Audit 2i2c + community image use for Docker Hub risk due to removal of Free Team orgs.

[pnasrat]

Context

Docker, Inc. has announced it is stopping supporting Orgs (ie open source communites) free usage of Docker Hub on April 14, 2023. This heavily impacts OSS communities and could mean risk when they start deleting repos - cf other forms of dependency attachs such as on PyTorch

https://news.itsfoss.com/docker-dropping-free-team-orgs/

https://twitter.com/alexellisuk/status/1635679295891812359

Proposal

We should audit current image usages across deployments to ensure all images are on quay.io, github, or other (eg private repositories). Upstreams may also be moving so we should ensure images are updated to the correct repository.

This might involve needing to liase with communities who build and push their own images.

Updates and actions

No response

[jmunroe]

This is another reason we should be tracking what images our communities are using. I had made a start on that task but will try and prioritize it given the possible implication from Docker's business decision.

[pnasrat]

Maybe something like the following PromQL

count by (namespace,image)(kube_pod_container_info{})

[sgibson91]

A follow-up announcement was made which may answer some questions https://www.docker.com/blog/we-apologize-we-did-a-terrible-job-announcing-the-end-of-docker-free-teams/

[yuvipanda]

I think the pangeo images may be the ones most at risk. https://github.com/pangeo-data/pangeo-docker-images/issues/121 was conversation last time dockerhub did something like this...

[yuvipanda]

We have been slowly just moving people to quay.io wherever possible. I think we can close this one out.