forked from extern/nushell
Add distroless as base image
This commit is contained in:
parent
fa53d59aee
commit
d992086192
16
.github/workflows/docker-publish.yml
vendored
16
.github/workflows/docker-publish.yml
vendored
@ -35,13 +35,15 @@ jobs:
|
|||||||
matrix:
|
matrix:
|
||||||
base-image: [debian, 'debian:stable-slim', alpine, 'busybox:glibc', 'busybox:musl']
|
base-image: [debian, 'debian:stable-slim', alpine, 'busybox:glibc', 'busybox:musl']
|
||||||
include:
|
include:
|
||||||
- { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true }
|
- { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true }
|
||||||
- { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true }
|
- { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true }
|
||||||
- { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true }
|
- { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true }
|
||||||
- { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false }
|
- { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false }
|
||||||
- { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false }
|
- { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false }
|
||||||
- { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false }
|
- { tag: musl-distroless, base-image: 'gcr.io/distroless/static', arch: x86_64-unknown-linux-musl, plugin: false }
|
||||||
- { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false }
|
- { tag: glibc-distroless, base-image: 'gcr.io/distroless/base', arch: x86_64-unknown-linux-gnu, plugin: false }
|
||||||
|
- { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false }
|
||||||
|
- { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false }
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v1
|
- uses: actions/checkout@v1
|
||||||
- uses: actions/download-artifact@master
|
- uses: actions/download-artifact@master
|
||||||
|
@ -1,14 +1,16 @@
|
|||||||
# Docker Guide
|
# Docker Guide
|
||||||
|
|
||||||
| tag | base image | plugins | package manager | libs & bins | size |
|
| tag | base image | plugins | package manager | libs & bins | size |
|
||||||
| ----------------- | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- |
|
| ------------------ | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- |
|
||||||
| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB |
|
| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB |
|
||||||
| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB |
|
| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB |
|
||||||
| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB |
|
| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB |
|
||||||
| `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB |
|
| `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB |
|
||||||
| `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB |
|
| `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB |
|
||||||
| `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB |
|
| `musl-distroless` | `distroless/static` | no | — | see [here][distroless/base] | ~(2+16) MB |
|
||||||
| `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB |
|
| `glibc-distroless` | `distroless/base` | no | — | `distroless/static` with _glibc_ | ~(17+17) MB |
|
||||||
|
| `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB |
|
||||||
|
| `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB |
|
||||||
|
|
||||||
[.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes
|
[.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes
|
||||||
[distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md
|
[distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md
|
||||||
@ -36,8 +38,7 @@ docker run -it .
|
|||||||
</details>
|
</details>
|
||||||
|
|
||||||
### `nu:<version>-slim`
|
### `nu:<version>-slim`
|
||||||
<!-- TODO: give a reason why you should use slim rather than alpine -->
|
This image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run `nu`. Unless you are working in an environment where only the `nu` image will be deployed and you have space constraints, it's highly recommended to use the alpine image if you aim for small image size. Only use this image if you really need **both** `glibc` and small image size.
|
||||||
This image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run `nu`. Unless you are working in an environment where only the `nu` image will be deployed and you have space constraints, we highly recommend using the alpine image if you aim for small image size. Only use this image if you really need **both** `glibc` and small image size.
|
|
||||||
|
|
||||||
### `nu:<version>-alpine`
|
### `nu:<version>-alpine`
|
||||||
This image is based on the popular [Alpine Linux project](http://alpinelinux.org/), available in [the alpine official image][alpine]. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.
|
This image is based on the popular [Alpine Linux project](http://alpinelinux.org/), available in [the alpine official image][alpine]. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.
|
||||||
@ -78,6 +79,30 @@ ENTRYPOINT ["nu"]
|
|||||||
```
|
```
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
|
### `nu:<version>-<libc-variant>-distroless`
|
||||||
|
This image is base on [Distroless](https://github.com/GoogleContainerTools/distroless) which usually to contain only your application and its runtime dependencies. This image do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution except for nushell itself. All distroless variant always contains:
|
||||||
|
- ca-certificates
|
||||||
|
- A /etc/passwd entry for a root user
|
||||||
|
- A /tmp directory
|
||||||
|
- tzdata
|
||||||
|
|
||||||
|
As for `glibc-distroless` variant, it **adds**:
|
||||||
|
- glibc
|
||||||
|
- libssl
|
||||||
|
- openssl
|
||||||
|
|
||||||
|
> Most likely you want to use this in CI/CD environment for plugins that can be statically compiled.
|
||||||
|
|
||||||
|
<details><summary>example</summary>
|
||||||
|
|
||||||
|
```dockerfile
|
||||||
|
FROM nu:musl-distroless
|
||||||
|
|
||||||
|
COPY target/x86_64-unknown-linux-musl/release/nu_plugin_* /bin/
|
||||||
|
ENTRYPOINT ["nu"]
|
||||||
|
```
|
||||||
|
</details>
|
||||||
|
|
||||||
### `nu:<version>-<libc-variant>-busybox`
|
### `nu:<version>-<libc-variant>-busybox`
|
||||||
This image is based on [Busybox](http://www.busybox.net/) which is a very good ingredient to craft space-efficient distributions. It combines tiny versions of many common UNIX utilities into a single small executable. It also provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. Basically, this image provides a fairly complete environment for any small or embedded system.
|
This image is based on [Busybox](http://www.busybox.net/) which is a very good ingredient to craft space-efficient distributions. It combines tiny versions of many common UNIX utilities into a single small executable. It also provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. Basically, this image provides a fairly complete environment for any small or embedded system.
|
||||||
|
|
||||||
@ -89,7 +114,7 @@ This image is based on [Busybox](http://www.busybox.net/) which is a very good i
|
|||||||
FROM nu:0.2-glibc-busybox
|
FROM nu:0.2-glibc-busybox
|
||||||
|
|
||||||
ADD https://github.com/user/repo/releases/download/latest/nu_plugin_cowsay.tar.gz /tmp/
|
ADD https://github.com/user/repo/releases/download/latest/nu_plugin_cowsay.tar.gz /tmp/
|
||||||
RUN tar xzfv nu_plugin_cowsay.tar.gz -C /bin
|
RUN tar xzfv nu_plugin_cowsay.tar.gz -C /bin --strip=1 nu_plugin_cowsay
|
||||||
|
|
||||||
ENTRYPOINT ["nu"]
|
ENTRYPOINT ["nu"]
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user