We currently build all our products and operators with UBI8 as the base image.
This epic is about switching from UBI8 to UBI9.
Value
Full support for RHEL 8 (on which UBI8 is built) ends May 31, 2024 with a final minor release 8.10 coming out sometime in 2024.
While maintenance support and extended life cycle support will continue until 2029/2032 it is not guaranteed that they will receive the same level of bugfixes as UBI9.
This switch should help us in vulnerability management as a newer release generally has newer versions of dependencies and will get security updates for a longer time.
Dependencies
We will need an OpenShift cluster to test.
Tasks
- [ ] https://github.com/stackabletech/docker-images/pull/583
- [ ] https://github.com/stackabletech/operator-templating/pull/359
- [ ] https://github.com/stackabletech/docker-images/pull/628
- [x] Test all changes on OpenShift
- [ ] https://github.com/stackabletech/issues/issues/585
- [x] Potentially do a LinkedIn/Blog post announcing our switch @stackfab as it ties into our security story
- [x] Review Stackable General Terms and Conditions (GTCs)
Acceptance Criteria
All images we release to customers for the release 24.7 are built using UBI9 as the base image
(Information Security) Risk Assessment
This should help our security posture as we're moving to a maintained version of our base image
I can't think of any additional risks
Accessbility Assessment
This change has no accessibility impact
Quality
As this is a major shift in the underlying OS we should do this change as early as possible in the release cycle and we should run all integration tests and at least a few demos.
Release Notes
We have switched our base image for all our Docker images from Red Hat's Universal Base Image (UBI) version 8 to 9.
This means the underlying operating system is now based on Red Hat Enterprise Linux (RHEL) 9 which will be supported with security updates until at least 2032 and also means a bump in other dependencies.
This should have no visible effect on users of SDP unless you are building custom images or do rely on any implementation details of the operating system.
Description
We currently build all our products and operators with UBI8 as the base image. This epic is about switching from UBI8 to UBI9.
Value
Full support for RHEL 8 (on which UBI8 is built) ends May 31, 2024 with a final minor release 8.10 coming out sometime in 2024. While maintenance support and extended life cycle support will continue until 2029/2032 it is not guaranteed that they will receive the same level of bugfixes as UBI9.
This switch should help us in vulnerability management as a newer release generally has newer versions of dependencies and will get security updates for a longer time.
Dependencies
We will need an OpenShift cluster to test.
Tasks
Acceptance Criteria
(Information Security) Risk Assessment
Accessbility Assessment
Quality
As this is a major shift in the underlying OS we should do this change as early as possible in the release cycle and we should run all integration tests and at least a few demos.
Release Notes
We have switched our base image for all our Docker images from Red Hat's Universal Base Image (UBI) version 8 to 9. This means the underlying operating system is now based on Red Hat Enterprise Linux (RHEL) 9 which will be supported with security updates until at least 2032 and also means a bump in other dependencies.
This should have no visible effect on users of SDP unless you are building custom images or do rely on any implementation details of the operating system.