Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

try to minimise stats-server docker image size? #280

Open
alsuren opened this issue Sep 8, 2024 · 2 comments
Open

try to minimise stats-server docker image size? #280

alsuren opened this issue Sep 8, 2024 · 2 comments

Comments

@alsuren
Copy link
Collaborator

alsuren commented Sep 8, 2024 

          > We still need to deal with ca-certificates and other nonsense though (unless that gets vendored as well?).

Maybe we can try https://github.com/GoogleContainerTools/distroless

Distroless images are very small. The smallest distroless image, gcr.io/distroless/static-debian12, is around 2 MiB. That's about 50% of the size of alpine (~5 MiB), and less than 2% of the size of debian (124 MiB).

This is probably the bare minimum image with certification available.

Can't we just wait for debian-buster to ship the updated openlls+certs and rebuild the docker image?

We won't get any notification for the image, but we can have dependabot automatically opening PR to update rust dependencies and trigger redeployment.

Originally posted by @NobodyXu in #165 (comment)

(might tie into whatever we do with #277)
@polarathene
Copy link

If you're interested in a bit more flexibility for a minimum image Ubuntu with chisel works quite well. Presently though, it's not as ideal to leverage for the equivalent Google distroless image, but it might be in future if my feedback is taken into consideration.

Beyond those two, Fedora and OpenSUSE can use --installroot to make reasonably smaller images, how small depends on the packages (Fedora can do a glibc install that's about 16MB, half of which can be stripped away manually, while OpenSUSE Leap 15.6 is 10MB due to avoiding bash and other deps as a requirement).

Those two aren't too difficult to leverage, OpenSUSE --installroot doesn't seem to work as nicely when building in SELinux hosts due to how zypper works differently from dnf, and while it often has the benefit of a smaller size some packages are years out of date due to the long running Leap 15.x series, python still defaults to 3.6 for example.

Google distroless is the least hassle atm tbh, if you need some flexibility I'd go with Fedora for now, and keep an eye on Ubuntu + chisel improving.

@NobodyXu
Copy link
Member

NobodyXu commented Sep 9, 2024

Thank you!

That's an interesting read, we will try and see which one is easiest for us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alsuren @polarathene @NobodyXu