[SPARCS TeaParty] Alpine Linux and Docker

Slide 1

Slide 1 text

Alpine Linux and Docker ӣળӝ SPARCS TeaParty Seoul 2017.4.23

Slide 2

Slide 2 text

• A wrapper around Linux container • Focus: build, run, share of layered container images

Slide 3

Slide 3 text

Reference Image Sizes (compressed) Image Size ubuntu:16.04 46 MB alpine:3.5 1.8 MB python:3.6 266 MB python:3.6-slim 76 MB python:3.6-alpine 29 MB

Slide 4

Slide 4 text

Some Size That Ma-ers Item Size build-essential1 50 MB downloaded, 192 MB installed 1 Ubuntu 16.04 package

Slide 5

Slide 5 text

Impact of Large Image Sizes in Docker • Increased registry push/pull 4me • Increased disk usage • CPU/RAM usage at run4me? – No public benchmarks yet

Slide 6

Slide 6 text

A security-oriented, lightweight Linux distribu7on based on musl libc and busybox. — Alpine Linux Website

Slide 7

Slide 7 text

How light-weight? • Minimal root ﬁlesystem tarball (gzipped): 1.9 MB • Standalone version incl. kernel (iso): 81.8 MB How possible? • musl libc: 4.7 MB (GNU libc 26.3 MB), both gzipped • BusyBox: 873 KB (incl. common Linux commands and a shell)

Slide 8

Slide 8 text

Common Dockerﬁle Pa/ern FROM ubuntu:16.04 RUN apt-get update RUN apt-get install build-essential RUN wget seomthing.tar.gz WORKDIR something RUN make && make install RUN apt-get remove build-essential Q. What's the problem here?

Slide 9

Slide 9 text

Common Technique to Reduce Size FROM ubuntu:16.04 RUN apt-get update RUN apt-get install build-essential && \ wget something.tar.gz && \ cd something && \ make && make install && \ apt-get remove build-essential

Slide 10

Slide 10 text

With Alpine Linux FROM alpine:3.5 RUN apk add --no-cache --virtual .build-deps build-base wget something.tar.gz && \ cd something && \ make && make install && \ apk del .build-deps • No repository index remaining • Clean removal of all depedent packages inside virtual package namespace

Slide 11

Slide 11 text

Op#miza#on Result Image Before3 A,er kernel-python3 4 1.44 GB 620 MB kernel-nodejs6 568 MB 62 MB kernel-php7 571 MB 48 MB kernel-lua5 408 MB 166 MB 4 Includes numpy, matplotlib, scipy, pandas, scikit-learn, ... 3 Not op'mized at all; just apt-get install-ed every dependencies

Slide 12

Slide 12 text

Caveat • musl libc s*cks strictly to standard APIs • Just copying binaries built on Ubuntu is not likely to work! • ldd (and Google) is your friend! # ldd /usr/bin/influx /lib64/ld-linux-x86-64.so.2 (0x55fc22b32000) libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x55fc22b32000) libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x55fc22b32000) Error relocating /usr/bin/influx: __vfprintf_chk: symbol not found

Slide 13

Slide 13 text

Docker's Counter-A0ack • docker build --squash (since v1.13) • Squashes all layers into a single layer a9er build • Preserves intermediate layers for build-cache locally (not published to registry) • MulB-stage builds (will be introduced in v17.05) • MulBple FROM statements in Dockerﬁle • Can copy ﬁles generated in former FROM stage containers