Re: [atomic-devel] Reducing the footprint of the Fedora docker base image

[Daniel Riek <riek redhat com>]

On Thu, Feb 11, 2016 at 4:52 AM, Fabian Deutsch <fdeutsch redhat com> wrote:

On Wed, Feb 10, 2016 at 11:13 PM, Josh Berkus <jberkus redhat com> wrote:
> On 02/10/2016 11:38 AM, Courtney Pacheco wrote:
>>
>> If possible, I'd like some feedback on the work I did. Comments and
>> criticism are more than welcomed! I realize there may be some
>> controversy in terms of what I chose to remove and what I chose to turn
>> into weak dependencies, but I would like to hear your thoughts either way.
>>
>
> First, thanks for doing this!  It really shows a lot.  I'd be really curious
> as to what's in the remaining 144MB, given that Alpine and BusyBox can get
> away with a userspace which is 25% of that size.
>
> As Dan points out, we can't necessarily dispose of DNF/Yum during the
> standard container build (i.e. Dockerfile).  However ... could we remove
> them afterwards?

Maybe this can be handled by a tooling itself - add yum, install,
cleanup afterwards.

With squashing that is doable, but it's ugly and fragile.

 

A better way would be to move them into "sidecar" images, that get mounted during docker build and can be added at runtime. We can use the atomic wrapper or kubernetes or atomic app to automate that. The key todos I see here are :

* Get an out-of-tree dnf that brings it own dependencies and can be mounted into a container during build (similar to the secrets patch).

* Figure out how to manage that across multiple versions of base images.

* Enable mounting containers as volumes (unless I am mistaken, right now we can only mount host directories as volumes? Might be wrong)

* Create the tooling and metadata to make it work in practice.

I think there has been some work along those lines, it would be great to drive it forward.

Regards,

Daniel

--

Daniel Riek <riek redhat com>

* Sr. Director Systems Design & Engineering 

* Red Hat Inc, Tel. +1-617-863-6776