 20.2.0 builds. We will handle pushing images for new builds going forward. We have yet to automate the process and are tracking that as a separate task.

With that, we can close this issue.

kannanlakshmi added the A-orchestration Relating to orchestration systems like Kubernetes label Oct 7, 2019

kenliu added the A-security label Oct 31, 2019

kenliu assigned bobvawter Nov 12, 2019

bobvawter mentioned this issue Feb 27, 2020

release: change docker container image to something maintained (redhat?) #45486

Closed

bobvawter mentioned this issue May 27, 2020

build: Upgrade base image to deployment dockerfile #49593

Merged

bobvawter removed their assignment May 27, 2020

bobvawter mentioned this issue May 28, 2020

Provide a deployment Docker image based on RedHat UBI #49643

Closed

craig bot closed this as completed in a1a1866 Jun 1, 2020

jlinder mentioned this issue Jun 22, 2020

release-19.1: build: Upgrade base image to deployment dockerfile #50480

Merged

jlinder mentioned this issue Jun 22, 2020

release-19.2: build: Upgrade base image to deployment dockerfile #50481

Merged

jlinder mentioned this issue Jun 22, 2020

release-20.1: build: Upgrade base image to deployment dockerfile #50482

Merged

jlinder reopened this Aug 25, 2020

jlinder closed this as completed Nov 10, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

container base image needs to be updated #41390

container base image needs to be updated #41390

kannanlakshmi commented Oct 7, 2019

keith-mcclellan commented Oct 7, 2019 •

edited

Loading

keith-mcclellan commented Oct 7, 2019

kenliu commented Oct 31, 2019

kenliu commented Nov 12, 2019

kenliu commented Jan 28, 2020

bobvawter commented Feb 12, 2020

kenliu commented Feb 25, 2020

bobvawter commented Feb 27, 2020

bobvawter commented May 12, 2020

kenliu commented Aug 25, 2020

kenliu commented Aug 25, 2020

jlinder commented Nov 10, 2020

container base image needs to be updated #41390

container base image needs to be updated #41390

Comments

kannanlakshmi commented Oct 7, 2019

keith-mcclellan commented Oct 7, 2019 • edited Loading

keith-mcclellan commented Oct 7, 2019

kenliu commented Oct 31, 2019

kenliu commented Nov 12, 2019

kenliu commented Jan 28, 2020

bobvawter commented Feb 12, 2020

kenliu commented Feb 25, 2020

bobvawter commented Feb 27, 2020

bobvawter commented May 12, 2020

kenliu commented Aug 25, 2020

kenliu commented Aug 25, 2020

jlinder commented Nov 10, 2020

keith-mcclellan commented Oct 7, 2019 •

edited

Loading