UBI Image Support (Builder&Run Images, Extensions) #68
Replies: 2 comments 4 replies
-
TL;DR
I think you are best-placed to answer that! You have the most consumer feedback and the most experience with prototyping UBI support. You know what it should look like; you know best what consumers want.
I think if you (collectively) are willing to commit to helping maintain them, your high-level proposal above makes sense to me. I'd start with the smallest change set possible (a single stack + builder, stack extensions for the specific languages you want to support from day 1) and over time we can identify areas for refactoring and growing UBI support to other languages. Detailed thoughtsMaintenance / Organizational supportAdding UBI support increases the surface area of Paketo substantially. In order for this to be sustainable for the current Paketo community, I think we would need to increase the number of contributors/maintainers in various areas. Specifically in the builders space, and probably stacks, but also maybe in some of the language families (java, node) too. This might not be as big a hurdle as it seems, given that we've seen community interest in becoming contributors of stacks/tooling, java, and nodejs. To put this more bluntly, as a maintainer of builders, I'm in favor of this work but you have to help us support it :) Also, for what it's worth, I don't think we'd need to add more contributors to the tooling space, because I'd expect the builders/language family teams to own most of the CI etc to build, test, and publish the stack/buildpack/builder images. To me, the increase in surface area to the tooling team feels more sustainable than the increase in surface area for builders. Number of stacks/builders (full/base/tiny)I'd suggest starting with one stack + builder that meets the requirements you have today. We can always add more stacks and builders and it's easier to add more than to deprecate and remove them. Perhaps I'm missing the point of your question though. Buildpack/stack compatibilityI don't have the best mental model of stack extensions yet, but I think that if a stack (plus one or more stack extensions) provides a dependency (e.g. I'd expect the downstream buildpacks to declare explicit support for the UBI stack (or just TestingIf UBI stacks are to become a fully-supported, first-class citizen of Paketo Buildpacks, then I don't think there's any question that we should integration test them. At the very least, I'd expect the builder to have integration tests for the buildpacks it supports, and realistically I'd probably advocate for all the supported component buildpacks to have integration tests against the UBI stack (and its stack extensions). OfflineIf the stack extensions install packages via |
Beta Was this translation helpful? Give feedback.
-
Should we consider to convince upstream that multiple run images are useful and should be supported by the spec right away, instead of going for something I'd like the notion of a single Paketo Jammy Builder for example (and stack as long as this exists as a concept) and just using different run images or later extensions to provide the more and more dependencies that the more and more buildpacks require. Same would of course be true for the single Paketo UBI Builder. |
Beta Was this translation helpful? Give feedback.
-
With the recent completion of experimental extension support in the CNCF Buildpack project, we can now look at UBI based stacks.
Red Hat Universal Base Images (UBI) are designed to be a foundation for cloud-native and web applications use cases developed in containers. Unlike the existing Ubuntu based Paketo stacks, UBI images are built from portions of Red Hat Enterprise Linux. For more info, see https://developers.redhat.com/products/rhel/ubi
There are a wide variety of UBI images offered by Red Hat, offering pre configured deployments of various runtimes (such as Java), and offering cutdown images designed for extension (ubi-minimal).
While it would be possible to use UBI images in a similar fashion to the existing Ubuntu based images, and download application dependencies via buildpacks, and store them within layers, it would be more normal (where possible) to use the dependencies supplied via the configured repositories within the images. Eg, rather than downloading a JVM/JDK, one would be installed via 'yum'. Dependencies installed via yum in this manner can help customers meet support requirements for their application by ensuring the resulting application is sitting on a supportable runtime. Often this is a key consideration for customers when choosing to use UBI based applications in production.
Until recently, CNCF Buildpacks were unable to affect the Builder image, or Run image at a system level (eg, you could not make modifications that required root from a buildpack, such as installing packages via yum). Recent updates to the Buildpacks project have added 'extensions', these are special variants of buildpacks that are able to modify the Builder image (and substitute the Run image), via Dockerfiles generated during the execution of the Extensions. (In the future, the goal is to also allow modification of the Run image via the same mechanism).
Thus, via extensions, it becomes possible to have a Builder that contains such extensions, that can install dependencies such as Java, Maven, NodeJS, etc via yum. These extensions are very similar to buildpacks, participating in the 'detect' phase, and being allowed to issue 'provides' to the buildplan (but critically not 'requires').. then extensions that are selected to become part of a build run a 'generate' task (rather than a buildpacks 'build' task), that may output Dockerfiles to modify the Builder image, and/or substitute the Run image. Just like buildpacks, the detect & generate invocations get access to the source project to determine what actions they wish to take. For more information on extensions see.. https://github.com/buildpacks/spec/blob/main/image_extension.md
UBI Image support was on the Roadmap for 2022, but was mostly blocked by the extension work upstream.
With that functionality now complete, it's proposed to create a Builder that uses UBI, that will produce applications that run on UBI.
The Builder should (where possible)
(behavior to be overridable via env vars to disable globally/disable per dependency)
As part of this, we would need new repositories for the extensions (which should be just thought of as slightly different flavor buildpacks, as they share 90% of their definition with them). Extension implementations will likely be using the same frameworks as existing buildpacks, and have logic that will seem very familiar. There may be scope for extracting common function from existing buildpacks into libraries that can be driven from both extensions and buildpacks (Consider 'is this a java project' type functions).
So far, we have prototyped extensions that can supply Java & Node JS,
At a (very rough) guess, this will overall require..
Open questions:
Hmm.. this has gotten a little long =)
TLDR: UBI Images.. what do you expect of them?! How do we go about introducing them ?! =)
Thanks in advance for your thoughts & input!
Beta Was this translation helpful? Give feedback.
All reactions