Which docker image types should I use?

There are some docker image types, like *-slim, *-alpine, etc. I’ve taken *-alpine in most cases without thinking deeply, but I found there could have downside of using them yesterday and I googled about this topic.

Alpine

Whenever you want to reduce docker image size, you could use alpine based image. But it doesn’t always have a merit of small size like Python:

In addition, it can have lower performance in some cases, and you should have a benchmark before using it in production environment:

Distroless

https://github.com/GoogleContainerTools/distroless

Distroless is for Security if not for Size - Raju Dawadi - Medium

This type of docker image is not the smallest image, but better for security. It doesn’t have package manager and shell (minus OS), just executes your app.

You can usually use this image with multi stage build, and can create your own distroless docker image with Bazel.

When you want to debug with shell, you can use an image with :debug tag.

docker-slim

https://github.com/docker-slim/docker-slim

This is NOT a docker image type, but a tool. You might can reduce docker image size with it.

Conclusion

This is just a WIP conclustion, but we should always have a benchmark before using docker image in production and compare each image types pros/cons. IMO, it seems better to use distroless image for security reasons and reduce image size with docker-slim.

Contents