search

jordanpotter / docker-wireguard

Simple image for running a WireGuard client with a kill switch
MIT License
143 stars 37 forks source link

Switch base image from Ubuntu to Alpine #9

Closed JakeWharton closed 3 years ago

JakeWharton commented 3 years ago

This dramatically reduces the size of the container from hundreds of MiBs to just over ten.

BEFORE

$ docker history ea2d6da4cbdc
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
ea2d6da4cbdc        27 seconds ago      /bin/sh -c #(nop)  ENTRYPOINT ["/entrypoint.…   0B
2c7e3f0de3c8        27 seconds ago      /bin/sh -c #(nop) COPY file:ad76fe44d1402628…   1.44kB
1a29ca960363        29 seconds ago      /bin/sh -c apt-get update && apt-get install…   367MB
f643c72bc252        12 days ago         /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B
<missing>           12 days ago         /bin/sh -c mkdir -p /run/systemd && echo 'do…   7B
<missing>           12 days ago         /bin/sh -c [ -z "$(apt-get indextargets)" ]     0B
<missing>           12 days ago         /bin/sh -c set -xe   && echo '#!/bin/sh' > /…   811B
<missing>           12 days ago         /bin/sh -c #(nop) ADD file:4f15c4475fbafb3fe…   72.9MB

AFTER

$ docker history 6b71b07e8ccd
IMAGE               CREATED              CREATED BY                                      SIZE                COMMENT
6b71b07e8ccd        About a minute ago   /bin/sh -c #(nop)  ENTRYPOINT ["/entrypoint.…   0B
898dbb77c8ce        About a minute ago   /bin/sh -c #(nop) COPY file:ad76fe44d1402628…   1.44kB
8470d1ebb9cb        About a minute ago   /bin/sh -c apk add --no-cache       openreso…   7.37MB
d6e46aa2470d        6 weeks ago          /bin/sh -c #(nop)  CMD ["/bin/sh"]              0B
<missing>           6 weeks ago          /bin/sh -c #(nop) ADD file:f17f65714f703db90…   5.57MB

I have tested this change by running

$ docker run -it --rm --net=container:wireguard-alpine appropriate/curl http://httpbin.org/ip

which succeeds. I don't really know how to test it beyond that.

This is a breaking change

If you consider that your container may have been used a base image, this is a breaking change. Consumers will no longer have access to software from the Ubuntu image and apt-get to install packages.

As a result, it should probably be tagged 2.0.0.

This PR obsoletes #8.

jordanpotter commented 3 years ago

Hey @JakeWharton, this is a brilliant PR. Thanks for spending the time to improve this!

Everything looks good, but I'd like to be thorough. I'll spend some time in the next few days double-checking everything on a few operating systems.

And completely agreed, this is worthy of 2.0.0 👍

JakeWharton commented 3 years ago

Sounds good!

I have a friend who is bravely using this in production with success, as one data point.

jordanpotter commented 3 years ago

Oh excellent! On chance do you recall what operating system and kernel they're running on?

burntcookie90 commented 3 years ago 

$ uname -a
Linux Pterodactyl2 4.19.107-Unraid #1 SMP Thu Mar 5 13:55:57 PST 2020 x86_64 AMD Ryzen 7 2700X Eight-Core Processor AuthenticAMD GNU/Linux
jordanpotter commented 3 years ago

Have tested on Debian Buster and Ubuntu 20.04, both of which worked. Going to move forward and tag this as 2.0.0.

Thanks again @JakeWharton for the brilliant PR!