Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Use slim image in Dockerfile #21326

Merged
merged 4 commits into from
Sep 19, 2022
Merged

chore: Use slim image in Dockerfile #21326

merged 4 commits into from
Sep 19, 2022

Conversation

EugeneTorap
Copy link
Contributor

SUMMARY

Use slim image for python and nodeJS. Final slim python image will be 500 MB less.
Use slim image for modeJS no reduce downloading time.
Remove installing npm 7 because nodeJS 16 already has npm 8 which the same like npm 7

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@pull-request-size pull-request-size bot added size/S and removed size/XS labels Sep 5, 2022
@villebro
Copy link
Member

villebro commented Sep 5, 2022

Thanks for the PR. I would advise splitting this PR in two:

  • First one changes from the full images to the slim ones
  • Second one bumps the main Python version from 3.8 to 3.9. In practice this would mean bumping the versions on CI so that 3.8 is replaced by 3.9 and 3.9 is replaced by 3.10.

Finally to get started with deprecating 3.8, we would need to notify the mailing list about the upcoming deprecation well in advance (3-6 months ahead of happening).

@EugeneTorap EugeneTorap changed the title chore: Use slim image in Dockerfile and bump python to 3.9 chore: Use slim image in Dockerfile Sep 5, 2022
villebro
villebro reviewed Sep 15, 2022
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment about npm version, other than that I think this is a great improvement 👍

Dockerfile Show resolved Hide resolved
villebro
villebro approved these changes Sep 16, 2022
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but would be interested in getting some other reviewers on this, as it's a pretty major change.

zhaoyongjie
zhaoyongjie approved these changes Sep 16, 2022
View reviewed changes
Copy link
Member

@zhaoyongjie zhaoyongjie left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, the only concern is whether slim image lacks some system tools or third-part tools(e.g. wget), If users don't depend on system tools in a container, it will be a safe change.

@EugeneTorap
Copy link
Contributor Author

EugeneTorap commented Sep 16, 2022
edited
Loading

@villebro @zhaoyongjie
It's good practice to use the final image as light as possible to reduce the number of vulnerabilities and downloading time.
Sure, after that, users need to install some system or third-part tools in our final image or manually build superset from full python image. But such users who customize the final image are a minority.

@EugeneTorap
Copy link
Contributor Author

@betodealmeida @dpgaspar ^^

@dpgaspar dpgaspar merged commit 7d2f07e into apache:master Sep 19, 2022
@mdeshmu
Copy link
Contributor

mdeshmu commented Sep 19, 2022

@EugeneTorap Thanks for a very useful change. Here is AWS ECR scan reports for comparison:

Before change:
Critical - 2
High - 19
Medium - 108

After Change:
Critical - 1
High - 6
Medium - 50

IMO, Its a big improvement. Bumping python to 3.9 should further reduce vulnerabilities as most of the remaining critical and high vulnerabilities are Linux related.

@EugeneTorap EugeneTorap deleted the chore/use-slim-python-3.9-in-docker branch September 19, 2022 12:47
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 2.1.0 and removed 🚢 2.1.3 labels Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@villebro villebro villebro approved these changes

@dpgaspar dpgaspar dpgaspar approved these changes

@zhaoyongjie zhaoyongjie zhaoyongjie approved these changes

@betodealmeida betodealmeida Awaiting requested review from betodealmeida

@craig-rueda craig-rueda Awaiting requested review from craig-rueda

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/S 🚢 2.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@EugeneTorap @villebro @mdeshmu @zhaoyongjie @dpgaspar @mistercrunch