New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How about change base image to Alpine? #27
base: master
Are you sure you want to change the base?
Conversation
- change image to security patched Java Alpine; - add Makefile and .env for easier build and release
Thank you. I generally like the idea of small footprints, but I know that there were problems with alpine in the past when trying to use extended features. In our company based geoserver image for example, we started years ago with alpine and then had to switch back to an ubuntu base image as there were problems with including the Another "contra" would be: Changing the base image like this could cause problems for people that are already using the published ubuntu based-image and extend it for their specific reasons by using the FROM clause. I just don't know how many people would be affected by such a fundamental change. I'd also like to know the opinion of some core developers. Maybe there are other pro/con arguments regarding the base image? @aaime @jodygarnett |
For really specific and focused purposes, an alpine image can be a very good idea. But geoserver is pretty generic and this image will generally be extended in lots of different ways: ubuntu is a better base for that. |
many publicly available Docker images exist in more than one variant - eg. PostgreSQL official image is based on Alpine or Ubuntu, redis, etc. Than users can choose what is more important to them - security and slow footprint or more flexibility wit bigger and less secure base image. We are testing Alpine based Geoserver in production in this moment and I can maintain Alpine fork. |
I would like to see how you do that? Can we setup multiple supported things here? |
yes, it is no problem to support multi variant image in one git repo. You can check my other project - security patched Java Alpine base image here: https://github.com/alapierre/java-apline and pipeline for it. It use Docker |
I like the idea to provide multiple image variants (ubuntu or alpine based). Do you think you could extend this PR to prepare something like this @alapierre ? |
yes, sure - but not before my holiday. I can prepare Makefile and GitHub pipeline for multi-platform build. |
@@ -1,4 +1,4 @@ | |||
FROM ubuntu:22.04 as tomcat | |||
FROM lapierre/java-alpine:11 as tomcat |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not use a Docker vetted "Official image"? instead of pushing your own JDK version (having a full JDK is total overkill)
FROM lapierre/java-alpine:11 as tomcat | |
FROM eclipse-temurin:11-jre-alpine as tomcat |
I agree with @mprins that an approach with official images should be preferred. @alapierre Do you plan to continue on this or can this be closed? |
Hey, Yes I'm Planning but curentyly can't find enough time. |
image based on
ubuntu 22.0
has significant number of security problems:When you change base image to security patched Alpine it will looks like that:
Of course, there will still be vulnerabilities in Java libraries that cannot be eliminated by simply changing the base image.
Changes in this PR: