SovereignCloudStack
Container Image Infrastructure
It should be ensured that the container images which are used in SCS, ...
- are up to date
- do not contain software with known vulnerabilities
- do meet high quality standards
(Potential) Image sources include, but are most likely not limited to:
Dockerhub Official (Base) Images
Examples include: alpine, debian, ubuntu, mysql
- sponsored by Docker
- used very widely
- To be determined: Is there a policy regarding image updates etc.?
- According to docs, they are IP of Docker: https://docs.docker.com/docker-hub/official_images/
Upstram managed images on DockerHub/Quay.io/...
Examples include: prom/prometheus
- mileage will vary from one project to another
Red Hat Certified Base Images
- I personally do not have a lot of experience with them
- they seem very nicely curated and maintained
- RHEL/OpenShift centric
- To be determined: Relation to subscription model, OKD and S2I
SCS solution?
Being a "cloud distribution", SCS may have its own set of maintained images driven by the given goals.
- Implementing own base images with patch process etc. (got some ideas there)
- Security scanning (e. g. hosting a Harbor/Quay installation)
See also https://scs.sovereignit.de/nextcloud/s/g3iZS6y4srAJ3HX for a mindmap with various (VM/container) image metadata properties.
Another effort of curated images:
Bitnami Application Catalog
Examples include: bitnami/prometheus (https://github.com/bitnami/bitnami-docker-prometheus)
- Maintained by Bitnami/VMware
- Big collection of curated images
- Based on custom bitnami debian base image
- Automation of package updating and upstream tracking present
- Implemented via Stacksmith (not open source as far as I understand)?
- Relation to VMware Tanzu Application Catalog?
I've partnered with Bitnami in a previous life. The charges turned out to be prohibitive.
@garloff if we want to keep this issue open, I'd suggest to move it to another repo (eg. Docs/?), since the rest of the Design-Docs have been merged over to Docs as well.
