DEV: slim image, drop unused packages and use cache mounts #880
Conversation
apt using caches for /var/cache/apt, /var/cache/debconf, and var/lib/apt. Ensure /usr/share/doc and /usr/share/man do not get saved to the image by mounting temporary folders to paths. Drop autoconf and build-essential from installs, in favor of selective cmake, g++, pkg-config, and patch packages. drop apt-get -y upgrade in dockerfile. We should inherit upgrades from base images. No need to apt-mark hold initscripts now that we're not running `upgrade` Remove calls to vim as we no longer install vim here. Remove comment for slimming locales as we have now done so.
|
@tgxworld this one's the next phase for slimming image size |
|
How much of the image size are we shaving off here? My first reaction here is that all these changes is making the Dockerfile much harder to understand and we really have to be saving a significant amount of disk space for the added complexity to be warranted. |
|
This is saving 100MB uncompressed/ 30MB compressed. The majority of the changes here are just adding --mount arguments to the RUN commands. |
image/base/Dockerfile
Outdated
| DEBIAN_FRONTEND=noninteractive apt-get -y install ca-certificates rsync \ | ||
| cmake g++ pkg-config patch \ |
There was a problem hiding this comment.
I think we can combine this with line 35?
image/base/Dockerfile
Outdated
| --mount=type=tmpfs,target=/usr/share/doc \ | ||
| --mount=type=tmpfs,target=/usr/share/man \ | ||
| --mount=type=tmpfs,target=/var/log \ | ||
| DEBIAN_FRONTEND=noninteractive apt-get install -y locales |
There was a problem hiding this comment.
This can be combined with line 35 too.
image/base/Dockerfile
Outdated
| --mount=type=tmpfs,target=/usr/share/doc \ | ||
| --mount=type=tmpfs,target=/usr/share/man \ | ||
| --mount=type=tmpfs,target=/root/.npm \ | ||
| cd / &&\ |
There was a problem hiding this comment.
Can we install the apt packages early so we don't have to duplicate these lines here?
There was a problem hiding this comment.
This one is dependent on the curl calls for all the apt sources above. I've moved all dependent code bundled into the same run command to reduce the number of --mount calls
image/base/Dockerfile
Outdated
| --mount=type=tmpfs,target=/usr/share/doc \ | ||
| --mount=type=tmpfs,target=/usr/share/man \ |
There was a problem hiding this comment.
Can we try to configure /etc/dpkg/dpkg.conf.d/01_nodoc to exclude /usr/share/doc and /usr/share/man? That will allow us to remove these two lines.
There was a problem hiding this comment.
I looked into this and debian slim's doing this for us already. They do keep the copyright content, but manpages are all clean!
remove tmpfs in favor of nodoc which already is in slim
|
it looks like some time ago, a proxy was setup for installing packages, which was causing some complexity in which apt-get install needed to be called multiple times to engage the proxy. To my knowledge, we no longer use a proxy to install packages, and we're grabbing them directly from upstream, and if so we can safely move and combine apt calls. |
minimize amount of --mount arguments in dockerfile
|
Re-ordering and merging the apt-get layers here also seems to have squashed the size down impressively to 511.27 MB from 668.47 MB compressed (on local macos, arm64). |
apt using caches for /var/cache/apt, /var/cache/debconf, and var/lib/apt.
Ensure /usr/share/doc and /usr/share/man do not get saved to the image by mounting temporary folders to paths.
Drop build-essential from installs, in favor of selective cmake, g++, pkg-config, and patch packages.
drop apt-get -y upgrade in dockerfile. We should inherit upgrades from base images. No need to apt-mark hold initscripts now that we're not running
upgradeRemove calls to vim as we no longer install vim here. Remove comment for slimming locales as we have now done so.