Closed Cryptophobia closed 3 years ago
The technique used in BaseImage (Ubuntu/Phusion) to make the image smaller is to take everything and put it into a script. This way you can have a readable Dockerfile without a ton of
RUN apt-get -y --no-install-recommends huge-list of-packages \
some-more-packages \
way-too-many-lines-of-code \
in-a-single-run-directive \
&& do-the-build-things \
&& apt-get remove --purge all-of-those-things
https://github.com/phusion/baseimage-docker/blob/master/image/Dockerfile
Instead you get something like:
RUN /bd_build/prepare.sh && \
/bd_build/system_services.sh && \
/bd_build/utilities.sh && \
/bd_build/cleanup.sh
It looks like you're already running everything and cleaning up in a single step though, so while this might make the build easier to follow, it's not going to save any space... :-\
Not sure if flattening layers will either
Yes, we are already appending all RUN instructions to each other in the image so that they will create one layer. ;)
I think if we do a docker-squash now and merge some of the unnecessary layers like the chown
and add
files layers, we should be able to save around 10-40% space but I think the image is still maintainable in the current state. I would begin to get more worried if we keep adding features to the router. Modsecurity (libmodsecurity-v3 which takes 10 mins to compile) was what really increased the size of this image.
I usually use the docker-squash python package do the squashing of the layers. I can test it out with this image and see the improvement.
So I ran into this issue https://github.com/goldmann/docker-squash/issues/158
But it also looks like squashing the top 8 layers did not save as much as I thought it would:
hephy/router squashed 406a7b9251f8 About a minute ago 632MB
hephy/router git-84c49ab ffac94f44e6f 3 days ago 674MB
I suspect this has to do with the way we are loading the libmodsecurity after it is compiled. Maybe if we compile in the actual image, we can save space. The reason why I chose to load libmodescurity after compiling it is to save time for building the image, but this probably makes the image layers fat in that they cannot be squashed into each other...
This has improved a lot since moving to multi-stage build thanks to work by @felixbuenemann ! Compressed size is about 100mb on docker hub. I think it's okay to close this issue for now.
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hephy/router canary e08db7bc9b04 30 minutes ago 247MB
hephy/router git-2c6f6f6 e08db7bc9b04 30 minutes ago 247MB
The Docker image runs at 674MB because of Modsecurity and Tcell dynamic modules. We should look at lowering the size of the container by maybe using multi-stage Docker builds or flattening the layers of the Docker image as the last resort.