[SPARCS TeaParty] Alpine Linux and Docker

Transcript

1. Alpine Linux and Docker ӣળӝ SPARCS TeaParty Seoul 2017.4.23

2. • A wrapper around Linux container • Focus: build, run,

   share of layered container images

3. Reference Image Sizes (compressed) Image Size ubuntu:16.04 46 MB alpine:3.5

   1.8 MB python:3.6 266 MB python:3.6-slim 76 MB python:3.6-alpine 29 MB

4. Some Size That Ma-ers Item Size build-essential1 50 MB downloaded,

   192 MB installed 1 Ubuntu 16.04 package

5. Impact of Large Image Sizes in Docker • Increased registry

   push/pull 4me • Increased disk usage • CPU/RAM usage at run4me? – No public benchmarks yet

6. A security-oriented, lightweight Linux distribu7on based on musl libc and

   busybox. — Alpine Linux Website

7. How light-weight? • Minimal root filesystem tarball (gzipped): 1.9 MB

   • Standalone version incl. kernel (iso): 81.8 MB How possible? • musl libc: 4.7 MB (GNU libc 26.3 MB), both gzipped • BusyBox: 873 KB (incl. common Linux commands and a shell)

8. Common Dockerfile Pa/ern FROM ubuntu:16.04 RUN apt-get update RUN apt-get

   install build-essential RUN wget seomthing.tar.gz WORKDIR something RUN make && make install RUN apt-get remove build-essential Q. What's the problem here?

9. Common Technique to Reduce Size FROM ubuntu:16.04 RUN apt-get update

   RUN apt-get install build-essential && \ wget something.tar.gz && \ cd something && \ make && make install && \ apt-get remove build-essential

10. With Alpine Linux FROM alpine:3.5 RUN apk add --no-cache --virtual

    .build-deps build-base wget something.tar.gz && \ cd something && \ make && make install && \ apk del .build-deps • No repository index remaining • Clean removal of all depedent packages inside virtual package namespace

11. Op#miza#on Result Image Before3 A,er kernel-python3 4 1.44 GB 620

    MB kernel-nodejs6 568 MB 62 MB kernel-php7 571 MB 48 MB kernel-lua5 408 MB 166 MB 4 Includes numpy, matplotlib, scipy, pandas, scikit-learn, ... 3 Not op'mized at all; just apt-get install-ed every dependencies

12. Caveat • musl libc s*cks strictly to standard APIs •

    Just copying binaries built on Ubuntu is not likely to work! • ldd (and Google) is your friend! # ldd /usr/bin/influx /lib64/ld-linux-x86-64.so.2 (0x55fc22b32000) libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x55fc22b32000) libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x55fc22b32000) Error relocating /usr/bin/influx: __vfprintf_chk: symbol not found

13. Docker's Counter-A0ack • docker build --squash (since v1.13) • Squashes

    all layers into a single layer a9er build • Preserves intermediate layers for build-cache locally (not published to registry) • MulB-stage builds (will be introduced in v17.05) • MulBple FROM statements in Dockerfile • Can copy files generated in former FROM stage containers