Skip to content

[RFD]: Create a recommended list of base docker images #130

Open
Open
[RFD]: Create a recommended list of base docker images#130
Labels
rfdRequest for Discussion
@shunr-hpe

Description

@shunr-hpe
shunr-hpe
opened on May 28, 2026

Decision Goal

A list of recommended docker base images, and recommended best practices for docker images.

Category

Other

Stakeholders / Affected Areas

No response

Decision Needed By

No response

Problem Statement

We should create a recommended list of docker images, and have links to some projects as examples. This list could be put in the community project or linked from there.

This list could answer questions like

  1. Should we favor ubuntu or debian?
  2. Should we favor wolfi-base or alpine?
  3. Is it ok to use the latest tag? I assume it isn't, however, is there an exception needed for wolfi-base?

It could be something like

  1. Use distroless debian when possible
  2. Then use alpine
  3. Then use debian
  4. Run as a non-root user
  5. Use a specific tag. i.e. 3.4 instead of latest
  6. Prefer using a tag to the Minor version level. i.e. 3.4 instead of just 3.
  7. Use any base image, until we think it is something worthwhile questioning In general try to use as small of an image and as secure of an image as possible.

We should link to some examples in OpenCHAMI. For example, one for each type of project

  1. fabrica go service
  2. fabrica go service that uses SQLite
  3. python script
  4. etc.

Proposed Solution

No response

Alternatives Considered

No response

Other Considerations

No response

Related Docs / PRs

The following tables show the currently used base images.

Product Images

Image Versions Projects
almalinux 8 aria2-initrd
alpine 3, latest tokensmith, fabrica
cgr.dev/chainguard/wolfi-base latest bss, configurator, csm-redfish-interface-emulator, dnsmasq-dhcpd, kea-sync, local-ca, ochami-init, opaal, openchami-mcp
chainguard/wolfi-base latest magellan, power-control, smd
debian bookworm-slim inventory-service
docker.io/chainguard/wolfi-base latest coresmd
gcr.io/distroless/static-debian12 nonroot boot-service, fru-tracker, metadata-service
ghcr.io/orange-opensource/hurl latest hurl-test
python 3.12-slim-bookworm marvin
rockylinux 8.9 TPM-manager
ubuntu 24.04 cloud-init, remote-console

Development Images

Image Versions Projects
alpine latest magellan, remote-console
arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 csm-redfish-interface-emulator, remote-console
artifactory.algol60.net/csm-docker/stable/docker.io/library/alpine 3.21 smd
artifactory.algol60.net/csm-docker/stable/hms-test 5.3.0 smd
artifactory.algol60.net/docker.io/alpine 3.15 smd
cgr.dev/chainguard/python latest dnsmasq-dhcpd
cgr.dev/chainguard/wolfi-base latest local-ca, quickstart-utilities
chainguard/wolfi-base latest power-control, smd
devopsfaith/krakend latest krakend-container
docker.io/almalinux/8-minimal latest image-builder
docker.io/alpine 3 power-control, remote-console
docker.io/chainguard/wolfi-base latest coresmd
docker.io/library/almalinux 8.8, 9.6 image-builder
docker.io/library/alpine 3.15 power-control, smd
docker.io/library/golang 1.24-alpine power-control, remote-console
docker.io/library/python 3.13-slim power-control
gcr.io/distroless/static-debian12 nonroot boot-service
golang 1.24-bookworm cloud-init, power-control, remote-console
mcr.microsoft.com/devcontainers/go 1-1.20-bullseye magellan
python 3.14.2-alpine3.23 inventory-service
registry.suse.com/suse/sle15 15.5 image-builder
rockylinux 8.9 dnsmasq-dhcpd

All Dockerfiles

Project Name File Base Image Version Use
aria2-initrd Dockerfile almalinux 8 Product
boot-service Dockerfile gcr.io/distroless/static-debian12 nonroot Product
boot-service Dockerfile.standalone gcr.io/distroless/static-debian12 nonroot Development
bss Dockerfile cgr.dev/chainguard/wolfi-base latest Product
cloud-init Dockerfile ubuntu 24.04 Product
cloud-init Dockerfile.debug golang 1.24-bookworm Development
configurator Dockerfile cgr.dev/chainguard/wolfi-base latest Product
coresmd Dockerfile docker.io/chainguard/wolfi-base latest Product
coresmd Dockerfile.build docker.io/chainguard/wolfi-base latest Development
csm-redfish-interface-emulator Dockerfile cgr.dev/chainguard/wolfi-base latest Product
csm-redfish-interface-emulator mockups/DL325/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
csm-redfish-interface-emulator mockups/EX235a/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
csm-redfish-interface-emulator mockups/EX235n/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
csm-redfish-interface-emulator mockups/EX420/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
csm-redfish-interface-emulator mockups/EX425/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
csm-redfish-interface-emulator mockups/public-rackmount1/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
csm-redfish-interface-emulator mockups/XL675d_A40/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
dnsmasq-dhcpd Dockerfile cgr.dev/chainguard/wolfi-base latest Product
dnsmasq-dhcpd Dockerfile.loader cgr.dev/chainguard/python latest Development
dnsmasq-dhcpd examples/static-example/Dockerfile rockylinux 8.9 Development
fabrica Dockerfile alpine latest Product
fru-tracker Dockerfile gcr.io/distroless/static-debian12 nonroot Product
hurl-test Dockerfile ghcr.io/orange-opensource/hurl latest Product
image-builder dockerfiles/dnf/Dockerfile docker.io/library/almalinux 8.8 Development
image-builder dockerfiles/dnf/Dockerfile.el9 docker.io/library/almalinux 9.6 Development
image-builder dockerfiles/dnf/Dockerfile.minimal docker.io/almalinux/8-minimal latest Development
image-builder dockerfiles/zypper/Dockerfile registry.suse.com/suse/sle15 15.5 Development
inventory-service Dockerfile debian bookworm-slim Product
inventory-service tests/pytests/Dockerfile python 3.14.2-alpine3.23 Development
kea-sync Dockerfile cgr.dev/chainguard/wolfi-base latest Product
krakend-container krakend-acme/Dockerfile devopsfaith/krakend latest Development
local-ca Dockerfile cgr.dev/chainguard/wolfi-base latest Product
local-ca Dockerfile.acme cgr.dev/chainguard/wolfi-base latest Development
magellan Dockerfile chainguard/wolfi-base latest Product
magellan .devcontainer/Dockerfile mcr.microsoft.com/devcontainers/go 1-1.20-bullseye Development
magellan emulator/Dockerfile alpine latest Development
marvin Dockerfile python 3.12-slim-bookworm Product
metadata-service Dockerfile gcr.io/distroless/static-debian12 nonroot Product
ochami-init Dockerfile cgr.dev/chainguard/wolfi-base latest Product
opaal Dockerfile cgr.dev/chainguard/wolfi-base latest Product
openchami-mcp Dockerfile cgr.dev/chainguard/wolfi-base latest Product
power-control Dockerfile chainguard/wolfi-base latest Product
power-control Dockerfile.build chainguard/wolfi-base latest Development
power-control Dockerfile.ct.Dockerfile docker.io/alpine 3 Development
power-control Dockerfile.debug golang 1.24-bookworm Development
power-control Dockerfile.pprof docker.io/alpine 3 Development
power-control Dockerfile.test.unit.Dockerfile docker.io/library/golang 1.24-alpine Development
power-control test/ct/Dockerfile docker.io/library/python 3.13-slim Development
power-control test/ct/Dockerfile.wait-for-smd.Dockerfile docker.io/library/alpine 3.15 Development
quickstart-utilities jwks-loader/Dockerfile cgr.dev/chainguard/wolfi-base latest Development
remote-console Dockerfile ubuntu 24.04 Product
remote-console Dockerfile.debug golang 1.24-bookworm Development
remote-console Dockerfile.integration.Dockerfile docker.io/alpine 3 Development
remote-console Dockerfile.integration.test docker.io/library/golang 1.24-alpine Development
remote-console ipmi_sim/Dockerfile alpine latest Development
remote-console test/redfish-emulator-mocks/ipmi/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
remote-console test/redfish-emulator-mocks/ssh/Dockerfile arti.dev.cray.com/baseos-docker-master-local/alpine 3.13 Development
smd Dockerfile chainguard/wolfi-base latest Product
smd Dockerfile.CSM artifactory.algol60.net/docker.io/alpine 3.15 Development
smd Dockerfile.pprof chainguard/wolfi-base latest Development
smd test/Dockerfile docker.io/library/alpine 3.15 Development
smd test/ct/Dockerfile artifactory.algol60.net/csm-docker/stable/hms-test 5.3.0 Development
smd test/ct/Dockerfile.wait-for-smd.Dockerfile artifactory.algol60.net/csm-docker/stable/docker.io/library/alpine 3.21 Development
tokensmith Dockerfile alpine 3 Product
TPM-manager Dockerfile rockylinux 8.9 Product

Metadata

Metadata

Assignees

No one assigned

    Labels

    rfdRequest for Discussion

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    TSC Dashboard

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions