How often do you update your Docker images (Elasticsearch, Logstash, ...) ?
I see that there are new images for new versions of your software but what about bug fixes in the OpenJDK or Alpine?
We use this alpine base image - https://github.com/elastic/elasticsearch-alpine-base/tree/master/build/elasticsearch-alpine-base
I'll see if I can get answers on the rest 
Currently, we only rebuild earlier releases in an "on-demand" fashion. So if we became aware of a serious vulnerability in the JDK, or something of that ilk, we could easily re-spin the images, but it would require manual intervention.
Given our comprehensive CI setup, it would certainly be feasible to create a system of scheduled builds to refresh the images. It's a balancing act, since one of our goals, and a goal of Docker in general, is to present completely predictable, immutable software images. There's a tension between predictability and currency here. In fact, the main purpose of elasticsearch-alpine-base is to allow us to re-spin Elasticsearch images without accidently mutating the underlying operating system.
1 Like
"predictable, immutable software images" is definitely the way to go. You shouldn't release updated images with the same name. But you could add an indicator for the "patch level".
But I understand that this is currently not done and the images you release might contain OS or JDK bugs which are fixed upstream.
Thanks for the insight,
Dennis
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.