Replaces UBI with Stream9-minimal image

openshift / ocm-container

Containerized environment for accessing OpenShift v4 clusters, packing necessary tools/scripts

Apache License 2.0

10 stars 63 forks source link

Replaces UBI with Stream9-minimal image #288

Open iamkirkbater opened 4 months ago

iamkirkbater commented 4 months ago

UBI is not a redistributable image, and should only be used on RHEL machines. Therefore, we should use the CentOS Stream image.

However, the centos quay repo does not tag their images with anything more granular than stream9-minimal. This image does look to be updated regularly, though, which may or may not be an issue.

I've built and used this image locally for a few days now without issue on my M1 MBP.

I've opened this PR for further discussion, and do not have an opinion one way or the other on whether this gets merged or not.

Migrating to stream9-minmal puts us under the "letter of the rule", however since this is an internal tool really used only by RH SREs on CSBs - we are still following the "spirit of the rule".

openshift-ci[bot] commented 4 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: iamkirkbater

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/ocm-container/blob/master/OWNERS)~~ [iamkirkbater] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

iamkirkbater commented 4 months ago

:fry-not-sure: - I was told by other engineers on slack that UBI was non-redistributable (and then eventually made this PR), but when I decided to go find a source for that claim somewhere after submitting this PR and googled for it I found the UBI landing page which explicitly calls out UBI as freely-redistributable...

We can still have the discussion on whether or not to use UBI/stream-9; however I'm perfectly fine with closing this with this new information.... 🤦🏼

iamkirkbater commented 4 months ago

More Information:

From another slack thread - the general consensus is that if the container running UBI as a base is built on a RHEL system it's only allowed to run on that RHEL system. If we built via UBI locally this is fine, as UBI won't have access to any of the RHEL repos, but if being built on a RHEL system it will have the RHEL repos enabled by default, and therefore may not be freely redistributable.

It might just be safer at this point to run Stream9 - though I'm still open to have a discussion.

openshift-bot commented 1 month ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 5 days ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale