Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
I found this to be an issue as well, but there are a few ways around this for when you need to debug something. The most useful approach I found was to launch a new container from a standard image (like Ubuntu) which shares the same process namespace, for example:
docker run --rm -it --pid=container:distroless-app ubuntu:20.04
You can then see processes in the 'distroless-app' container from the new container, and then you can install as many debugging tools as you like without affecting the original container.
Alternatively distroless have debug images you could use as a base instead which are probably still smaller than many other base images:
https://github.com/GoogleContainerTools/distroless#debug-ima...
You could launch the container itself with sleep. (docker run --entrypoint /bin/sh [image] sleep inf) Then start the dev watch thing with 'docker exec', and when you don't need it anymore you can kill it. (Eg. via htop)
With uwsgi you can control which file to watch. I usually just set it to watch the index.py so when I want to restart it, I just switch to that and save the file.
Similarly you could do this with "entr" https://github.com/eradman/entr
This app is great for discovering waste
https://github.com/wagoodman/dive
I've found 100MB fonts and other waste.
All the tips are good, but until you actually inspect your images, you won't know why they are so bloated.
stargz is a gamechanger for startup time. You might not need to care about image size at all
kubernetes and podmand support it, and docker support is likely coming. It lazy loads the filesystem on start-up, making network requests for things that are needed and therefore can often start up large images very fast.
https://github.com/containerd/stargz-snapshotter
Can second Nix! With Nix we were able to reduce PostgREST image size[1] from over 30 MB to about 4 MB.
[1]: https://github.com/PostgREST/postgrest/tree/main/nix/tools/d...
For Java, JIB on distroless works pretty well. It's small, fast and secure.
- https://github.com/GoogleContainerTools/jib
It sounds so cool, but then I don’t get out of the base image before you’re writing your own Python launcher in a heredoc in a shell script in a docker image builder in a mix derivation[0]? Curiosity compels me to ask: how did all that become necessary?
[0]: https://github.com/jvolkman/bazel-nix-example/blob/e0208355f...