CentOS 8 is dead: choosing a replacement Docker image

For many years, CentOS provided a free, binary-compatible version of RedHat Enterprise Linux (RHEL). But as of January 2022, CentOS 8 has reached its end-of-life, even as RHEL 8 will still be supported for many years.

So if you’ve been using centos:8 as your base Docker image, what should you use now?

Motivation: a stable, long-term-support base image

RHEL 8 was released in May 2019, will continue to get full support until May 2024, and security updates until May 2029. RedHat has also added support for software that has been released since 2019, so you can for example install Python 3.9.

A Linux distribution that guarantees backwards compatibility, has good long-term availability of security updates, and also adds new packages over time makes a good Docker base image. But RHEL 8 is a commercial product.

This is where the centos:8 image came in handy: it was the same packages as RHEL, just rebuilt without RedHat’s branding (and without RedHat’s commercial support, of course.) But now CentOS 8 is dead. Going forward, there is still a product called CentOS Stream, but it doesn’t provide the stability the old CentOS did, so it’s not suitable for a Docker base image.

What base image should you use instead, if you still want to the equivalent of the old CentOS? Specifically, the goal is free images that are compatible with RHEL8.

Option #1: AlmaLinux, Oracle Linux, and RockyLinux

Oracle Linux (oraclelinux on Docker Hub) is a pre-existing clone of RedHat Enterprise Linux, maintained by Oracle. You can commercial support, but you can also just use it for free.

And with CentOS in its old form gone, two projects are trying to replace it:

  • AlmaLinux was created by CloudLinux, a commercial Linux vendor who used to base their product on CentOS. The Docker image is almalinux.
  • RockyLinux was started by one of the original creators of CentOS. The Docker image is rockylinux.

In both cases, the goal is the same: provide a free, binary-compatible repackaging of RedHat Enterprise Linux. Given their goal of being as close as possible to RHEL, distinguishing between them is a little difficult, especially when it comes to Docker base images that don’t even have an installer.

All the images give you access to the equivalent of the full RHEL package repositories:

$ docker run almalinux yum list available | wc -l
$ docker run rockylinux yum list available | wc -l
$ docker run oraclelinux:8 yum list available | wc -l

I am not sure why Oracle Linux has more packages.

Option #2: RedHat’s Universal Base Image

RedHat has started providing its own free base Docker images, in a number of variants, known as “Universal Base Images” or UBI. The four basic variants are:

  • The standard image, with the package installer (yum), and commonly-used utilities and libraries.
  • A smaller minimal image that still includes a package installer, just enough to bootstrap your application.
  • A micro variant, which doesn’t even include a package installer; this is useful for multi-stage builds in languages like Rust or Go where you don’t need a runtime, for example.
  • A version with an init script so you can run multiple services; this is usually not what you want.

There are also some language-specific variants, e.g. Python images.

You can get these images from redhat/ubi8 and friends or from RedHat’s container image registry. The latter’s search UI seemed broken as of Jan 4, 2022, but there’s many more UBI variant images there than in the first link… if you can find them somehow.

These images give you access to the official RedHat packages. However, unlike RockyLinux and AlmaLinux, only a subset of RHEL’s package repositories are available:

$ docker run redhat/ubi8 yum list available | wc -l

So that’s ~5000 more packages available in AlmaLinux and RockyLinux. In practice, for most use cases this subset of the package repositories is likely sufficient. Many Python applications will never install any Linux distribution packages at all beyond a couple of libraries.

Option #3: Switching distributions

Especially for cases where you don’t rely much on the base operating system packages, there’s nothing stopping you from switching to some other Linux distribution like Debian or Ubuntu. For Python, see my guide to the best Docker base image for Python.

The most important point: stop using CentOS 8

Most of the time, as long as you stick to a stable Linux distribution with security updates, your choice of base Docker image doesn’t matter too much. The important thing to remember is that CentOS 8 no longer qualifies: it will no longer receive security updates.

So if you’re using it right now, just make sure you pick something as a replacement and upgrade all your images.