Minimal docker images

Based on Gentoo and Alpine Linux

Why reducing size of docker images is important● faster to deploy● more secure (no unnecessary software)● cheaper (less storage required)

Approaches1. From scratch (building statically linked binary)2. Using minimalistic distros (Alpine Linux)3. Using Gentoo Linux as a base

From scratch● best for tools (busybox, justone/dockviz)● no init system by default● for some interpreted languages (centurylink/goland-

builder for scripts in Go)

Images based on Alpine Linux

Images based on Alpine Linux - Pros● easy and quick to start● latest software available ● musl C library (instead of glibc)

Images based on Alpine Linux - Cons● OpenRC init system (no restart in case of termination,

PID 1 zombie problem, see references #4 and #5)● musl C library - some software use non-standard glibc

features● only recent version of software are available● no easy option to change compiled features for packages

Images based on Gentoo LinuxGentoo-bb https://github.com/edannenberg/gentoo-bb

Supported by Erik Dannenberg (from bbe-consulting.de)

“Build framework to produce minimal root file systems based on Gentoo. It's primarily intended for maintaining an organization's LXC base image stack(s), but can probably fairly easy (ab)used for other use cases involving a custom root fs, cross compiling comes to mind.”

List of pre-built images https://github.com/edannenberg/gentoo-bb/tree/master/dock/gentoobb/images

separation building and runtime dependencies

tree of images

Images based on Gentoo Linux - Pros● highly configurable (the same as Gentoo)

○ allows building packages with only required features○ supported choosing between glibc and musl C library

● easy to extend● proper init system for docker (s6)● straightforward hierarchical way of multi-layer images● build and runtime dependencies are separated● easy to see installed packages in images, PACKAGES.md

file generated as a part of build process● can be used as a tool for maintaining groups of

containers

Images based on Gentoo Linux - Cons● relatively long time to build locally first time (several

hours)● sometimes ebuilds don’t allow to install minimal

configurations (like dev-db/mysql)● you have to worry about rebuilding software when new

version is available (unless you are using pre-built images)

● people who are not familiar with Gentoo Linux might find this way of building containers too complex

Size comparison tablepackage name official docker

image size, MBgentoobb image size, MB

alpine image size, MB

nginx 135 17 7

mysql server 361 202 80 (imega/mysql)

oracle jre 8 NA 185 173 (anapsix/alpine-java)

openjdk-jre 7 343 - 123

ruby 2.3.0 725 52 125

SummaryBuilding from scratch may be handy for distribution tools/utils.

Try to use containers based on Alpine Linux for experiments and building some proof of concepts.

Try to use docker images produced by gentoo-bb build framework when you need to maintain set of docker images and want to have full control of your environment.

Questions

References1. Small Docker Images For Go Apps https://www.ctl.

io/developers/blog/post/small-docker-images-for-go-apps/2. Alpine Linux https://en.wikipedia.org/wiki/Alpine_Linux3. Musl C library http://www.musl-libc.org/intro.html4. Docker and the PID 1 zombie reaping problem https://blog.

phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/

5. A base Docker image for Alpine Linux with DNS fixes and S6 process manager, suitable for hosting environments https://github.com/sillelien/base-alpine

References6. Docker and S6 - My New Favorite Process Supervisor http://blog.tutum.co/2014/12/02/docker-and-s6-my-new-favorite-process-supervisor/

7. Java and Node.JS in Microcontainers with Docker http://sirile.github.io/docker/2014/12/04/java-and-nodejs-in-microcontainers-with-docker.html

8. Smaller Java images with Alpine Linux https://developer.atlassian.com/blog/2015/08/minimal-java-docker-containers/