Re: [DISCUSS] PIP-324: Alpine Docker images

the UBI9-minimal > > image ( > > > https://catalog.redhat.com/software/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5 > ). > > That may have a better security footprint. > > > > Thank You, > > > > Alex Hall > > > > > > -Original

Re: [DISCUSS] PIP-324: Alpine Docker images

2:31 PM To: dev@pulsar.apache.org Subject: Re: [DISCUSS] PIP-324: Alpine Docker images [You don't often get email from *REDACTED*. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Hi Alexander, it doesn't look to be only 4 issues in that image: https://ca

Re: [DISCUSS] PIP-324: Alpine Docker images

2acc111bf5). > That may have a better security footprint. > > Thank You, > > Alex Hall > > > -Original Message- > From: Matteo Merli > Sent: Thursday, February 15, 2024 12:55 PM > To: dev@pulsar.apache.org > Subject: ''Re: Re: [DISCUSS] P

Re: [DISCUSS] PIP-324: Alpine Docker images

tware/containers/ubi9/ubi-minimal/615bd9b4075b022acc111bf5). That may have a better security footprint. Thank You, Alex Hall -Original Message- From: Matteo Merli Sent: Thursday, February 15, 2024 12:55 PM To: dev@pulsar.apache.org Subject: ''Re: Re: [DISCUSS] PIP-324: Alpin

Re: Re: [DISCUSS] PIP-324: Alpine Docker images

H > > -Original Message- > From: Matteo Merli > Sent: Wednesday, February 14, 2024 2:01 PM > To: david.chris...@discordapp.com.invalid > Cc: dev@pulsar.apache.org > Subject: ''Re: Re: [DISCUSS] PIP-324: Alpine Docker images > > [You don't often get

Re: Re: [DISCUSS] PIP-324: Alpine Docker images

14, 2024 2:01 PM To: david.chris...@discordapp.com.invalid Cc: dev@pulsar.apache.org Subject: ''Re: Re: [DISCUSS] PIP-324: Alpine Docker images [You don't often get email from *REDACTED*. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Reviving

Re: Re: [DISCUSS] PIP-324: Alpine Docker images

Reviving the discussion thread. > For Netty, I think netty-transport-native-epoll is only built against > glibc ( https://netty.io/wiki/native-transports.html#using-the-linux-native-transport ). > Is there a workaround ? Yes, there is a workaround for Netty. It works perfectly fine by including

RE: Re: [DISCUSS] PIP-324: Alpine Docker images

Are we sure the move to Alpine is worth the extensive performance testing and the risk of issues? Sticking with a popular glibc image like Temurin, Ubuntu/Debian, or ubi-minimal (mentioned also in this discussion) seems like a better path to me, without the risk of glibc vs musl issues. Using Di

Re: [DISCUSS] PIP-324: Alpine Docker images

Another alternative is Redhat's ubi-minimal. It is glibc and has longer support. Alpine support is around 2 years. https://gist.github.com/yuweisung/9a40b7af71cdf2dfbb4f7c52825acf35 Yu Wei Sung Sr. Technologist OCTO streamnative.io

Re: [DISCUSS] PIP-324: Alpine Docker images

Le mer. 13 déc. 2023 à 18:03, Matteo Merli a écrit : > > -- > Matteo Merli > > > > On Wed, Dec 13, 2023 at 8:20 AM Christophe Bornet > wrote: > > > Thanks Matteo for bringing this subject. > > > > I share the concerns of Lari regarding the move from glibc to musl in > > terms of security, perfor

Re: [DISCUSS] PIP-324: Alpine Docker images

I don't think the compatibility for downstream users is going to be a big problem: 1. Most users don't need to modify the Pulsar image in significant way 2. If they do, they won't be using the "latest" tag, but rather a specific version 3. Users who are dependent on the Ubuntu base image can sta

Re: [DISCUSS] PIP-324: Alpine Docker images

-- Matteo Merli On Wed, Dec 13, 2023 at 8:20 AM Christophe Bornet wrote: > Thanks Matteo for bringing this subject. > > I share the concerns of Lari regarding the move from glibc to musl in > terms of security, performance, compatibility with the JVM. Extensive > performance tests will have to

Re: [DISCUSS] PIP-324: Alpine Docker images

Thanks Matteo for bringing this subject. I share the concerns of Lari regarding the move from glibc to musl in terms of security, performance, compatibility with the JVM. Extensive performance tests will have to be done. Also, last time I tried to use alpine with a Python project, it was a nightma

Re: [DISCUSS] PIP-324: Alpine Docker images

For Kubernetes environments, the DNS caching concerns could be covered by using NodeLocal DNSCache [1]. I wonder if that gets configured by default in cloud provider managed k8s services? -Lari 1 - https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/ On 2023/12/13 13:16:45 Lari Ho

Re: [DISCUSS] PIP-324: Alpine Docker images

+1 Before switching to Alpine completely, it would be worth running extensive system tests in production-like environments. Alpine comes with musl, which makes the JVM behave slightly differently. One of the common DNS issues with Alpine was fixed in May 2023 with the Alpine 3.18 release. Alpi

Re: [DISCUSS] PIP-324: Alpine Docker images

+1. It is a good idea to use the Alpine image to run the Pulsar, as it is more secure. However, switching images may affect downstream users, and I am wondering if it is possible to provide multiple docker tags: - latest: using the Ubuntu image - alpine: using the Alpine image Thanks, Zixuan

Re: [DISCUSS] PIP-324: Alpine Docker images

+1 to me. The Alpine Linux is much more light-weight than Ubuntu. Thanks, Yunze On Wed, Dec 13, 2023 at 3:00 AM Matteo Merli wrote: > > Hello, > > I've created a new proposal to switch Pulsar base docker images from Ubuntu > to Alpine Linux. > > Details and motivation in the PIP: > https://githu

[DISCUSS] PIP-324: Alpine Docker images

Hello, I've created a new proposal to switch Pulsar base docker images from Ubuntu to Alpine Linux. Details and motivation in the PIP: https://github.com/apache/pulsar/pull/21716 Matteo -- Matteo Merli