Check out a free preview of the full Complete Intro to Containers (feat. Docker) course
The "Alpine Linux" Lesson is part of the full, Complete Intro to Containers (feat. Docker) course featured in this preview video. Here's what you'd learn in this lesson:
Brian demonstrates how to use Alpine Linux, and explains that Alpine Linux is the smallest barebone distribution of Linux, it is therefore more secure because there are less files and less vulnerabilities.
Transcript from the "Alpine Linux" Lesson
[00:00:00]
>> So so far, we've built a nice little Node.JS application. It's been running on Debian, which is a perfectly valid and perfectly great operating system. There's lots of reasons that you would run something inside of Debian. But there's an issue with the fact that Debian is quite large.
[00:00:16]
This Node package, I think, ends up being almost a gigabyte, something like that. It's quite large, right? It's a whole operating system basically, at least the file structure for it. So it'd be great if we could make something smaller, right? So I wanna introduce you to something called Alpine Linux.
[00:00:34]
It's something that we've actually kind of already accidentally been using because a lot of things are built in Alpine Linux, but let's go ahead and just have a little chat about it. So Alpine Linux is the most bare bones, smallest distribution of Linux that it can possibly be.
[00:00:48]
And it includes just the tools that it thinks that you're gonna need to run your application and literally nothing. Everything else you have to put in yourself, right? The advantage is, is you go from 900 megabytes to 5, so Alpine's base layer is 5 megabytes. And actually just so you know, Alpine is actually based on another distribution of Linux called BusyBox.
[00:01:11]
And BusyBox I believe came out of Samsung, may want to look me up on that one. But BusyBox is two megabytes, and it's even more bare bones, I would suggest just going with Alpine. Those extra three megabytes are almost all things that you would need anyway. So you would end up reinstalling that stuff anyway.
[00:01:29]
The tradeoff here with Alpine Linux is that it just requires a lot more work to get stuff working, right? It doesn't even include certificate authorities. It doesn't include a bunch of stuff that you would likely need, but the good news is, it includes nothing that you don't need.
[00:01:44]
A great example of this is like if you include Debian, on Debian by default is Python. It's a great language. We did not use Python at all in our application. So it's actually a security vulnerability. So if someone can get onto our server and download a Python file, they can execute it right away with the Python interpreter that's on the server, right?
[00:02:04]
But if there's no Python interpreter, they'd have to find a way to install it, and that's a lot more difficult than just connecting to a server. So that's why Alpine Linux is secure, it's secure by just having less stuff on it, right? You just eliminate a whole class of security vulnerabilities that you'll have.
[00:02:21]
The other thing is, things that download a lot quicker, they're cheaper to store, they're cheaper to run. I don't necessarily think that's the biggest part of this, maybe the pricing rights, because I know things like Azure Container Registry, which is a private registry for containers, does charge by size.
[00:02:37]
So you'll save yourself a little bit of money in that respect, but it's not much, right? So that's a nice side effect, the security part is actually what I think is the compelling reason to use a smaller version of Linux. So how hard is it to switch your project from Stretch to Alpine?
[00:02:58]
Well, let's go give it a shot. So what I'm gonna do, because I'm lazy and I don't wanna restart my entire project, is I'm gonna say cp- r everything in. Actually I'm gonna cd out of this and I'm gonna say cp- r, more-complicated that, and I'm going to put that into a directory called alpine-linux.
[00:03:21]
So now I have another directory called alpine-linux and I just copied everything over there. I'm doing this so hopefully you can go back and reference what you built later. So inside of here, as you may imagine, everything's literally the same, but I wanna change this from Debian project to a Alpine project.
[00:03:45]
And there's a bit of witchcraft that you have to do, you have to change the word stretch to alpine. That's it, that's all you have to do. So now if we go back in here and say, am I in the right directory? I'm not, I have to go into alpine-linux.
[00:04:09]
We're going to run build again, and again, you could put different tags on all these if you wanted to. I'm not going to. So you can see there's a couple more layers. I think the Node one, once you add Node into it, ends up being about 20 megabytes, right, cuz there's some tools that come around with Node and NPM and all that kind of stuff.
[00:04:33]
Plus you're gonna include a bunch of Node modules, they'll take up space as well. I think all said and done, I measured this earlier, and I believe this container that we just built I believe is 80 megabytes, as opposed to 913, I think is what I measured the other one.
[00:04:50]
So yeah, 913 to 86. And if we just go to docker inspect my-app. Somewhere in here it will tell you how big it is, size, right there. So you'd have to go and calculate how many bytes that translates into. According to my documentation here, that's 86 megabytes. All right, so now if we go ahead and try and run this again.
[00:05:27]
Right there, right there, right there. Works just fine. But instead of using Debian, we're now on to Alpine, but we just saved ourself an entire class of bugs by including much less. Now, there is a Debian distribution called Debian SLiM, so if I went 12-stretch-slim, I think you go down to about 150 megabytes, but you still get full Debian.
[00:05:57]
So that's a possibility as well. I know lots of people do that, Ubuntu used to do that as well, that there was Ubuntu slim and now actually there is no full Ubuntu. It's just Ubuntu slim and everything else you have to build yourself. There might be a full one somewhere, but I don't know how to get it, cuz it doesn't matter.
[00:06:18]
So, pretty good. Yeah, node latest, last time I checked was 908 megabytes. Whereas node:12-alpine is about 80. Pretty stark difference. So this is kind of where I wanted to talk a little bit about distributions of Linux. One, I'm not a Linux master by any stretch of the imagination.
[00:06:42]
When I use Linux, I use Ubuntu just because that's the one I know. That's the one I've always used. By some proxy, I know a bit about Debian because Ubuntu is based on Debian, right? So my default is I use Ubuntu or Debian for anything that I'm doing locally.
[00:07:00]
It has all the tools I know how to use. And then any time that I'm sending stuff out to production, I try and get it on Alpine. Because then it's smaller, right, and more secure. But you can totally do things with RHEL, Red Hat Enterprise Linux, that's another great distribution of Linux Mint.
[00:07:18]
SUSE, Kali, they're all good distributions of Linux. The last thing I wanted to mention about Alpine. So it doesn't even include bash. That's probably the hardest part about this for me is that I have to do -it. There's a bunch of stuff that, it's using something called ash, A-S-H instead of bash, which is a minimalistic shell and not a full born-again shell, which is what bash is, right?
[00:07:57]
So there are differences and I don't know them, right? So that, for me, is one of the reasons that I don't use Alpine all the time is because I don't know Ash very well. That was the last thing I wanted to mention.
Learn Straight from the Experts Who Shape the Modern Web
- In-depth Courses
- Industry Leading Experts
- Learning Paths
- Live Interactive Workshops