Upload
others
View
24
Download
0
Embed Size (px)
Citation preview
Minimal docker images
Based on Gentoo and Alpine Linux
Why reducing size of docker images is important● faster to deploy● more secure (no unnecessary software)● cheaper (less storage required)
Approaches1. From scratch (building statically linked binary)2. Using minimalistic distros (Alpine Linux)3. Using Gentoo Linux as a base
From scratch● best for tools (busybox, justone/dockviz)● no init system by default● for some interpreted languages (centurylink/goland-
builder for scripts in Go)
Images based on Alpine Linux
Images based on Alpine Linux - Pros● easy and quick to start● latest software available ● musl C library (instead of glibc)
Images based on Alpine Linux - Cons● OpenRC init system (no restart in case of termination,
PID 1 zombie problem, see references #4 and #5)● musl C library - some software use non-standard glibc
features● only recent version of software are available● no easy option to change compiled features for packages
Images based on Gentoo LinuxGentoo-bb https://github.com/edannenberg/gentoo-bb
Supported by Erik Dannenberg (from bbe-consulting.de)
“Build framework to produce minimal root file systems based on Gentoo. It's primarily intended for maintaining an organization's LXC base image stack(s), but can probably fairly easy (ab)used for other use cases involving a custom root fs, cross compiling comes to mind.”
List of pre-built images https://github.com/edannenberg/gentoo-bb/tree/master/dock/gentoobb/images
separation building and runtime dependencies
tree of images
Images based on Gentoo Linux - Pros● highly configurable (the same as Gentoo)
○ allows building packages with only required features○ supported choosing between glibc and musl C library
● easy to extend● proper init system for docker (s6)● straightforward hierarchical way of multi-layer images● build and runtime dependencies are separated● easy to see installed packages in images, PACKAGES.md
file generated as a part of build process● can be used as a tool for maintaining groups of
containers
Images based on Gentoo Linux - Cons● relatively long time to build locally first time (several
hours)● sometimes ebuilds don’t allow to install minimal
configurations (like dev-db/mysql)● you have to worry about rebuilding software when new
version is available (unless you are using pre-built images)
● people who are not familiar with Gentoo Linux might find this way of building containers too complex
Size comparison tablepackage name official docker
image size, MBgentoobb image size, MB
alpine image size, MB
nginx 135 17 7
mysql server 361 202 80 (imega/mysql)
oracle jre 8 NA 185 173 (anapsix/alpine-java)
openjdk-jre 7 343 - 123
ruby 2.3.0 725 52 125
SummaryBuilding from scratch may be handy for distribution tools/utils.
Try to use containers based on Alpine Linux for experiments and building some proof of concepts.
Try to use docker images produced by gentoo-bb build framework when you need to maintain set of docker images and want to have full control of your environment.
Questions
References1. Small Docker Images For Go Apps https://www.ctl.
io/developers/blog/post/small-docker-images-for-go-apps/2. Alpine Linux https://en.wikipedia.org/wiki/Alpine_Linux3. Musl C library http://www.musl-libc.org/intro.html4. Docker and the PID 1 zombie reaping problem https://blog.
phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/
5. A base Docker image for Alpine Linux with DNS fixes and S6 process manager, suitable for hosting environments https://github.com/sillelien/base-alpine
References6. Docker and S6 - My New Favorite Process Supervisor http://blog.tutum.co/2014/12/02/docker-and-s6-my-new-favorite-process-supervisor/
7. Java and Node.JS in Microcontainers with Docker http://sirile.github.io/docker/2014/12/04/java-and-nodejs-in-microcontainers-with-docker.html
8. Smaller Java images with Alpine Linux https://developer.atlassian.com/blog/2015/08/minimal-java-docker-containers/