CentOS 8 is dead: choosing a replacement Docker image
For many years, CentOS provided a free, binary-compatible version of RedHat Enterprise Linux (RHEL). But as of January 2022, CentOS 8 has reached its end-of-life, even as RHEL 8 will still be supported for many years.
So if you’ve been using
centos:8 as your base Docker image, what should you use now?
Motivation: a stable, long-term-support base image
RHEL 8 was released in May 2019, will continue to get full support until May 2024, and security updates until May 2029. RedHat has also added support for software that has been released since 2019, so you can for example install Python 3.9.
A Linux distribution that guarantees backwards compatibility, has good long-term availability of security updates, and also adds new packages over time makes a good Docker base image. But RHEL 8 is a commercial product.
This is where the
centos:8 image came in handy: it was the same packages as RHEL, just rebuilt without RedHat’s branding (and without RedHat’s commercial support, of course.)
But now CentOS 8 is dead.
Going forward, there is still a product called CentOS Stream, but it doesn’t provide the stability the old CentOS did, so it’s not suitable for a Docker base image.
What base image should you use instead, if you still want to the equivalent of the old CentOS? Specifically, the goal is free images that are compatible with RHEL8.
Option #1: AlmaLinux, Oracle Linux, and RockyLinux
Oracle Linux (
oraclelinux on Docker Hub) is a pre-existing clone of RedHat Enterprise Linux, maintained by Oracle.
You can commercial support, but you can also just use it for free.
And with CentOS in its old form gone, two projects are trying to replace it:
- AlmaLinux was created by CloudLinux, a commercial Linux vendor who used to base their product on CentOS.
The Docker image is
- RockyLinux was started by one of the original creators of CentOS.
The Docker image is
In both cases, the goal is the same: provide a free, binary-compatible repackaging of RedHat Enterprise Linux. Given their goal of being as close as possible to RHEL, distinguishing between them is a little difficult, especially when it comes to Docker base images that don’t even have an installer.
All the images give you access to the equivalent of the full RHEL package repositories:
$ docker run almalinux yum list available | wc -l 6904 $ docker run rockylinux yum list available | wc -l 6883 $ docker run oraclelinux:8 yum list available | wc -l 9001
I am not sure why Oracle Linux has more packages.
Option #2: RedHat’s Universal Base Image
RedHat has started providing its own free base Docker images, in a number of variants, known as “Universal Base Images” or UBI. The four basic variants are:
- The standard image, with the package installer (
yum), and commonly-used utilities and libraries.
- A smaller minimal image that still includes a package installer, just enough to bootstrap your application.
- A micro variant, which doesn’t even include a package installer; this is useful for multi-stage builds in languages like Rust or Go where you don’t need a runtime, for example.
- A version with an init script so you can run multiple services; this is usually not what you want.
There are also some language-specific variants, e.g. Python images.
You can get these images from
redhat/ubi8 and friends or from RedHat’s container image registry.
The latter’s search UI seemed broken as of Jan 4, 2022, but there’s many more UBI variant images there than in the first link… if you can find them somehow.
These images give you access to the official RedHat packages. However, unlike RockyLinux and AlmaLinux, only a subset of RHEL’s package repositories are available:
$ docker run redhat/ubi8 yum list available | wc -l 1673
So that’s ~5000 more packages available in AlmaLinux and RockyLinux. In practice, for most use cases this subset of the package repositories is likely sufficient. Many Python applications will never install any Linux distribution packages at all beyond a couple of libraries.
Option #3: Switching distributions
Especially for cases where you don’t rely much on the base operating system packages, there’s nothing stopping you from switching to some other Linux distribution like Debian or Ubuntu. For Python, see my guide to the best Docker base image for Python.
The most important point: stop using CentOS 8
Most of the time, as long as you stick to a stable Linux distribution with security updates, your choice of base Docker image doesn’t matter too much. The important thing to remember is that CentOS 8 no longer qualifies: it will no longer receive security updates.
So if you’re using it right now, just make sure you pick something as a replacement and upgrade all your images.
The concise and pragmatic guide to Docker packaging for production
Docker packaging for production is complicated, with as many as 70+ best practices to get right. And you want small images, fast builds, and your Python application running securely.
Take the fast path to learning best practices, by using the Python on Docker Production Handbook.
Learn practical Python software engineering skills you can use at your job
Too much to learn? Don't know where to start?
Sign up for my newsletter, and join over 4900 Python developers and data scientists learning practical tools and techniques, from Docker packaging to testing to Python best practices, with a free new article in your inbox every week.