Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use smaller base image (e.g. alpine, slim or even distroless) #650

Closed
GaryGSC opened this issue Oct 7, 2022 · 2 comments · Fixed by #664
Closed

Use smaller base image (e.g. alpine, slim or even distroless) #650

GaryGSC opened this issue Oct 7, 2022 · 2 comments · Fixed by #664
Labels
docker Pull requests that update Docker code enhancement New feature or request

Comments

@GaryGSC
Copy link
Member

GaryGSC commented Oct 7, 2022

This is generally a good thing for security and performance reasons. Smaller images lead to faster builds, faster deployments, faster startups, and smaller attack surfaces.

In regards to #214, I believe we can do this without impacting people's ability to drop in whatever container they'd like. However, as we make the example image a little more complicated, we distract from the CI/CD and IaC that's in here. 🤔

None of the these examples (alpine/slim or distroless) should affect our ability to use ARM-based containers (#389).
@GaryGSC GaryGSC added enhancement New feature or request docker Pull requests that update Docker code labels Oct 7, 2022
@GaryGSC
Copy link
Member Author

GaryGSC commented Oct 14, 2022

This article has some interesting reasoning that would lead us to use node:18.11.0-slim (or whatever the version number is once 18 becomes the LTS release). Version 18 defaults to bullseye, so there's no reason to be explicit about that.

@GaryGSC
Copy link
Member Author

GaryGSC commented Oct 14, 2022
edited
Loading

I believe I'm suggesting that we use -slim variants. We can probably even build with them (as opposed to needing a multi-stage build where we build using the standard image and then copy built files into a -slim-based image).

Here's my reasoning:

  • We fall into the use cases where the Node.js maintainers suggest that we use -slim images: we're working in environments where only our Node.js image will be deployed
  • At BYU, we occasionally use binaries that rely on glibc (like for our OracleDB connections), which precludes -alpine images because they're based on musl
  • The best examples we have of "complicated use-cases" at BYU are our images that use OracleDB binaries, which already build and run without issue using -slim
  • The devs that would want to use tools like curl/wget are the same devs that would feel comfortable adding an apt-get update && apt-get install -y curl step
  • Compared to the base image, -slim is almost as small as -alpine
  • There's a tiny learning curve for alpine-based images (e.g. apk is the default package manager instead of apt-get)
  • Distroless doesn't provide distinct releases based on specific Node.js versions, so we can't easily pin to minor or patch versions, therefore distroless images will be harder to manage than -slim images

@GaryGSC GaryGSC mentioned this issue Oct 14, 2022
Merged
@GaryGSC GaryGSC linked a pull request Oct 14, 2022 that will close this issue
Use Node.js 18 and switch to -slim images #664
Merged
@GaryGSC GaryGSC closed this as completed Oct 20, 2022
@GaryGSC GaryGSC mentioned this issue Nov 3, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docker Pull requests that update Docker code enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use Node.js 18 and switch to -slim images byu-oit/hw-fargate-api
1 participant
@GaryGSC