Provide base image for Native AOT #4748
Comments
|
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
|
You should see the same behavior with regular SCD and FDD too.
A lot of microservices should work fine without Kerberos. It is very similar question to whether or not to install ICU that we are opinionated about. We may want to be opinionated in the same way about Kerberos: omit it in Alpine images, keep it in Debian images. We do not test the experience with missing Kerberos today. If we omit Kerberos, we should make sure that people can figure out that the Kerberos is missing and how to fix it. |
|
See also related #4129 |
|
Kerberos comes with Debian and Ubuntu and not Alpine. That's the diff. We don't install Kerberos in our Ubuntu Chiseled images. $ docker run --rm -it ubuntu apt search krb5
Sorting... Done
Full Text Search... Done
libgssapi-krb5-2/now 1.19.2-2ubuntu0.2 arm64 [installed,local]
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libkrb5-3/now 1.19.2-2ubuntu0.2 arm64 [installed,local]
MIT Kerberos runtime libraries
libkrb5support0/now 1.19.2-2ubuntu0.2 arm64 [installed,local]
MIT Kerberos runtime libraries - Support library |
|
Closing this issue since it is a dupe. Will open a new issue about Alpine |
|
Doing some size analysis again (on x64), with ICU included.
Note: The Note: These numbers are all uncompressed. The compressed (wire/registry) cost of ICU is 14-15MB (per our observations). Dockerfile (for ICU components): FROM alpine
RUN apk add --no-cache --upgrade ca-certificates-bundle libssl3 zlib libgcc libstdc++ icu-data-full icu-libsRelated: |
|
Here's something similar with Ubuntu. $ docker images ubuntu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 5a81c4b8502e 6 weeks ago 77.8MB
$ cat Dockerfile.ubuntu
FROM ubuntu
RUN apt update && apt install -y libicu70 && rm -rf /var/lib/apt/lists/*
$ docker build --pull -t ubuntu-icu -f Dockerfile.ubuntu .
$ docker images ubuntu-icu
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu-icu latest 24e55e9a3fb4 2 minutes ago 114MBThe diff here is 36.2MB |
Our NativeAOT offering appears to work fine on just
alpine, for example. UsingFROM alpineis cool, but that means those apps lose out on our non-root offering and cannot (straightforwardly) follow the same patterns. Also, the HTTP port isn't pre-defined. That seems bad.However, our
runtime-depsimages are too big.I don't have a concrete proposal to offer yet.
Questions (about our Alpine images):
ca-certificatesin addition to theca-certificates-bundlepackage that comes with Alpine. I discovered this since Native AOT apps are able to call HTTPS end points (viaHttpClient) w/plainalpine(noca-certificatesinstalled).Some size info:
alpine: 7.66MBca-certificates-bundle,libgcc,libssl3,zlib: 7.82MBlibstdc++: 10.2MBkrb5-libs: 12.9MBca-certificates: 13.5MBThe text was updated successfully, but these errors were encountered: