Docker, Alpine, Ubuntu, and You
Dustin Kirkland
on 10 February 2016
Tags: containers , docker , Ubuntu
There’s no shortage of excitement, controversy, and readership, any time you can work “Docker” into a headline these days. Perhaps a bit like “Donald Trump”, but for CIO tech blogs and IT news — a real hot button. Hey, look, I even did it myself in the title of this post!
There’s no shortage of excitement, controversy, and readership, any time you can work “Docker” into a headline these days. Perhaps a bit like “Donald Trump”, but for CIO tech blogs and IT news — a real hot button. Hey, look, I even did it myself in the title of this post!
Sometimes an article even starts out about CoreOS, but gets diverted into a discussion about Docker, like this one, where shykes (Docker’s founder and CTO) announced that Docker’s default image would be moving away from Ubuntu to Alpine Linux.
I have personally been Canonical’s business and technical point of contact with Docker Inc, since September of 2013, when I co-presented at an OpenStack Meetup in Austin, Texas, with Ben Golub and Nick Stinemates of Docker. I can tell you that, along with most of the rest of the Docker community, this casual declaration in an unrelated Hacker News thread, came as a surprise to nearly all of us!
Docker’s default container image is certainly Docker’s decision to make. But it would be prudent to examine at a few facts:
(1) Check DockerHub and you may notice that while Busybox (Alpine Linux) has surpassed Ubuntu in the number downloads (66M to 40M), Ubuntu is still by far the most “popular” by number of “stars” — likes, favorites, +1’s, whatever, (3.2K to 499).
(2) Ubuntu’s compressed, minimal root tarball is 59 MB, which is what is downloaded over the Internet. That’s different from the 188 MB uncompressed root filesystem, which has been quoted a number of times in the press.
(3) The real magic of Docker is such that you only ever download that base image, one time! And you only store one copy of the uncompressed root filesystem on your disk! Just once, sudo docker pull ubuntu, on your laptop at home or work, and then launch thousands of images at a coffee shop or airport lounge with its spotty wifi. Build derivative images, FROM ubuntu, etc. and you only ever store the incremental differences.
Actually, I encourage you to test that out yourself… I just launched a t2.micro — Amazon’s cheapest instance type with the lowest networking bandwidth. It took 15.938s to sudo apt install docker.io. And it took 9.230s to sudo docker pull ubuntu. It takes less time to download Ubuntu than to install Docker!
ubuntu@ip-172-30-0-129:~⟫ time sudo apt install docker.io -y
...
real 0m15.938s
user 0m2.146s
sys 0m0.913s
As compared to…
ubuntu@ip-172-30-0-129:~⟫ time sudo docker pull ubuntu
latest: Pulling from ubuntu
f15ce52fc004: Pull complete
c4fae638e7ce: Pull complete
a4c5be5b6e59: Pull complete
8693db7e8a00: Pull complete
ubuntu:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:457b05828bdb5dcc044d93d042863fba3f2158ae249a6db5ae3934307c757c54
Status: Downloaded newer image for ubuntu:latest
real 0m9.230s
user 0m0.021s
sys 0m0.016s
Now, sure, it takes even less than that to download Alpine Linux (0.747s by my test), but again you only ever do that once! After you have your initial image, launching Docker containers take the exact same amount of time (0.233s) and identical storage differences. See:
ubuntu@ip-172-30-0-129:/tmp/docker⟫ time sudo docker run alpine /bin/true
real 0m0.233s
user 0m0.014s
sys 0m0.001s
ubuntu@ip-172-30-0-129:/tmp/docker⟫ time sudo docker run ubuntu /bin/true
real 0m0.234s
user 0m0.012s
sys 0m0.002s
(4) I regularly communicate sincere, warm congratulations to our friends at Docker Inc, on its continued growth. shykes publicly mentioned the hiring of the maintainer of Alpine Linux in that Hacker News post. As a long time Linux distro developer myself, I have tons of respect for everyone involved in building a high quality Linux distribution. In fact, Canonical employs over 700 people, in 44 countries, working around the clock, all calendar year, to make Ubuntu the world’s most popular Linux OS. Importantly, that includes a dedicated security team that has an outstanding track record over the last 12 years, keeping Ubuntu servers, clouds, desktops, laptops, tablets, and phones up-to-date and protected against the latest security vulnerabilities. I don’t know personally Natanael, but I’m intimately aware of what a spectacular amount of work it is to maintain and secure an OS distribution, as it makes its way into enterprise and production deployments. Good luck!
(5) There are currently 5,854 packages available via apk in Alpine Linux (sudo docker run alpine apk search -v). There are 8,862 packages in Ubuntu Main (officially supported by Canonical), and 53,150 binary packages across all of Ubuntu Main, Universe, Restricted, and Multiverse, supported by the greater Ubuntu community. Nearly all 50,000+ packages are updated every 6 months, on time, every time, and we release an LTS version of Ubuntu and the best of open source software in the world every 2 years. Like clockwork. Choice. Velocity. Stability. That’s what Ubuntu brings.
Docker holds a special place in the Ubuntu ecosystem, and Ubuntu has been instrumental in Docker’s growth over the last 3 years. Where we go from here, is largely up to the cross-section of our two vibrant communities.
And so I ask you honestly…what do you want to see? How would you like to see Docker and Ubuntu operate together?
What’s the risk of unsolved vulnerabilities in Docker images?
Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.
Newsletter signup
Related posts
What to know when procuring Linux laptops
Technology procurement directly influences business success. The equipment you procure will determine how your teams deliver projects and contribute to your...
Canonical announces public beta of optimized Ubuntu image for Qualcomm IoT platforms
Today Canonical, the publisher of Ubuntu, and Qualcomm® Technologies announce the official beta launch of the very first optimized image of Ubuntu for...
Entra ID authentication on Ubuntu at scale with Landscape
Authd allows Entra ID authentication on both Ubuntu Desktop and Server. Learn how to configure Authd at scale using Landscape and Cloud-init