Assessing Alpine linux in terms of security & support

From cyber perspective, I have concerns below:

a) As Alpine is rare, how many agents esp SIEM agents (Splunk,
    Alienvault, Trustwave/Spiderlabs) could install on it or this
    is irrelevant as it's the Base OS (we use RHEL) that matters?

b) in terms of virtual patching, I may want to use Trendmicro
    Deep Security but DS agents dont install on Alpine or we
    just need to install on Base OS & not the Container instances
    /image?

c) Possibly other agents like backup (or this doesn't matter as
    we backup the image?) & other tools that we may want to
    install agents in future??

d) Refer to the Wiki link above: each Alpine release lasts only
    about 2 years, very short lifecycle while RHEL (or CentOS
   as well) lasts 4-5 years usually: so we'll have to keep tech
   -refreshing Alpine every 2 years or is tech-refreshing
   Alpine in container environment is a trivial task?

e) Anyone has encountered penetration (blackbox or greybox
    or apps pentest) in Alpine environment & how easy it is to
    fix?  With an endpoint IPS, I can close many XSS & other
    findings more easily

Q1:
Ok, Alpine has apk.  Suppose we want something like Satellite or
only permit 1 Alpine to pull patches down into a repository & the
rest of the Alpine in our set-up gets their patches from this
repository, does Alpine offers anything of this nature?

Do we pay subscription to get Alpine support like the way we pay
subscription to RedHat & if so, is Alpine's support/subscription
 fee based on per Alpine endpoint?

Item c  is quite crucial: regulators & auditors require PAM (eg: Cyberark,
Thycotic, TPAM) whenever there's privileged access.

Reckon the 3 PAM  I indicated above requires their agents to be installed
in the endpoint without which, it won't work or there's no agent required?
We won't get past our regulators (2 of them) & auditors without a PAM.

As noci suggested, if you really require Alpine (you haven't explained why yet), you'll dig into each question by install Alpine + testing.

David, it's the apps architect's
recommendation n I'm still
brainstorming with him.

Have seen a site showing Intel's
CleanLinux offers best performance while Alpine
is below average relative to
other distros like Debian,
CentOS, Ubuntu

noci actually said this more clearly than my rambling.

Support, to me, is always my first consideration which dictates I use Ubuntu.

If upstream support is flawed, this means project time/budget overruns occur, which is unacceptable with tightly controlled projects.

noci also provides clarity about I/O. If you use a VM based system of any kind, you'll do 2x or more I/O for every 1x I/O, which is a performance killer. This is why I only use LAMP stacks running in LXD containers, so all processes run at bare metal speed.

Still be best if you open a 2nd question describing your project specifics, asking for design suggestions.

Or hire 10x smart people for 1 hour of consulting. Have each person design your system for you. Roll in the best of all the design suggestion, into your final design.

Thanks very much.

Found some links on docker performance on various distros:

https://www.phoronix.com/scan.php?page=article&item=docker-summer-2018&num=4
https://www.phoronix.com/scan.php?page=article&item=docker-os-tests&num=2
https://dev.to/asyazwan/moving-away-from-alpine-30n4

You're welcome!

Tip: Whether you use Docker or LXD depends heavily on your application.

1) Microservices (with no persistent data across boots) use Docker.

2) Websites/Apps (requiring any persistent data across boots, like MariaDB/MySQL) use LXD.

If you violate this, for example trying to use Docker to implement a LAMP Stack, you must first redevelop some ad-hoc LXD like data management system for your SQL data files, which will be far more fragile than LXD.

Be sure to use the correct tech for your project.

Suggestion: Open another question... maybe titled... "LXD or Docker for project"... then describe your project + ask for design assistance.