Docker base image - 3.0
-
The base image 3.0 is now ready. It's based off Ubuntu Focal. You can update your custom apps to use this new base image.
Note that while the database client libs have been upgraded, the server components will only be upgraded with Cloudron 7. We have starting updating apps one by one now.
Some package updates:
- Postgres 12
- ffmpeg 4.2
- mongodb 4.2
- add stress utility - i love this tool for oom testing in containers
- ghostscript
- imagick (replaces gd)
- PHP 7.4
- node 14.15.4
- go 1.15.7
- yarn is installed via npm now
- ruby 2.7
- contains all the locale data that ubuntu supports
Final stable base image :
cloudron/base:3.0.0@sha256:455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92 -
The base image 3.0 is now ready. It's based off Ubuntu Focal. You can update your custom apps to use this new base image.
Note that while the database client libs have been upgraded, the server components will only be upgraded with Cloudron 7. We have starting updating apps one by one now.
Some package updates:
- Postgres 12
- ffmpeg 4.2
- mongodb 4.2
- add stress utility - i love this tool for oom testing in containers
- ghostscript
- imagick (replaces gd)
- PHP 7.4
- node 14.15.4
- go 1.15.7
- yarn is installed via npm now
- ruby 2.7
- contains all the locale data that ubuntu supports
Final stable base image :
cloudron/base:3.0.0@sha256:455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92 -
The base image 3.0 is now ready. It's based off Ubuntu Focal. You can update your custom apps to use this new base image.
Note that while the database client libs have been upgraded, the server components will only be upgraded with Cloudron 7. We have starting updating apps one by one now.
Some package updates:
- Postgres 12
- ffmpeg 4.2
- mongodb 4.2
- add stress utility - i love this tool for oom testing in containers
- ghostscript
- imagick (replaces gd)
- PHP 7.4
- node 14.15.4
- go 1.15.7
- yarn is installed via npm now
- ruby 2.7
- contains all the locale data that ubuntu supports
Final stable base image :
cloudron/base:3.0.0@sha256:455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92 -
Cool, thanks for posting this Girish.
It would be great to test the size before and after docker-slim minification.
-
Cool, thanks for posting this Girish.
It would be great to test the size before and after docker-slim minification.
@robi We used to have a flatten script back in the day - https://git.cloudron.io/cloudron/docker-base-image/-/commit/734ba25b3493ed1cf9283d8b10b022439bb22309 . I will post the results if I get to running docker-slim.
edit: it seems docker-slim is for application images. our base image is not an application image, it is just a bunch of commonly used libraries. if anything, docker-slim should be run in the app images we build. i thought it was some simple minifier
-
@robi We used to have a flatten script back in the day - https://git.cloudron.io/cloudron/docker-base-image/-/commit/734ba25b3493ed1cf9283d8b10b022439bb22309 . I will post the results if I get to running docker-slim.
edit: it seems docker-slim is for application images. our base image is not an application image, it is just a bunch of commonly used libraries. if anything, docker-slim should be run in the app images we build. i thought it was some simple minifier
@girish, maybe I'm sidetracking here, and it's just out of curiosity, I have no horse in this race, but: is there a need for an APP image to be based on Ubuntu?
I understand the need in the base image, lots of libs and binaries and features we need during build time, but what's stopping an app image from, say, using a second
FROMstatement based off of alpine, for example, and just copying whatever it needs? -
@girish, maybe I'm sidetracking here, and it's just out of curiosity, I have no horse in this race, but: is there a need for an APP image to be based on Ubuntu?
I understand the need in the base image, lots of libs and binaries and features we need during build time, but what's stopping an app image from, say, using a second
FROMstatement based off of alpine, for example, and just copying whatever it needs?@malvim Short answer : no, there's nothing stopping an app from not even using the base image at all
Long answer : the idea was to have a single base image, to minimize the combined size of the docker cache by having all the apps share most of their layers, so you don't have a container layer in each app to download each lib & runtime
-
@girish, maybe I'm sidetracking here, and it's just out of curiosity, I have no horse in this race, but: is there a need for an APP image to be based on Ubuntu?
I understand the need in the base image, lots of libs and binaries and features we need during build time, but what's stopping an app image from, say, using a second
FROMstatement based off of alpine, for example, and just copying whatever it needs?@malvim To add to what @mehdi said, I have often struggled working with minimalistic images because they often lack the tools for debugging. Often I end up in these alpine images which don't have anything installed, no editors/network tools etc. I am not sure how one works with them. Compared to developer time, a big base image which is just 2GB or so is really costing next to nothing.
-
Tentative base image is.cloudron/base:3.0.0@sha256:3f55a3dbde353d5bb574ca7d66e0a391999f2adbd7dae13bd795ecb8f53e962e
Final image iscloudron/base:3.0.0@455c70428723e3a823198c57472785437eb6eab082e79b3ff04ea584faf46e92The apps below work fine:
- Grafana (Go)
- Snipe-IT (PHP 7.4)
- Verdaccio (node)
- Ampache - php 7.4
- GitHub Pages (ruby + locale fixes)
- Metabase (java)
- Moodle - php 7.4
- Peertube - does not support node 14 yet, but next release will. so it's fine.
- Redmine - 4.1 does not support ruby 2.7 yet - https://redmine.org/projects/redmine/wiki/RedmineInstall . so we cannot update it (it's fine)
- GitLab - fails "Could not find openssl-2.2.0 in any of the sources"
Big TODO: port all addons/services.
-
@malvim To add to what @mehdi said, I have often struggled working with minimalistic images because they often lack the tools for debugging. Often I end up in these alpine images which don't have anything installed, no editors/network tools etc. I am not sure how one works with them. Compared to developer time, a big base image which is just 2GB or so is really costing next to nothing.
@girish said in Docker base image - 3.0:
I have often struggled working with minimal images because they often lack the tools for debugging
You will use minimalism only in production, if you are debugging you can use the full tool-set image, but on production you will only include what's is necessary.
In a Apache PHP based app, you don't need 2 web-server, you don't need java or nodejs.
@girish said in Docker base image - 3.0:
just 2GB
2 GB is from 10% to 5% of a Basic NVMe Cloud instances on most provider, is really a lot of space especially during update, it will take resources and time on server that know days are especially small 2 or 3 vCore and 4 to 8 GB of RAM.
Most of the time your docker image update is longer because CPU bottleneck not network (we have a proxy for the image on docker hub) we have test that.I don't think is urgent to do or that cloudron need to do it, but i can understand why most of the docker community like small alpine images, and docker is born for that 1 software-1container, but now is thing of the past.
@mehdi said in Docker base image - 3.0:
container layer
btw if you are using "container layer" with small image stack is better, is how docker work better, a cloudron with just nextcloud don't need to have java on it, that's just w8st of space (jdk is from 160 to 180MB).
You can have:
- Ubuntu base image (with or with out tools that help you debug, depending if is prod or test)
- library that the app need to have to work (webserver, php, java) probably all php apps need the same or can have the same, we don't need to be super efficient, just more efficient
- the app it self, wordpress, nextcloud, ecc ecc.
This can be a possible and probably not so much time consuming to maintain (gitlab ci, is haven in this case), obviously is not the only answer to the image maintenance issue, and one is the big complete image that cloudron is using.
Everything have pros and cons.
And maybe this look like me angry but i'm not, and cloudron support every app that build on there baseimage or build on top of Alpine, so if somebody don't like it, is easy to build a custom app =D. -
Can the base image UIDs be modified so they are shifted by 100 or 1000 so container processes can be more easily identified from host system processes?
-
Isn't it better to use different commands like
systemd-cglsandsystemd-cgtop? I think many tools simply don't work well when mixing host and containers including tools like du. Hard to fix this, just need to write better system tools.@girish said in Docker base image - 3.0:
Isn't it better to use different commands like
systemd-cglsandsystemd-cgtop? I think many tools simply don't work well when mixing host and containers including tools like du. Hard to fix this, just need to write better system tools.Absolutely not. Have you used those?
A combination of top and htop is decent, except for the UIDs which we have control over.
Hence the ask..
Let's make it nice.
-
@girish said in Docker base image - 3.0:
Isn't it better to use different commands like
systemd-cglsandsystemd-cgtop? I think many tools simply don't work well when mixing host and containers including tools like du. Hard to fix this, just need to write better system tools.Absolutely not. Have you used those?
A combination of top and htop is decent, except for the UIDs which we have control over.
Hence the ask..
Let's make it nice.
-
@robi even if we change the IDs in the base image (which will break Ubuntu packages), you will only see random/raw uids in the host with ps.
I don't really see the benefit of messing with user ids within the container. The only reason I see is to map access to existing data from a new containerised app (which is not really the case on Cloudron) or if you want to shift privileged user ids to a higher value on the host.
-
G girish referenced this topic on
