At Bitnami we are building and testing a new base image for containers:
minideb. We designed the image to balance two goals, using the fact that
this image is specifically for use in containers:
Let’s look at the benefits of each of these.
There are many advantages to having small base images for containers:
For a general base image it is important that the image be compatible with as much software as possible.
To be really useful to developers you want a base image to have a large library of software available to easily integrate into images.
After testing a few different approaches and looking at the contents of several
base images, we came up with a compromise. We would use a Debian-based image, as
it has a huge library of software just an
apt-get away, and is based on glibc,
but strip out as much as possible that is unlikely to be used in containers.
In order to do this we looked at an inventory of the standard
base generated by
debootstrap. We looked at the list of packages that were
installed, and picked the ones that aren't needed in containers. There were two
main categories of packages that were removed:
Next we looked at the filesystem with all the necessary packages installed and looked at what we could remove. We decided to remove:
Some of these may again be useful during development and debugging, but can be easily accessed elsewhere, e.g. launching a full Debian image to read the manpage.
Some of the changes that we have made will break compatibility with a few of
the packages in the Debian archive. For instance, we remove the init system
from standard Debian, this will break any container that expects to use
the init system to manage processes. If a developer using
such a case they can install the missing packages in their image.
minideb image currently weighs in at around 50MB uncompressed. For comparison
debian library image is 123MB, the
alpine image is 5MB, and the newly
amazonlinux image is 328MB.
minideb is much larger than
alpine it is a lot smaller than the standard
debian image while retaining most of the compatibility.
If you are using docker you can use
Dockerfile to use
minideb as your base image. The image is updated daily
and includes the security repository, so pulling
minideb and rebuilding your image
will include any new security fixes.
There is one nice extra feature included in
command. You can use this instead of calling
apt-get in your
and it will do two things:
If you aren't using docker, or would prefer to build the image yourself, you can find everything you need in the github repository.
We are going to continue testing
minideb with the Bitnami application catalog.
This may lead to changes to
minideb, or us deciding that another base image
would benefit our users more.
However, if all goes well then we will release all of our containers with a smaller base image, making Bitnami containers even better for our users.
If you want to keep up with changes to
minideb you can follow the
github repository and look out for
other posts on this blog.