I forgot to specify the runtime dependency packages (fixed Dockerfile attached), I am sorry. This is still minimal changes, and the result is now 101MB, which is still an interesting improvement (371MB before changes). Note that when building, the intermediate image is visible.

Le 02/09/2024 à 11:23, Devpt Calmarsoft a écrit :
Le 27/08/2024 à 19:52, Ondřej Surý a écrit :
What’s the size difference for you?

I mean if someone wants to play with our Dockerfile and there’s a significant reduction is size, I would be convinced. But in a world, where a mobile application that does absolutely nothing has 4 GB, I feel like 130 MB is on the low side of the scale.
There is a way to forget the compilation steps, using the "--from" option of COPY, see here: https://docs.docker.com/reference/dockerfile/#copy---from

=>
    I made the experiment, and the image drops to 63MB instead of 243MB (without keeping the sources).
    remarks:
        I chose to clone only the /usr because that path seem to be the only one affected during the build/install.     I duplicated the LC_ALL env variable, as I don't know if it is needed for runtime or build phase.

In my opinion this would be cleaner that way (with drawback that we cannot see the build steps history anymore)


Benoit
Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

On 27. 8. 2024, at 19:38, Peter DeVries <pdevr...@quotient-inc.com> wrote:

For what it's worth this is how we build our dockers, with a builder
and then the runner. IMO it's cleaner that way and not much more
complicated. We'll continue to roll our own though so no real dog in
this fight.

Peter

On Tue, Aug 27, 2024 at 1:28 PM Ondřej Surý <ond...@isc.org> wrote:

On 27. 8. 2024, at 18:57, Marc <m...@f1-outsourcing.eu> wrote:
Afaik apk del \ does not free up space still.
Right. That was not really my intention though. I wanted to reduce
the amount of cruft installed in the image. The less binary stuff
around, the less possible attack surface.

But apk --no-cache should work I guess.

If you work with builder phase, you can probably shave of some MB's

I think that's too complicated to use two phases, but I think the next update should reduce the image size a little bit. It was ~170 MB before and the
reduced (compressed) size is 130 MB.

But I get it - the base alpine:latest is only 3 MB, that's quite a difference.

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.



--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




FROM alpine:latest as builder
MAINTAINER BIND 9 Developers <bind9-...@isc.org>

ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C.UTF-8

ARG BIND9_VERSION=9.20.1
ARG 
BIND9_CHECKSUM=fe6ddff74921410d33b62b5723ac23912e8d50138ef66d7a30dc2c421129aeb0

# Build part

RUN apk --no-cache update
RUN apk --no-cache upgrade

RUN apk --no-cache add \
        autoconf \
        automake \
        build-base \
        fstrm \
        fstrm-dev \
        jemalloc \
        jemalloc-dev \
        json-c \
        json-c-dev \
        krb5-dev \
        krb5-libs \
        libcap-dev \
        libcap2 \
        libidn2 \
        libidn2-dev \
        libmaxminddb-dev \
        libmaxminddb-libs \
        libtool \
        libuv \
        libuv-dbg \
        libuv-dev \
        libxml2 \
        libxml2-dbg \
        libxml2-dev \
        libxslt \
        lmdb \
        lmdb-dev \
        make \
        musl-dbg \
        nghttp2-dev \
        nghttp2-libs \
        openssl-dbg \
        openssl-dev \
        procps \
        protobuf-c \
        protobuf-c-dev \
        tzdata \
        userspace-rcu \
        userspace-rcu-dev

RUN mkdir -p /usr/src
ADD 
https://downloads.isc.org/isc/bind9/${BIND9_VERSION}/bind-${BIND9_VERSION}.tar.xz
 /usr/src
RUN cd /usr/src && \
    ( echo "${BIND9_CHECKSUM}  bind-${BIND9_VERSION}.tar.xz" | sha256sum -c - ) 
&& \
    tar -xJf bind-${BIND9_VERSION}.tar.xz && \
    cd /usr/src/bind-${BIND9_VERSION} && \
    ./configure --prefix /usr \
                --sysconfdir=/etc/bind \
                --localstatedir=/ \
                --enable-shared \
                --disable-static \
                --with-gssapi \
                --with-libidn2 \
                --with-json-c \
                --with-lmdb=/usr \
                --with-gnu-ld \
                --with-maxminddb \
                --enable-dnstap && \
    make -j && \
    make install && \
    rm -rf /usr/src

# Remove development packages
RUN apk --no-cache del \
        autoconf \
        automake \
        build-base \
        fstrm-dev \
        gnutls-utils \
        jemalloc-dev \
        json-c-dev \
        krb5-dev \
        libcap-dev \
        libidn2-dev \
        libmaxminddb-dev \
        libtool \
        libuv-dev \
        libxml2-dev \
        libxslt \
        lmdb-dev \
        make \
        nghttp2-dev \
        openssl-dev \
        protobuf-c-dev \
        userspace-rcu-dev

# Runtime part
FROM alpine:latest
ENV LC_ALL C.UTF-8

# Build result
COPY --from=builder /usr/ /usr/

# Packages needed for runtime
RUN apk --no-cache add \
        fstrm \
        jemalloc \
        json-c \
        krb5-libs \
        libcap2 \
        libidn2 \
        libmaxminddb-libs \
        libtool \
        libuv \
        libuv-dbg \
        libxml2 \
        libxml2-dbg \
        lmdb \
        musl-dbg \
        nghttp2-libs \
        openssl-dbg \
        procps \
        protobuf-c \
        tzdata \
        userspace-rcu

# Create user and group
RUN addgroup -S bind && adduser -S -H -h /var/cache/bind -G bind bind

# Create default configuration file
RUN mkdir -p /etc/bind && chown root:bind /etc/bind/ && chmod 755 /etc/bind
COPY named.conf /etc/bind
RUN chown root:bind /etc/bind/named.conf && chmod 644 /etc/bind/named.conf

# Create working directory
RUN mkdir -p /var/cache/bind && chown bind:bind /var/cache/bind && chmod 755 
/var/cache/bind

# Create directory to store secondary zones
RUN mkdir -p /var/lib/bind && chown bind:bind /var/lib/bind && chmod 755 
/var/lib/bind

# Create log directory
RUN mkdir -p /var/log/bind && chown bind:bind /var/log/bind && chmod 755 
/var/log/bind

# Create PID directory
RUN mkdir -p /run/named && chown bind:bind /run/named && chmod 755 /run/named

VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log"]

EXPOSE 53/udp 53/tcp 953/tcp 853/tcp 443/tcp

ENTRYPOINT ["/usr/sbin/named", "-u", "bind"]
CMD ["-f", "-c", "/etc/bind/named.conf", "-L", "/var/log/bind/default.log"]

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to