Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Reduce image size with distroless image #38

Closed
wants to merge 3 commits into from

Conversation

maweil
Copy link
Contributor

@maweil maweil commented Jan 22, 2024

As mentioned in #25, I have worked on a smaller mumble image for personal use. The PR is not yet ready for merging as there are still some TODOs to address. I initially built this a longer time ago so I still need to check whether no functionality is lost by this PR.

Also please note that I'm still learning rust and do not claim this is the most elegant way to replace entrypoint.sh. I did this mainly as a learning opportunity.

Main Differences

  • Replace entrypoint script with rust binary
    • To be able to run without a shell
  • Copy over only needed shared libs

Open TODOs

  • Add shared libs for other database drivers than SQLite
  • Test build with current final (1.4.x), not only 1.5.x
  • Check that all options from entrypoint.sh are implemented
  • Fix build on ARM64

- Replace entrypoint script with rust binary
  - To be able to run without a shell
- Copy over only needed shared libs
@Krzmbrzl
Copy link
Member

How much size reduction does the switch to rust actually give us? I wouldn't expect the shell binary to be that large tbh 🤔

@maweil
Copy link
Contributor Author

maweil commented Jan 23, 2024

How much size reduction does the switch to rust actually give us? I wouldn't expect the shell binary to be that large tbh 🤔

The switch to using a Rust binary does not reduce the size at all.
The entrypoint replacement binary is around 1.6 MB itself. Given the difference of the distroless images with and without a shell, the Rust binary actually increases the size by about 200 KB (which is negligible though).

Container Size
gcr.io/distroless/cc-debian12:latest (no shell) 24.8 MB
gcr.io/distroless/cc-debian12:debug (with shell) 26.2 MB

In general, the distroless images have no shell though by default (see also their README). That's the reason why I replaced the shell script with a single binary instead. I picked Rust just because I wanted to use it more.

@Krzmbrzl
Copy link
Member

Not sure I feel good about using Rust here. While it is a language that I wanted to learn at some point, I am not yet familiar with it. This will make maintaining this somewhat difficult.

Plus, I don't know how well versed potential contributors are in Rust. Would be a shame to lose potential contributors because of this 👀

- To fix Mumble 1.4.287 build
- Allow choosing debian version with ARGs
@maweil
Copy link
Contributor Author

maweil commented Jan 23, 2024

That's of course understandable. I also can't share any experience how much effort maintaining the mumble-docker-entrypoint would be. I included two libraries/crates that will need updates from time to time in case e.g. security vulnerabilities are reported. Not sure how often that would be the case though.

To avoid replacing entrypoint.sh with a Rust binary, but still keeping the reduced image size, we could switch from a distroless image to something like busybox in the glibc variant (it seems to use the same GLIBC version that debian bookworm (12) uses as well). Then we don't need to pull in the other binaries (e.g. ls or cat which is used by entrypoint.sh).

One (major) drawback though: I couldn't find a version of the busybox image corresponding to Debian 11 yet with a quick search. On Debian 12, the current v1.4.287 release of Mumble won't build because of the OpenSSL version jump from 1.x to 3.x.

What are your thoughts on this?

@Krzmbrzl
Copy link
Member

Wow - I didn't realize you were waiting on an answer from me 🤦

Relevant versions of Mumble now build correctly with OpenSSL 3.x so this is no longer an issue. However, I believe the culprit will be to find a base image on which we can get ZeroC Ice to work. This is what has thus far prevented me from using an Alpine Linux base image (last time I checked, ZeroC Ice is not packaged for Alpine).
For an official Docker image, we have to support Ice as this is currently the only RPC that Mumble offers.

Note: I am closing this because I kinda believe this PR to be discontinued. If this is wrong, let me know and I'll gladly re-open :)

@Krzmbrzl Krzmbrzl closed this Jan 10, 2025
@davidebeatrici
Copy link
Member

As far as I'm aware only Debian (including direct derivates) and Arch Linux provide an official package: https://pkgs.org/search/?q=zeroc-ice

ZeroC provides an official repository that covers a few distributions, but Alpine Linux is of course not there: https://doc.zeroc.com/ice/latest/release-notes/using-the-linux-binary-distributions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants