Image using alpine
Closed this issue ยท 36 comments
Do you plan on building an Alpine based docker image? This is much smaller and perfect for microservices running on ECS.
Indeed
amazon-corretto-8:latest e1aebeee4fdd 5 minutes ago 674MB
openjdk:8-alpine 97bc1352afde 2 weeks ago 103MB
but there should be problems with Alpine, as it uses MUSLibc instead of glibc, it requires separate build.
First of all, thanks for the feedback!
To tease this apart, is the request specifically to offer an Alpine-based variant? Or is it a more general request to have a minimal image that is as small and optimized as possible?
It is a general request to have a minimal image. The 103M of alpine are quite a benchmark ;-)
According to https://aws.amazon.com/corretto/faqs/ Corretto is only supported on Amazon Linux 2 distro?
Is it a technical limitation or a licensing limitation?
We have focused on delivering the distribution for Amazon Linux 2 first. Support for other distributions will be available when ready.
@hoegertn : Follow-up question: In a minimal runtime image, would you want the developer tools such as javac and javadoc, or just the runtime components? What type of applications would you be running?
I would not want the dev tools to be inside the container. For sizing reasons and for security reasons.
I would run applications like https://github.com/taimos/dvalin-examples/tree/master/jaxrs-hello-world or Spring Boot Apps inside it on ECS.
@EricEdens
It would be nice to have separate images for JDK and JRE, I guess. One for build and second for run.
Perhaps with some debugging tools, like one for taking memory dump.
anything new on this topic?
Slim images are very useful in a microservice architecture. I'd like to use Corretto but the image size is an obstacle:
REPOSITORY TAG IMAGE ID CREATED SIZE
amazon-corretto-8 latest 94608800ca72 About a minute ago 511MB
openjdk 8u191-jre-alpine 7e72a7dcf7dc 8 days ago 83.1MB
It would be great if you could provide a "slim" Corretto image sooner rather than later.
BYTW One useful feature would for the slim imagine to include a command equivalent to curl that could be used for a Docker HEALTH check https://docs.docker.com/engine/reference/builder/#healthcheck, e.g. for a Spring Boot application there is a health check endpoint /actuator/health
HEALTHCHECK --interval=5m --timeout=3s \
CMD curl -f http://localhost/actuator/health || exit 1
A slim image should not have curl.
Power to the users to add curl or any other tools when building images based on the slim image.
Perhaps this https://github.com/frol/docker-alpine-glibc could be used as base image.
It's based on Alpine, but has glibc, which, I belie coretto is built upon, and testing it against muslibc would be quite tiresome.
P.S. Funny, 32 likes. Have anybody built own image?
I would have tried, but I'm not actually in need of one for now.
+1 for all of the above, I'd also like to use Corretto but the image size is an obstacle, we currently use slim Alpine based images.
+1 currently, I use debian:9-slim as base image, but it would be great to have an alpine-based Docker image for Corretto 11 (also to use jlink).
+1
+1 for jre-slim image
I would like to see slim (or/and alpine) versions of Docker images as well.
I hope, there will be a positive decision on this matter as it consumes less bandwidth and allows faster deployments.
Hi, If you don't stick to Corretto, you can use other distributions like Azul Zulu or BellSoft Liberica JDK.
https://www.azul.com/downloads/zulu/zulu-download-alpine/
https://hub.docker.com/r/azul/zulu-openjdk-alpine
https://hub.docker.com/u/bellsoft
If you're attempting to do any docker image scanning, then alpine doesn't seem as good these days: https://kubedex.com/follow-up-container-scanning-comparison/
Quick survey: When using Alpine, what extra packages are you installing from the package manager for your application?
@chrisburrell don't you think, that this ain't Alpine problem, but rather a problem of particular security scan software?
@EricEdens procps net-tools (same in corretto tbh!)
Customer feedback: https://twitter.com/javapapo/status/1122172208766431233
Is there any plan on Amazon's roadmap to build corretto on alpine? Would like a rough idea of whether this is going to be prioritized soon or not, as it will help us decide whether to run on corretto or not.
https://github.com/clrxbl/alpine-corretto/
I've created a simple Alpine Linux docker image with Corretto 8. Feel free to use / modify / fork.
Is it possible to know Amazon's road map with regards to providing support for Corretto on Alpine?
For those considering Corretto 11 and newer versions, I'm sharing my thoughts and experiences about the topic; maybe it will help somebody to make the wait-or-do-not-wait decision.
Two things:
- there is no official stable OpenJDK 11 build for Alpine yet due to the mentioned
libcvsglibcreasons - even there is an Alpine distribution, it's likely that the java 11 image would be larger than what people expect based on
8-jre-alpineexperiences (there are some details in the links I shared)
For us in the team, the choice was the existing amazonlinux-based image vs building our own. I have no doubts that the Amazon Linux is great, but we simply have more experience with Debian-based systems and wanted to control all the installed components. So we took the official Debian stretch slim image and Debian Corretto 11 distribution.
The image is around 400 MB, but I don't really see any significant impact on build/deployment times. We run Spring Boot microservices and use it for all the Java build and deployment environments.
Sharing a pretty minimal Dockerfile
FROM debian:stretch-slim
RUN apt-get update \
&& apt-get install -y curl java-common locales procps
RUN curl 'https://d3pxv6yz143wms.cloudfront.net/11.0.3.7.1/java-11-amazon-corretto-jdk_11.0.3.7-1_amd64.deb' -o java-11-amazon-corretto-jdk.deb -s \
&& mkdir /usr/share/man/man1 \
&& dpkg --install java-11-amazon-corretto-jdk.deb \
&& rm java-11-amazon-corretto-jdk.deb
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
&& locale-gen
ENV LANG="en_US.UTF-8" \
LANGUAGE="en_US:en" \
LC_ALL="en_US.UTF-8"
You can get Alpine with OpenJDK built natively (for Alpine) using MUSL C. These images do not need nor contain GLIBC.
https://hub.docker.com/r/azul/zulu-openjdk-alpine/
It would be cool if Amazon Corretto did the same.
A corretto equivalent of distroless images would be great
Hi, Is there any updates on Corretto with Alpine image? Our decision to use Corretto depends upon this as alpine images are really slim
@sureshmahajan We are working on this now and expect to share news shortly. Please stay tuned!
Thanks @davecurrie , Any ETA for this? At least high level idea, when it will be available?
Hi all,
Corretto Alpine docker support is now in preview! ๐ You can find more details on our announcement page.
If you cannot wait to try them out, find out all available image tags on the Docker hub page:
https://hub.docker.com/r/amazoncorretto/alpine-preview/tags
Thanks @davecurrie and team on completing this!