I was looking at the available Logstash docker images and it looks like there are alpine-based versions available for the 5.x version tree, but not for the 6.x version tree. Are there plans to make Alpine versions available for the 6.x version tree?
Note that image size isn't my only concern. Using a slimed-down OS on the image also significantly reduces the security vulnerability surface area, thus significantly reducing the chances of a vulnerability slipping in. For this reason, security-sensitive environments/users often prefer to use alpine (or similar) base images.
Interesting. Some questions after reading the blog post:
Were the heavy dependencies (other than Java) and the compatibility issues with musl libc only an issue with Elasticsearch, or did you run into similar issues with logstash?
How does CentOS's library footprint (not size in bytes, but number of libraries/dependencies) compare to Alpine linux?
The first question is to help understand how hard it would be to build and maintain our own Alpine-based image.
Since security is our primary concern (we don't care that much about image size), if the CentOS-based images have a bare minimum of libraries/dependencies, then the difference is really unimportant. But it brings along with it lots of stuff that logstash doesn't leverage, then that could be a problem for the environment I work in.
Does anyone have any experience using that image? Is it trustworthy and reliable? From the commit history, it is an active project (there are regular updates to it).
So the Logstash images were initially based on Ubuntu images — see https://github.com/elastic/logstash-docker/blob/5.0/build/logstash/Dockerfile#L1. It was the same for Kibana and Beats; only Elasticsearch was ever on Alpine (of our images). If I remember correctly neither node.js nor JRuby were officially supported by Alpine back then and that's why they went to Ubuntu.
I haven't seen the Alpine based images before, so I don't think we can comment much on them. The only thing I was missing from a quick look were tests. We are putting quite a lot of effort into that (https://github.com/elastic/logstash-docker/tree/6.5/tests) to make sure they are production ready. That's also the reason why our entire build process for the Docker images is different to most others.
If you have specific security requirements my assumption would be that you'll have to build and verify your own images in any case.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.