Our great sponsors
-
kube-fledged
A kubernetes operator for creating and managing a cache of container images directly on the cluster worker nodes, so application pods start almost instantly
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
NuGet
NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.
-
phoenix_container_example
Production-quality example for Elixir/Phoenix building, testing, and running in containers
-
rocker-versioned2
Run current & prior versions of R using docker. rocker/r-ver, rocker/rstudio, rocker/shiny, rocker/tidyverse, and so on.
I'm very sorry that we broke things for you.
To be clear, nothing has changed with Wolfi. Wolfi is an open source community project and everything is still available there: https://github.com/wolfi-dev/.
We have made changes to Chainguard Images - our commercial product built on top of Wolfi - which mean you can no longer pull images by tag (other than latest). Chainguard images are rebuilt everyday and have a not inconsiderable maintenance cost.
The easiest way to avoid this is to build the images yourself. You can rebuild identical images to ours using apko and the source files in the images repo e.g: https://github.com/chainguard-images/images/blob/main/images... (note you can replace package names with versioned versions). You can also just use a Dockerfile with the wolfi-base image to "apk add" packages. Full details are here: https://www.chainguard.dev/unchained/a-guide-on-how-to-use-c...
I agree that pinning is a best practice. The above blog explains that you can still do it using a digest, but I accept this isn't the simplest solution.
If I can help any more, please feel free to get in touch - you can find me most places including twitter https://twitter.com/adrianmouat
Exactly. Part of the appeal to consolidate all of our container images to use Debian-slim is the ability to optimise the caching of layers, both in our container registry but also on our kubernetes cluster’s nodes (which can be done in a consistent manner with kube-fledged[1]).
[1] https://github.com/senthilrch/kube-fledged
Really happy to see this. This caused random NuGet package restore issues when the CNAME chain for api.nuget.org exceeded a certain length.
https://github.com/NuGet/NuGetGallery/issues/9396
Our CDN provider ended up having a shedding mode in some hot areas that made the chain exceed the limit from time to time. Our multi CDN set up saved us so we could do geo specific failovers.
I use distroless images based on Debian or Ubuntu, e.g., https://github.com/cogini/phoenix_container_example
The result is images the same size as Alpine, or smaller, without the incompatibilities. I think Alpine is a dead end.
R is kinda difficult and I haven’t cracked this one. Currently we’re using the rocker based ones[1] but they are based on Ubuntu and include a lot of stuff we don’t need at runtime. I’ll look into creating a more minimal R base images that’s based on Debian-slim.
[1] https://github.com/rocker-org/rocker-versioned2
> There are also these new image lines, I can't recall the funky name for them, that are even smaller.
You might be thinking of the chiselled images. An interesting idea but very much incomplete[1].
[1]: https://github.com/canonical/chisel-releases/issues/34