Le 02/09/2024 à 13:52, Marc a écrit :
1.
Afaik you don't need to remove packages from builder, the whole builder layer
will be gone.
I did that to avoid copy extra files with the COPY --from=builder command
2.
COPY --from=builder /usr/ /usr/
I think this will copy duplicates, duplicates increase still layer size so you
have 2x size of a default /usr
so you can only copy individual files
You are right, extra files appear in the diff! I was thinking that the
files already present would be discarded. Copying individual files in
this case is not the solution: there are plenty of files (305 if
counting includes)
So this is a bit more complicated to achieve something cleaner. Maybe
install the binaries in an alternate directory in the build step?
I made a new Dockerfile based on this idea, now the result is 66MB. I
tested the build, but not if it is still functional (see all expected
files in the right place).
"As long as there is a COPY in your Dockerfile, the size of the image increases to
the stuff you copy"
* don't really know if this is still accurate
That could explain your big image.
-----Original Message-----
From: bind-users<bind-users-boun...@lists.isc.org> On Behalf Of Devpt
Calmarsoft
Sent: Monday, 2 September 2024 12:25
To:bind-users@lists.isc.org
Subject: Re: Updated Docker images (9.18, 9.20, 9.21) - now based on
Alpine Linux
I forgot to specify the runtime dependency packages (fixed Dockerfile
attached), I am sorry.
This is still minimal changes, and the result is now 101MB, which is
still an interesting improvement (371MB before changes). Note that when
building, the intermediate image is visible.
Le 02/09/2024 à 11:23, Devpt Calmarsoft a écrit :
Le 27/08/2024 à 19:52, Ondřej Surý a écrit :
What’s the size difference for you?
I mean if someone wants to play with our Dockerfile and there’s a
significant reduction is size, I would be convinced. But in a world,
where a mobile application that does absolutely nothing has 4 GB, I
feel like 130 MB is on the low side of the scale.
There is a way to forget the compilation steps, using the "--from"
option of COPY, see here:
https://docs.docker.com/reference/dockerfile/#copy---from
=>
I made the experiment, and the image drops to 63MB instead of
243MB (without keeping the sources).
remarks:
I chose to clone only the /usr because that path seem to be
the only one affected during the build/install.
I duplicated the LC_ALL env variable, as I don't know if it is
needed for runtime or build phase.
In my opinion this would be cleaner that way (with drawback that we
cannot see the build steps history anymore)
Benoit
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
not feel obligated to reply outside your normal working hours.
On 27. 8. 2024, at 19:38, Peter DeVries<pdevr...@quotient-inc.com>
wrote:
For what it's worth this is how we build our dockers, with a builder
and then the runner. IMO it's cleaner that way and not much more
complicated. We'll continue to roll our own though so no real dog in
this fight.
Peter
On Tue, Aug 27, 2024 at 1:28 PM Ondřej Surý<ond...@isc.org> wrote:
On 27. 8. 2024, at 18:57, Marc<m...@f1-outsourcing.eu> wrote:
Afaik apk del \ does not free up space still.
Right. That was not really my intention though. I wanted to reduce
the amount of cruft installed in the image. The less binary stuff
around, the less possible attack surface.
But apk --no-cache should work I guess.
If you work with builder phase, you can probably shave of some MB's
I think that's too complicated to use two phases, but I think the
next update
should reduce the image size a little bit. It was ~170 MB before
and the
reduced (compressed) size is 130 MB.
But I get it - the base alpine:latest is only 3 MB, that's quite a
difference.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do
not feel obligated to reply outside your normal working hours.
--
Visithttps://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us athttps://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
FROM alpine:latest as builder
MAINTAINER BIND 9 Developers <bind9-...@isc.org>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C.UTF-8
ARG BIND9_VERSION=9.20.1
ARG
BIND9_CHECKSUM=fe6ddff74921410d33b62b5723ac23912e8d50138ef66d7a30dc2c421129aeb0
# Build part
RUN apk --no-cache update
RUN apk --no-cache upgrade
RUN apk --no-cache add \
autoconf \
automake \
build-base \
fstrm \
fstrm-dev \
jemalloc \
jemalloc-dev \
json-c \
json-c-dev \
krb5-dev \
krb5-libs \
libcap-dev \
libcap2 \
libidn2 \
libidn2-dev \
libmaxminddb-dev \
libmaxminddb-libs \
libtool \
libuv \
libuv-dbg \
libuv-dev \
libxml2 \
libxml2-dbg \
libxml2-dev \
libxslt \
lmdb \
lmdb-dev \
make \
musl-dbg \
nghttp2-dev \
nghttp2-libs \
openssl-dbg \
openssl-dev \
procps \
protobuf-c \
protobuf-c-dev \
tzdata \
userspace-rcu \
userspace-rcu-dev
RUN mkdir -p /usr/src
ADD
https://downloads.isc.org/isc/bind9/${BIND9_VERSION}/bind-${BIND9_VERSION}.tar.xz
/usr/src
RUN cd /usr/src && \
( echo "${BIND9_CHECKSUM} bind-${BIND9_VERSION}.tar.xz" | sha256sum -c - )
&& \
tar -xJf bind-${BIND9_VERSION}.tar.xz && \
cd /usr/src/bind-${BIND9_VERSION} && \
./configure --prefix /install \
--sysconfdir=/etc/bind \
--localstatedir=/ \
--enable-shared \
--disable-static \
--with-gssapi \
--with-libidn2 \
--with-json-c \
--with-lmdb=/usr \
--with-gnu-ld \
--with-maxminddb \
--enable-dnstap && \
make -j && \
make install && \
rm -rf /usr/src
# Remove development packages
RUN apk --no-cache del \
autoconf \
automake \
build-base \
fstrm-dev \
gnutls-utils \
jemalloc-dev \
json-c-dev \
krb5-dev \
libcap-dev \
libidn2-dev \
libmaxminddb-dev \
libtool \
libuv-dev \
libxml2-dev \
libxslt \
lmdb-dev \
make \
nghttp2-dev \
openssl-dev \
protobuf-c-dev \
userspace-rcu-dev
# Runtime part
FROM alpine:latest
ENV LC_ALL C.UTF-8
# Build result
COPY --from=builder /install /usr
# Packages needed for runtime
RUN apk --no-cache add \
fstrm \
jemalloc \
json-c \
krb5-libs \
libcap2 \
libidn2 \
libmaxminddb-libs \
libtool \
libuv \
libuv-dbg \
libxml2 \
libxml2-dbg \
lmdb \
musl-dbg \
nghttp2-libs \
openssl-dbg \
procps \
protobuf-c \
tzdata \
userspace-rcu
# Create user and group
RUN addgroup -S bind && adduser -S -H -h /var/cache/bind -G bind bind
# Create default configuration file
RUN mkdir -p /etc/bind && chown root:bind /etc/bind/ && chmod 755 /etc/bind
COPY named.conf /etc/bind
RUN chown root:bind /etc/bind/named.conf && chmod 644 /etc/bind/named.conf
# Create working directory
RUN mkdir -p /var/cache/bind && chown bind:bind /var/cache/bind && chmod 755
/var/cache/bind
# Create directory to store secondary zones
RUN mkdir -p /var/lib/bind && chown bind:bind /var/lib/bind && chmod 755
/var/lib/bind
# Create log directory
RUN mkdir -p /var/log/bind && chown bind:bind /var/log/bind && chmod 755
/var/log/bind
# Create PID directory
RUN mkdir -p /run/named && chown bind:bind /run/named && chmod 755 /run/named
VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log"]
EXPOSE 53/udp 53/tcp 953/tcp 853/tcp 443/tcp
ENTRYPOINT ["/usr/sbin/named", "-u", "bind"]
CMD ["-f", "-c", "/etc/bind/named.conf", "-L", "/var/log/bind/default.log"]
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users