Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a deployment Docker image based on RedHat UBI #49643

Closed
bobvawter opened this issue May 28, 2020 · 3 comments · Fixed by #54812
Closed

Provide a deployment Docker image based on RedHat UBI #49643

bobvawter opened this issue May 28, 2020 · 3 comments · Fixed by #54812
Labels
A-build-system C-cleanup Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior.

Comments

@bobvawter
Copy link
Contributor

This is a follow-on to #41390. Right now, we ship a Debian-based image. It would be helpful for some operators to also supply a UBI-based docker image to DockerHub.

@blathers-crl
Copy link

blathers-crl bot commented May 28, 2020

Hi @bobvawter, please add a C-ategory label to your issue. Check out the label system docs.

While you're here, please consider adding an A- label to help keep our repository tidy.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan.

@bobvawter bobvawter added C-cleanup Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior. A-build-system labels May 28, 2020
@bobvawter
Copy link
Contributor Author

See also comments from Ben in #49593 (comment)

@bdarnell
Copy link
Contributor

Not "also" - the redhat UBI image should replace the debian-based one; there's no reason to offer two.

craig bot pushed a commit that referenced this issue Sep 30, 2020
54544: kvserver: add assertions for invariants around liveness records r=irfansharif a=irfansharif

Now that we have #53842, we maintain the invariant that there always
exists a liveness record for any given node. We can now simplify our
handling of liveness records internally: where previously we had code to
handle the possibility of empty liveness records (we created a new one
on the fly), we can change them to assertions to verify that's no longer
possible.

When retrieving the liveness record from our in-memory cache,
it's possible for us to not find anything due to gossip delays. Instead
of simply giving up then, now we can read the records directly from KV
(and update our caches while in the area). This PR introduces this
mechanism through usage of `getLivenessRecordFromKV`.

Finally, as a bonus, this PR also surfaces a better error when trying to
decommission non-existent nodes. We're able to do this because now we
can always assume that a missing liveness record, as seen in the
decommission codepath, implies that the user is trying to decommission a
non-existent node.

---

We don't intend to backport this to 20.2 due to the hazard described in
\#54216. We want this PR to bake on master and (possibly) trip up the
assertions added above if we've missed anything. They're the only ones
checking for the invariant we've introduced around liveness records.
That invariant will be depended on for long running migrations, so
better to shake things out early.

Release note: None


54812: docker: Base the docker image on RedHat UBI r=bdarnell,DuskEagle a=jlinder

Before: The docker image was based on Debian 9.12 slim.

Why: This change will help on-prem customers from a security and
compliance perspective. It also aligns with our publishing images into
the RedHat Marketplace.

Now: Published docker images are based on the RedHat UBI 8 base image.

Fixes: #49643

Release note (backward-incompatible change): CockroachDB Docker images
are now based on the RedHat ubi8/ubi base image instead of Debian 9.12
slim. This will help on-prem customers from a security and compliance
perspective.

Co-authored-by: irfan sharif <[email protected]>
Co-authored-by: James H. Linder <[email protected]>
@craig craig bot closed this as completed in 24f5b76 Sep 30, 2020
jlinder added a commit to jlinder/cockroach that referenced this issue Oct 1, 2020
Before: The docker image was based on Debian 9.12 slim.

Why: This change will help on-prem customers from a security and
compliance perspective. It also aligns with our publishing images into
the RedHat Marketplace.

Now: Published docker images are based on the RedHat UBI 8 base image.

Fixes: cockroachdb#49643

Release note (backward-incompatible change): CockroachDB Docker images
are now based on the RedHat ubi8/ubi base image instead of Debian 9.12
slim. This will help on-prem customers from a security and compliance
perspective.
jayshrivastava pushed a commit that referenced this issue Oct 8, 2020
Before: The docker image was based on Debian 9.12 slim.

Why: This change will help on-prem customers from a security and
compliance perspective. It also aligns with our publishing images into
the RedHat Marketplace.

Now: Published docker images are based on the RedHat UBI 8 base image.

Fixes: #49643

Release note (backward-incompatible change): CockroachDB Docker images
are now based on the RedHat ubi8/ubi base image instead of Debian 9.12
slim. This will help on-prem customers from a security and compliance
perspective.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-build-system C-cleanup Tech debt, refactors, loose ends, etc. Solution not expected to significantly change behavior.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants