Attending:
- Mark Waite
- Kevin Martens
- Sayantan Mondal
- Bruno Verachten
- Daniel Beck
- Wadeck Follonier
Agenda:
-
Open action items:
- Damien Duportal:
- Check Docker image download statistics per platform/version => move it to the backlog, no more open action items
- Open issue for “merging” docker agent repositories into a single one
- Damien Duportal:
-
Docker Images
- Container image deprecation for the blue ocean container (jenkinsci:blueocean)
- Damien proposed three meetings ago to update the image a very last time, with a 10 seconds sleep at the very beginning in the entrypoint, then a very informative message giving the status, and then another round of 10 seconds waiting
- Need to announce the deprecation of the image
- Update the page on Dockerhub
- Add to a Jenkins LTS changelog or upgrade guide?
- Add a disclaimer to one or more pages on www.jenkins.io?
- Update the 2017 Blue Ocean blog post with deprecation notice?
- content/blog/2017/01/2017-01-13-blueocean-dev-log-jan.adoc
- Find a way to communicate the deprecation to users and admins
- Jenkins administrative monitor that checks for specific container content?
- Report it on it regularly in Platform SIG meetings
- Create an issue that proposes the deprecation and the needed steps => who?
- Not likely to make progress until …
- Repository: blueocean-plugin/Dockerfile at master · jenkinsci/blueocean-plugin · GitHub
- Container image deprecation for the blue ocean container (jenkinsci:blueocean)
-
Ongoing Work and discussions
- Centos 7 Jenkins Controller Docker Image
- While searching information about this image, Damien found the following important informations:
- Officially (RedHat & Community: About/Product - CentOS Wiki), CentOS7 is in “maintenance” update since 2020 and until June 2024.
- While searching information about this image, Damien found the following important informations:
- Centos 7 Jenkins Controller Docker Image
However, the centos official Docker image (all tags) is deprecated by Docker as per Add deprecation notice for CentOS by tianon · Pull Request #2205 · docker-library/docs · GitHub since the 30 September 2022 (quite recent). The rationale is there are none committed maintainer nor proper monthly update (like all base OSes).
That is a serious and strong argument to deprecate the jenkins/jenkins:centos7 image because it is a dangerous one
Data points: as per DockerHub’s raw data for January 2023:
this image received ~830.000 pulls. It’s ~5% of the pulls.
The unmaintained (since Jenkins 2.306) centos alias received ~100.000 pulls
Alamlinux8 and UBI8-JDK11 have the same order of magnitude of pulls.
Proposal: deprecate the centos images. needs announcement
Need a JEP: proposal to end the Centos7 image earlier than June 2024. The docker container is already not supported anymore.
- Let’s (re)build a last time, after the LTS, with a echo “IMPORTANT: deprecated image please see… and move to ubi…” && sleep 30 command in the entrypoint.
We would need another JEP before using an administrative monitor:
Consider adding a Jenkins administrative monitor that would inform the user that they are running a deprecated container image. We could use the presence of a flag file in the container image to indicate deprecation, then display the alert in Jenkins in the same way that “you have a new version” or “this plugin is deprecated” messages are shown
-
Done
- IBM s390x agent maintenance Friday Feb 3, 2023
- All went fine, downtime (if any) went unnoticed
- IBM s390x agent maintenance Friday Feb 3, 2023
-
Latest CVE for containers was not fun.
- Windows controller image is not updated as often as the rest. It’s been more than one year without any update.
- Should we drop it? Mark thinks so. Makes no sense to keep it as is. Nice for agents, not for controllers. Nobody is complaining, so not many people use that.
- Wadeck Follonier would prefer to kill everything but one
Just kidding
- 20 images to check, that’s a lot!
- Why do we have multiple versions of each image, and why so many OSes?
- Mark Waite thinks there are two types of users
- I want something that looks very close to the system I already use (Debian, UBI9, …). It behaves the way they expect it. What about Debian Slim then asks Daniel?
- Alpine image for the rest of them, because they want something small and efficient
- Mark Waite thinks there are two types of users
- AlmaLinux PR: Daniel would like to see a better justification for a new image. What is the advantage compared to UBI8 and UBI9? => topic for discussion
- Wolfie: Wadeck thinks the approach is interesting
- What are the images that are used these days?
- Data is available, Wadeck got a look at them, and lots of tags are used, it’s very much distributed
- Wadeck proposes to discuss the supply of just one image supported by security, and let Jenkins users build their own images if they want to use another OS base.
- Windows controller image is not updated as often as the rest. It’s been more than one year without any update.