Avena base containers?

[Andrew Balmos]

We ought to all agree on what base Docker image to use for Avena containers. If our services all use the same base layer, then the costs (disk/bandwidth) of the OS layer can be amortized.

Here are the ones to consider (IMHO -- do you have others?):

1. Alpine -- Small image, but doesn't use glibc. That can cause pain points and weird runtime issues. We have not had much success with Alpine in the OADA work over needing to compile librdkafka. Debian bases work with no issue and are simply installable. --- image size is likely not as important as developer ease.

2. Debian Buster - Largest image, but is essentially "standard." Nearly everything we need is apt installable. Has often and quick security updates. We have to push this ~50mb image over the cell every time Debian updates (or at least releases a security update).

3. Debian Slim - Much smaller image, but could (?) require us to install a lot of the same dependencies over and over again. Those layers would have to be sent for each service; however, if a common enough setup emerges we could make our own base image off of slim and then base services off that image.

4. Debian bullseye/testing - Really the same as 2, but with (I suspect) more turn in image version.

I personally think Alpine is not worth its gain (and other agree, e.g., https://pythonspeed.com/articles/alpine-docker-python/). Alpine is great for a statically linked compile (Go, rust, etc.), but, even then, those things are much more tested on glibc.

I also think it's worth noting that Alpine / slim aren't necessarily disk space savers at the end of the day. The lack "stuff" in the base image promotes wasted disk space/bandwidth in shipping the same dependencies over and over again.

It is not clear to me where the trade-offs pay off. However, I'm sure if we don't coordinate we will be in a worse place.

Andrew

---

Andrew Balmos

Software/Data Engineer, ARGE/Purdue-WHIN

Ph.D. Candidate, Open Ag Technologies and Systems (OATS) Center

[Yang Wang]

I am no expert in the Docker world but I would vote for No.2 Debian Buster.

Here is my main reasoning: like you said, everything is apt-installable (libraries, toolchains, etc.) This makes it really convenient on the development end. Unless we go all out on Go or Rust, I think having the ability to install most of things is good. 50 mb might seem to be quite a bit but that assumes we will only use cellular connection. For future ISOBlues with WiFi or Ethernet, it won't be an issue.

Yang