You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Docker Hub announced that all non-paying organizations will see their data deleted on April 14th (see this article). Turns out they won't delete existing public images (all our images are public) but we won't be able to publish new ones.
This has two important consequences:
We won't be able to push to docker.io anymore and our images won't be hosted there anymore. That would be the result of not switching to a Paid Plan.
We won't be able to build any image depending on source ones hosted on docker.io which would also be affected by this change: ie. using Free Teams Plan.
Should we pay?
No. This would only sort the first issue, which is the easiest to address and is probably a good move anyway.
Also, we don't want to support Docker Hub and their aggressive behaviors (it's the the first rude move from their part).
What needs to be done for publication?
All our images must push to ghcr.io only.
READMEs must be updated to point to ghcr.io for links and examples.
READMEs must be updated to badges independent of docker.io
We need to communicate (social media?) that we migrated all our images to ghcr.io
We need to delete our organization accounts (kiwix, openzim) on docker.io.
While docker stated that public images won't be deleted, some people (🙄) proactively delete their images from docker.io…
We probably shouldn't worry about that affecting us but it's an opportunity to assess our dependencies.
We should thus Identify all source (it can be chained) images used in all our Dockerfile for their status:
Is an Official Docker Image? Those are safe.
Is from a paid account or a personal or OSS one? Safe for now but heck whether available on another registry. Maybe open a ticket.
Is from a Free Team Organization? Create a ticket to follow-up: find out migration strategy: to another registry? ghcr ? to a personnal docker.io account?
Should it be updated (too old)? Maybe open a ticket.
This is all in reaction to DockerHub's erratic behavior. We'll have all our images stored on GHCR but still depends a lot on docker.io to function… but it's still a major part of the Docker ecosystem and it's unlikely to go away suddenly.
Archiving is a concerned. @kelson42 mentioned on Slack that he is “not convinced there is value in past Docker images”. It means that we wont transfer any docker.io-only image to ghcr.io.
I'd like @kelson42 to use this opportunity to lay out a general Docker image policy for the versioned repos. If we believe past images are useless, then we should be responsible registry users and delete them.
We could integrate that into the docker-publish-action so it's effortless. It could be a combination of age and number of more recent versions for instance.
The text was updated successfully, but these errors were encountered:
Docker Hub announced that all non-paying organizations will see their data deleted on April 14th (see this article). Turns out they won't delete existing public images (all our images are public) but we won't be able to publish new ones.
This has two important consequences:
and our images won't be hosted there anymore. That would be the result of not switching to a Paid Plan.Should we pay?
No. This would only sort the first issue, which is the easiest to address and is probably a good move anyway.
Also, we don't want to support Docker Hub and their aggressive behaviors (it's the the first rude move from their part).
What needs to be done for publication?
ghcr.iofor links and examples.kiwix,openzim) on docker.io.Update docker workflow
Most of our repos uses our docker-publish-action.
uses: openzim/docker-publish-action@v10. This now defaults toghcr.ioonly. If update not wanted, setregistries: ghcr.ioDOCKERIO_*lines incredentials. Not mandatory but cleaner as not used anymore.Update badges
img.shields.io doesnt have ghcr.io badges (because it requires API autehnticated/quota requests) yet. In the mean time, we have two alternatives:
Images using
latestonlyUse a static badge
Versioned images
Use (temporarily) an external service that will most likely not handle traffic at some point
What needs to be done for building?
While docker stated that public images won't be deleted, some people (🙄) proactively delete their images from docker.io…
We probably shouldn't worry about that affecting us but it's an opportunity to assess our dependencies.
We should thus Identify all source (it can be chained) images used in all our Dockerfile for their status:
base-httpdalpine:3(DOI)captive-portalalpine:3.16(DOI)dashboardcaddy:2.6.1-alpine(DOI)edupipython:3.8.14-slim-bullseye(DOI)file-browsercaddy:2.6.1-alpine(DOI)hwclockalpine:3.16(DOI)kiwix-servedebian:bullseye-slim alpine:3(DOI)reverse-proxycaddy:2.6.1-alpine(DOI)wikifundidebian:bullseye-slim(DOI)managertiangolo/uwsgi-nginx:python3.8(CU)schedulertiangolo/uwsgi-nginx:python3.8(CU)workerrgaudin/python-ubuntu:3.8-18.04(CU)ubuntu:18.04(DOI)mcr.microsoft.com/windows/servercore:ltsc2019python:3.8-slim-buster(DOI)nginx:1.21.3(DOI)ghcr.io/offspot/mediawiki:1.36.1emscripten/emsdk:2.0.25(CO)alpine:3.16ubuntu:bionicfedora:35ubuntu:focalghcr.io/kiwix/kiwix-build_ci_*ghcr.io/kiwix/kiwix-build_ci_*debian:bullseye-slim(DOI)ghcr.io/kiwix/kiwix-build_ci_*alpine:3.16(DOI)kiwix/kiwix-tools#608nginx:latest(DOI)kiwix/kiwix-js-pwa#384debian:buster-slimdropboxdebian:11-slim(DOI)mirrorbrainhttpd:2.4.43(DOI)matomomatomo:4.13.3-fpm(DOI)matomo-log-analyticsdebian:bullseye-slim(DOI)openzim/surfernode:16-bullseye(DOI)bittorrent-trackerdebian:buster-slim(DOI)netdataghcr.io/netdata/netdata:v1.38netdata/netdata:v1.35)docker.io/alpine:3docker.io/mongo:4.2.9docker.io/mariadb:10.4docker.io/nginx:1.21docker.io/postgres:10.4docker.io/postgres:11docker.io/mysql:8-debiandocker.io/bitnami/minidebdocker.io/bitnami/nginx:1.21docker.io/bash:5-alpine3.15docker.io/varnish:7.1-alpine(DOI)docker.io/gimoh/pureftpd:latest(CU)docker.io/vimagick/rsyncd:latest(CU) ❌docker.io/kiwix/watcherbot:latestalpine:3(DOI)openzim/zim-tools#337emscripten/emsdk:3.1.12(CO)mysql:5.7mysql:8.0.30redisnode:lts-alpinenginx:stable-alpinepython:3.9mariadb:10.1(DOI)jwilder/nginx-proxyjrcs/letsencrypt-nginx-proxy-companion(CU) ✅ghcr.io/kiwix/borg-backup:latestopenzim/wp1#594python:3.8-busteralpine:edgepython:3.10-alpinenode:14-alpinelibrary/nginx:mainline-alpinergaudin/uwsgi-nginx:python3.8(CU) ✅ghcr.io/netdata/netdata:v1.38(CO)redisredis:7(DOI) ✅ghcr.io/openzim/node-redis:18-7openzim/mwoffliner#1812openzim/mwoffliner#1813node:18(DOI)python:3.11-bullseye(DOI)python:3.11-bullseye(DOI)python:3.8(DOI)webrecorder/browsertrix-crawler:0.8.1(CO)node:14-alpinelibrary/nginx:mainline-alpine(DOI)tiangolo/uvicorn-gunicorn:python3.10-slim(CU)redis:6.2.4-busterpython:3.8-slimpython:3.8python:3.8(DOI)python:3.8-slim(DOI)python:3.8(DOI)python:3.8-slim(DOI)python:3.8(DOI)ubuntu:20.04(DOI)node:14-alpine(DOI)tiangolo/uwsgi-nginx:python3.8(CU)What's Next?
This is all in reaction to DockerHub's erratic behavior. We'll have all our images stored on GHCR but still depends a lot on docker.io to function… but it's still a major part of the Docker ecosystem and it's unlikely to go away suddenly.
Archiving is a concerned. @kelson42 mentioned on Slack that he is “not convinced there is value in past Docker images”. It means that we wont transfer any docker.io-only image to ghcr.io.
I'd like @kelson42 to use this opportunity to lay out a general Docker image policy for the versioned repos. If we believe past images are useless, then we should be responsible registry users and delete them.
We could integrate that into the docker-publish-action so it's effortless. It could be a combination of age and number of more recent versions for instance.
The text was updated successfully, but these errors were encountered: