SlideShare une entreprise Scribd logo

Docker on a Diet

Kuan Yen Heng
Kuan Yen Heng

An obesity epidemic is sweeping through the Docker ecosystem. Here are some methods to reduce the bloat in your Docker images. Put your containers on a diet!

Logiciels
1  sur  28
Télécharger pour lire hors ligne
Docker "Rena ship 07" by New Zealand Defence Force from Wellington, New Zealand - NZ Defence Force assistance to OP Rena. Licensed under CC BY 2.0 via Wikimedia Commons on a diet
Motivation • Let’s download our base image! • ZZZzzzz……
Sample image sizes debian:wheezy 85.1 MB ubuntu:trusty 188.3 MB phusion/baseimage:0.9.16 279.7 MB wordpress:4.1.0 470 MB google/golang:latest 611.3 MB python:2.7.9 744.9 MB
Docker containers This Not this
But wait! – phusion/baseimage README “Docker only needs to download the base image once: during the first deploy. On every subsequent deploys [sic], only the changes you make on top of the base image are downloaded.”
So why lean containers? • Continuous integration / automated testing • Should you test your containers? (Hint: yes) • Third party CI services boot up a fresh environment each time • Fast bootstrapping • A new host in e.g. an autoscaling cluster has to download all images from scratch • Bandwidth / transfer • Especially if you’re running a private registry
Trim the fat Method 1
Removing artifacts • Example from phusion/baseimage: • Just typical housekeeping • Without: 334.6 MB • With: 314 MB (-20.6 MB) apt-get clean rm -rf /tmp/* /var/tmp/* rm -rf /var/lib/apt/lists/* rm -f /etc/ssh/ssh_host_* rm -rf /usr/share/man/?? rm -rf /usr/share/man/??_*
You ain’t gonna need it • phusion/baseimage installs syslog-ng, logrotate and openssh-server (sshd) • SSH isn’t needed now that we have docker exec (addressed in a blog post) • Log management: dump process logs to stdout and use a collection container like progrium/logspout • Alternatively mount /dev/log into your container • With log management + sshd: 314 MB • Without: 279 MB (-35 MB)
Reducing dependencies • For example: a frontend app that uses a Gulp pipeline with gulp-ruby-sass • This requires “gem install sass”, which requires “apt-get install ruby-full rubygems-integration” • OR you could switch to gulp-sass and use native bindings to libsass (C implementation) • With gulp-ruby-sass: 487.2 MB • With gulp-sass: 386 MB (-101.2 MB)
Delegate roles Method 2
Splitting your containers • Differentiate between “build” and “runtime” • Compilation tools and libraries should not be present in your production environment • Build your app in a “dev” or “builder” container and transfer it to a “runtime” container • Specialized utility containers as standalone binaries
Build pipeline • How do I write my Dockerfile now that I need another container (or more) to build my app? • Script a build pipeline! • Process your source files in a shared volume with your build container(s) before loading it into your base runtime image as the final step • A popular approach is to use Makefiles
Docker Makefiles GIT = pie/git BUILD = pie/builder IMAGE = pie/hubot hubot: docker run --rm -v $(pwd):/opt:rw -e GPG=$$GPG $(GIT) /bin/bash -c “[…]” hubot.tar: | hubot docker run --rm -v $(pwd):/opt:rw $(BUILD) /bin/bash -c “npm […] && tar […]” build: hubot.tar Dockerfile docker build -t $(IMAGE):latest --rm --no-cache . clean: rm -rf hubot && rm -f hubot.tar Credentials Git container Builder container Shared folder (alternatively, make a data container)
Change your image Method 3
Switching the base image • Basing your image off Debian instead of Ubuntu results in >100 MB savings off the bat • Some tweaks needed: different packages, python3 not installed by default, etc • Example: olberger/baseimage-docker • Before: 279 MB • After: 166.8 MB (-112.2 MB)
Reducing dependencies II • phusion/baseimage relies on a Python 3 my_init script which bootstraps runit • Replace runit with s6, a process supervisor suite designed to run as PID 1, which removes the need for certain workarounds (e.g. environment variables) • Eliminates python3 as a dependency • Before: 166.8 MB • After: 144.3 MB (-22.5 MB)
How low can you go? • Build Linux from scratch! (LFS) • The hard work has been done for you: Buildroot and BusyBox • Of course, you could also compile a statically linked binary, e.g. a Golang app and load it into the scratch image (0 MB)
 but that’s just crazy talk
BusyBox – busybox README “BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. […] BusyBox provides a fairly complete environment for any small or embedded system.”
Here be dragons
Switching the base image II • BusyBox weighs in at 2.4 MB (!!) • Seriously barebones • A popular setup is to include opkg and piggyback on the OpenWRT package index • An example being progrium/busybox (4.8 MB) • Roll your own using progrium/rootbuilder • Before: 183 MB • After: 56 MB (-127 MB)
Caveats • OpenWRT packages are intended for routers and embedded systems, hence it has a rather limited selection • Packages not available in OpenWRT (nodejs, redis, nginx, etc) usually have to be compiled from source, often with manual tweaks • There is a new project, docker-alpine based on Alpine Linux that has a more general purpose package index (using apk)
A tiny baseimage • https://registry.hub.docker.com/u/gigablah/baseimage/ • Result: 5.8 MB FROM progrium/busybox MAINTAINER Chris Heng <bigblah@gmail.com> ADD s6-2.0.0.1.tar.gz / ADD service /etc/service RUN mkdir -p /var/spool/cron/crontabs ENTRYPOINT ["/usr/bin/s6-svscan", "-t0"] CMD ["/etc/service"]
In short… Original image (nodejs app) 426 MB Without ruby dependency 325 MB Without sshd and syslog-ng 290 MB With Debian as base 183 MB With s6 as init system 166 MB With BusyBox as base 56 MB
References • http://phusion.github.io/baseimage-docker/ • https://blog.phusion.nl/2015/01/20/baseimage-docker-fat- containers-treating-containers-vms/ • http://buildroot.uclibc.org/ • http://www.busybox.net/ • http://skarnet.org/software/s6/ • http://blog.tutum.co/2014/12/02/docker-and-s6-my-new- favorite-process-supervisor/ • https://registry.hub.docker.com/u/gigablah/baseimage/ • http://gliderlabs.viewdocs.io/docker-alpine
Thank you bigblah@gmail.com https://github.com/gigablah @gigablah

Recommandé

Docker
DockerDocker
DockerVitaly Tsaplin
 
Why we need container in Software
Why we need container in SoftwareWhy we need container in Software
Why we need container in SoftwareThach Nguyen
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerKuan Yen Heng
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerHiroki Endo
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introductionw_akram
 
OSDC 2014: Tobias Schwab - Continuous Delivery with Docker
OSDC 2014: Tobias Schwab - Continuous Delivery with Docker OSDC 2014: Tobias Schwab - Continuous Delivery with Docker
OSDC 2014: Tobias Schwab - Continuous Delivery with Docker NETWAYS
 
Containers #101 : Docker ONBUILD triggers and Introduction to Docker Compose
Containers #101 : Docker ONBUILD triggers and Introduction to Docker ComposeContainers #101 : Docker ONBUILD triggers and Introduction to Docker Compose
Containers #101 : Docker ONBUILD triggers and Introduction to Docker ComposeRaziel Tabib (Join our team)
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 

Recommandé

Docker
DockerDocker
DockerVitaly Tsaplin
 
Why we need container in Software
Why we need container in SoftwareWhy we need container in Software
Why we need container in SoftwareThach Nguyen
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerKuan Yen Heng
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerHiroki Endo
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introductionw_akram
 
OSDC 2014: Tobias Schwab - Continuous Delivery with Docker
OSDC 2014: Tobias Schwab - Continuous Delivery with Docker OSDC 2014: Tobias Schwab - Continuous Delivery with Docker
OSDC 2014: Tobias Schwab - Continuous Delivery with Docker NETWAYS
 
Containers #101 : Docker ONBUILD triggers and Introduction to Docker Compose
Containers #101 : Docker ONBUILD triggers and Introduction to Docker ComposeContainers #101 : Docker ONBUILD triggers and Introduction to Docker Compose
Containers #101 : Docker ONBUILD triggers and Introduction to Docker ComposeRaziel Tabib (Join our team)
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 
DockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDocker, Inc.
 
Adventures in docker compose
Adventures in docker composeAdventures in docker compose
Adventures in docker composeLinkMe Srl
 
Angular boilerplate generator
Angular boilerplate generatorAngular boilerplate generator
Angular boilerplate generatorVincent De Smet
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Docker Basics
Docker BasicsDocker Basics
Docker BasicsDuckDuckGo
 
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconfContinuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconfJulia Mateo
 
Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Lucas Jellema
 
Alternatives to layer-based image distribution: using CERN filesystem for images
Alternatives to layer-based image distribution: using CERN filesystem for imagesAlternatives to layer-based image distribution: using CERN filesystem for images
Alternatives to layer-based image distribution: using CERN filesystem for imagesGeorge Lestaris
 
Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014Charles Anderson
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDocker, Inc.
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 augVincent De Smet
 
Docker uiappdev-201505
Docker uiappdev-201505Docker uiappdev-201505
Docker uiappdev-201505chrisortman
 
OSv: probably the best OS for cloud workloads you've never hear of
OSv: probably the best OS for cloud workloads you've never hear ofOSv: probably the best OS for cloud workloads you've never hear of
OSv: probably the best OS for cloud workloads you've never hear ofrhatr
 
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...Docker, Inc.
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionMANAOUIL Karim
 
Java developer intro to environment management with vagrant puppet and docker
Java developer intro to environment management with vagrant puppet and dockerJava developer intro to environment management with vagrant puppet and docker
Java developer intro to environment management with vagrant puppet and dockerGetting value from IoT, Integration and Data Analytics
 
Vagrant vs Docker
Vagrant vs DockerVagrant vs Docker
Vagrant vs Dockerjchase50
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 
DockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDocker, Inc.
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Mustafa AKIN
 
Pie on AWS
Pie on AWSPie on AWS
Pie on AWSKuan Yen Heng
 
Durian: a PHP 5.5 microframework with generator-style middleware
Durian: a PHP 5.5 microframework with generator-style middlewareDurian: a PHP 5.5 microframework with generator-style middleware
Durian: a PHP 5.5 microframework with generator-style middlewareKuan Yen Heng
 

Contenu connexe

Tendances

DockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDocker, Inc.
 
Adventures in docker compose
Adventures in docker composeAdventures in docker compose
Adventures in docker composeLinkMe Srl
 
Angular boilerplate generator
Angular boilerplate generatorAngular boilerplate generator
Angular boilerplate generatorVincent De Smet
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconfContinuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconfJulia Mateo
 
Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Lucas Jellema
 
Alternatives to layer-based image distribution: using CERN filesystem for images
Alternatives to layer-based image distribution: using CERN filesystem for imagesAlternatives to layer-based image distribution: using CERN filesystem for images
Alternatives to layer-based image distribution: using CERN filesystem for imagesGeorge Lestaris
 
Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014Charles Anderson
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDocker, Inc.
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 augVincent De Smet
 
Docker uiappdev-201505
Docker uiappdev-201505Docker uiappdev-201505
Docker uiappdev-201505chrisortman
 
OSv: probably the best OS for cloud workloads you've never hear of
OSv: probably the best OS for cloud workloads you've never hear ofOSv: probably the best OS for cloud workloads you've never hear of
OSv: probably the best OS for cloud workloads you've never hear ofrhatr
 
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...Docker, Inc.
 
Vagrant vs Docker
Vagrant vs DockerVagrant vs Docker
Vagrant vs Dockerjchase50
 
DockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDocker, Inc.
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Mustafa AKIN
 

Tendances (20)

DockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ Docker
 
Adventures in docker compose
Adventures in docker composeAdventures in docker compose
Adventures in docker compose
 
Angular boilerplate generator
Angular boilerplate generatorAngular boilerplate generator
Angular boilerplate generator
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconfContinuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf
 
Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...
 
Alternatives to layer-based image distribution: using CERN filesystem for images
Alternatives to layer-based image distribution: using CERN filesystem for imagesAlternatives to layer-based image distribution: using CERN filesystem for images
Alternatives to layer-based image distribution: using CERN filesystem for images
 
Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
 
Docker uiappdev-201505
Docker uiappdev-201505Docker uiappdev-201505
Docker uiappdev-201505
 
OSv: probably the best OS for cloud workloads you've never hear of
OSv: probably the best OS for cloud workloads you've never hear ofOSv: probably the best OS for cloud workloads you've never hear of
OSv: probably the best OS for cloud workloads you've never hear of
 
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Java developer intro to environment management with vagrant puppet and docker
Java developer intro to environment management with vagrant puppet and dockerJava developer intro to environment management with vagrant puppet and docker
Java developer intro to environment management with vagrant puppet and docker
 
Vagrant vs Docker
Vagrant vs DockerVagrant vs Docker
Vagrant vs Docker
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
DockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout Session
 
Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015Docker - Ankara JUG, Nisan 2015
Docker - Ankara JUG, Nisan 2015
 

En vedette

Durian: a PHP 5.5 microframework with generator-style middleware
Durian: a PHP 5.5 microframework with generator-style middlewareDurian: a PHP 5.5 microframework with generator-style middleware
Durian: a PHP 5.5 microframework with generator-style middlewareKuan Yen Heng
 
HHVM and Hack: A quick introduction
HHVM and Hack: A quick introductionHHVM and Hack: A quick introduction
HHVM and Hack: A quick introductionKuan Yen Heng
 
Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Balena
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...Jérôme Petazzoni
 

En vedette (6)

Pie on AWS
Pie on AWSPie on AWS
Pie on AWS
 
Durian: a PHP 5.5 microframework with generator-style middleware
Durian: a PHP 5.5 microframework with generator-style middlewareDurian: a PHP 5.5 microframework with generator-style middleware
Durian: a PHP 5.5 microframework with generator-style middleware
 
HHVM and Hack: A quick introduction
HHVM and Hack: A quick introductionHHVM and Hack: A quick introduction
HHVM and Hack: A quick introduction
 
Resin.io
Resin.ioResin.io
Resin.io
 
Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Introducing resinOS: An Operating System Tailored for Containers and Built fo...
Introducing resinOS: An Operating System Tailored for Containers and Built fo...
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
 

Similaire à Docker on a Diet

Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...
Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...
Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...Lucas Jellema
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...Gaetano Giunta
 
habitat at docker bud
habitat at docker budhabitat at docker bud
habitat at docker budMandi Walls
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container ServicePlay Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container ServiceJosh Padnick
 
Getting Started with Docker
Getting Started with DockerGetting Started with Docker
Getting Started with DockerGeeta Vinnakota
 
MoldCamp - multidimentional testing workflow. CIBox.
MoldCamp - multidimentional testing workflow. CIBox.MoldCamp - multidimentional testing workflow. CIBox.
MoldCamp - multidimentional testing workflow. CIBox.Andrii Podanenko
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerDmytro Patkovskyi
 
Head first docker
Head first dockerHead first docker
Head first dockerHan Qin
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"IT Event
 
Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...
Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...
Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...Manuel Garcia
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAlan Forbes
 
Detailed Introduction To Docker
Detailed Introduction To DockerDetailed Introduction To Docker
Detailed Introduction To Dockernklmish
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesArun Gupta
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux ContainerBalaji Rajan
 
Docker for Dummies
Docker for DummiesDocker for Dummies
Docker for DummiesRoel Hartman
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2Docker, Inc.
 

Similaire à Docker on a Diet (20)

Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...
Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...
Java Developer Intro to Environment Management with Vagrant, Puppet, and Dock...
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 
Containerization using docker and its applications
Containerization using docker and its applicationsContainerization using docker and its applications
Containerization using docker and its applications
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
 
habitat at docker bud
habitat at docker budhabitat at docker bud
habitat at docker bud
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with Docker
 
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container ServicePlay Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
 
Getting Started with Docker
Getting Started with DockerGetting Started with Docker
Getting Started with Docker
 
MoldCamp - multidimentional testing workflow. CIBox.
MoldCamp - multidimentional testing workflow. CIBox.MoldCamp - multidimentional testing workflow. CIBox.
MoldCamp - multidimentional testing workflow. CIBox.
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
 
Head first docker
Head first dockerHead first docker
Head first docker
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
 
Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...
Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...
Altoros Cloud Foundry Training: hands-on workshop for DevOps, Architects and ...
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Detailed Introduction To Docker
Detailed Introduction To DockerDetailed Introduction To Docker
Detailed Introduction To Docker
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and Kubernetes
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
 
Docker for Dummies
Docker for DummiesDocker for Dummies
Docker for Dummies
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 

Dernier

Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 

Dernier (20)

Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 

Docker on a Diet

  • 1. Docker "Rena ship 07" by New Zealand Defence Force from Wellington, New Zealand - NZ Defence Force assistance to OP Rena. Licensed under CC BY 2.0 via Wikimedia Commons on a diet
  • 2. Motivation • Let’s download our base image! • ZZZzzzz……
  • 3. Sample image sizes debian:wheezy 85.1 MB ubuntu:trusty 188.3 MB phusion/baseimage:0.9.16 279.7 MB wordpress:4.1.0 470 MB google/golang:latest 611.3 MB python:2.7.9 744.9 MB
  • 4.
  • 5.
  • 7. But wait! – phusion/baseimage README “Docker only needs to download the base image once: during the first deploy. On every subsequent deploys [sic], only the changes you make on top of the base image are downloaded.”
  • 8. So why lean containers? • Continuous integration / automated testing • Should you test your containers? (Hint: yes) • Third party CI services boot up a fresh environment each time • Fast bootstrapping • A new host in e.g. an autoscaling cluster has to download all images from scratch • Bandwidth / transfer • Especially if you’re running a private registry
  • 10. Removing artifacts • Example from phusion/baseimage: • Just typical housekeeping • Without: 334.6 MB • With: 314 MB (-20.6 MB) apt-get clean rm -rf /tmp/* /var/tmp/* rm -rf /var/lib/apt/lists/* rm -f /etc/ssh/ssh_host_* rm -rf /usr/share/man/?? rm -rf /usr/share/man/??_*
  • 11. You ain’t gonna need it • phusion/baseimage installs syslog-ng, logrotate and openssh-server (sshd) • SSH isn’t needed now that we have docker exec (addressed in a blog post) • Log management: dump process logs to stdout and use a collection container like progrium/logspout • Alternatively mount /dev/log into your container • With log management + sshd: 314 MB • Without: 279 MB (-35 MB)
  • 12. Reducing dependencies • For example: a frontend app that uses a Gulp pipeline with gulp-ruby-sass • This requires “gem install sass”, which requires “apt-get install ruby-full rubygems-integration” • OR you could switch to gulp-sass and use native bindings to libsass (C implementation) • With gulp-ruby-sass: 487.2 MB • With gulp-sass: 386 MB (-101.2 MB)
  • 14. Splitting your containers • Differentiate between “build” and “runtime” • Compilation tools and libraries should not be present in your production environment • Build your app in a “dev” or “builder” container and transfer it to a “runtime” container • Specialized utility containers as standalone binaries
  • 15. Build pipeline • How do I write my Dockerfile now that I need another container (or more) to build my app? • Script a build pipeline! • Process your source files in a shared volume with your build container(s) before loading it into your base runtime image as the final step • A popular approach is to use Makefiles
  • 16. Docker Makefiles GIT = pie/git BUILD = pie/builder IMAGE = pie/hubot hubot: docker run --rm -v $(pwd):/opt:rw -e GPG=$$GPG $(GIT) /bin/bash -c “[…]” hubot.tar: | hubot docker run --rm -v $(pwd):/opt:rw $(BUILD) /bin/bash -c “npm […] && tar […]” build: hubot.tar Dockerfile docker build -t $(IMAGE):latest --rm --no-cache . clean: rm -rf hubot && rm -f hubot.tar Credentials Git container Builder container Shared folder (alternatively, make a data container)
  • 18. Switching the base image • Basing your image off Debian instead of Ubuntu results in >100 MB savings off the bat • Some tweaks needed: different packages, python3 not installed by default, etc • Example: olberger/baseimage-docker • Before: 279 MB • After: 166.8 MB (-112.2 MB)
  • 19. Reducing dependencies II • phusion/baseimage relies on a Python 3 my_init script which bootstraps runit • Replace runit with s6, a process supervisor suite designed to run as PID 1, which removes the need for certain workarounds (e.g. environment variables) • Eliminates python3 as a dependency • Before: 166.8 MB • After: 144.3 MB (-22.5 MB)
  • 20. How low can you go? • Build Linux from scratch! (LFS) • The hard work has been done for you: Buildroot and BusyBox • Of course, you could also compile a statically linked binary, e.g. a Golang app and load it into the scratch image (0 MB)
 but that’s just crazy talk
  • 21. BusyBox – busybox README “BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. […] BusyBox provides a fairly complete environment for any small or embedded system.”
  • 23. Switching the base image II • BusyBox weighs in at 2.4 MB (!!) • Seriously barebones • A popular setup is to include opkg and piggyback on the OpenWRT package index • An example being progrium/busybox (4.8 MB) • Roll your own using progrium/rootbuilder • Before: 183 MB • After: 56 MB (-127 MB)
  • 24. Caveats • OpenWRT packages are intended for routers and embedded systems, hence it has a rather limited selection • Packages not available in OpenWRT (nodejs, redis, nginx, etc) usually have to be compiled from source, often with manual tweaks • There is a new project, docker-alpine based on Alpine Linux that has a more general purpose package index (using apk)
  • 25. A tiny baseimage • https://registry.hub.docker.com/u/gigablah/baseimage/ • Result: 5.8 MB FROM progrium/busybox MAINTAINER Chris Heng <bigblah@gmail.com> ADD s6-2.0.0.1.tar.gz / ADD service /etc/service RUN mkdir -p /var/spool/cron/crontabs ENTRYPOINT ["/usr/bin/s6-svscan", "-t0"] CMD ["/etc/service"]
  • 26. In short… Original image (nodejs app) 426 MB Without ruby dependency 325 MB Without sshd and syslog-ng 290 MB With Debian as base 183 MB With s6 as init system 166 MB With BusyBox as base 56 MB
  • 27. References • http://phusion.github.io/baseimage-docker/ • https://blog.phusion.nl/2015/01/20/baseimage-docker-fat- containers-treating-containers-vms/ • http://buildroot.uclibc.org/ • http://www.busybox.net/ • http://skarnet.org/software/s6/ • http://blog.tutum.co/2014/12/02/docker-and-s6-my-new- favorite-process-supervisor/ • https://registry.hub.docker.com/u/gigablah/baseimage/ • http://gliderlabs.viewdocs.io/docker-alpine