July 26, 2016

DevOps and microservices are changing the way organizations develop apps and manage IT, and Docker is one of the most recognizable names of the DevOps revolution. Although Docker is established as the de facto leader among container technologies, there is a rising swell of competition out there as well, which means Docker can’t afford to be stagnant. Lately, it has made some movies to put containers on a bit of a diet in an effort to offer customers a unique advantage.

The primary benefit of containers is to take the entire runtime of an ecosystem and compress it into modular containers that can be swapped between environments and platforms. Large applications can be broken down into an array of processes and elements—each running as a separate container. Container images can be created, multiplied, managed, and destroyed at the push of a button.

One problem organizations face with containers, however, is size—and the burden containers place on performance. The Docker container image is built on a Debian Linux foundation. Debian is a full-featured OS, which means the Docker images are 100MB or more.

That may not sound like a lot. I still remember when hard drives were first becoming a thing and I paid nearly $300 for an 85MB hard drive. No, that isn’t a typo—I mean 85MB, not 85GB. When you can buy terabytes of storage capacity for under $100, 100MB container images seem almost trivial. However, most microservices and container environments function in the cloud. When you view it from the perspective of transferring 100MB across the Internet every time a container is created or accessed, it can be a significant and unnecessary burden on performance.

Docker recognizes this challenge, and is actively working to address it. It recently acquired Unikernel Systems. A recent ContainerJournal post explains that unikernels compile source code into a custom operating system that includes only the functionality required by the application logic. The idea, ostensibly, is to reduce the footprint of the container images by stripping it down to the bare essentials.

Unikernels are a new concept being applied to a nascent technology, though, and some organizations are reluctant to embrace cutting edge when it comes to production. Unikernels will most likely gain mainstream momentum, but in the meantime Docker is working on alternative solutions as well—like switching which Linux build it uses for the core of Docker images.

Docker is transitioning to Alpine Linux–an exceptionally lightweight Linux distribution of less than 5MB. That is a 95 percent drop in the size of the Docker container image, but with a Linux distribution that is still capable of supporting a wide range of applications and services so it won’t impede the capabilities Docker provides with its containers.

Alpine will become the new default OS image for Docker, which will allow organizations to significantly reduce the network traffic associated with Docker containers. Eventually, Unikernels may become the mainstream solution embraced by the masses, but for now 5MB Docker container images based on Alpine Linux are a considerable step in the right direction.

Tony Bradley is Community Manager for Tenable Network Security and Editor-in-Chief of TechSpective. Tony has a passion for technology and gadgets--with a focus on Microsoft and security. He also loves spending time with his family and likes to think he enjoys reading and golf even though he never finds the time for either.

  • Kyle C. Quest

    Alpine-based images are definitely nice if it fits your use cases and the packages you need are there. It’s not always the case though…

    Another alternative is DockerSlim ( http://dockersl.im ). You can use regular base images like Ubuntu and DockerSlim will shrink your images to be as small and, in some cases, even smaller than Alpine-based images.

    And DockerSlim will also auto-generate Seccomp and AppArmor profiles in case you are worried about security 🙂