Alpine

I've been doing a little less play and a little more work with Docker over the last few months, and it's been good fun. One of the most fun parts has been an introduction to Alpine Linux.

For the uninitiated:

Alpine Linux is a Linux distribution built around musl libc and BusyBox. The image is only 5 MB in size and has access to a package repository that is much more complete than other BusyBox based images. This makes Alpine Linux a great image base for utilities and even production applications. Read more about Alpine Linux here and you can see how their mantra fits in right at home with Docker images.

About 15 months ago, Docker announced a migration towards Alpine for their official images. I read this at the time, and was immediately sympathetic. I'm a space saving demon with technology. I delete stuff with a passion, and my anxiety used to kick in if I had less than 50GiB free on my 160GiB hard drive. A large VM or container was therefore a pretty nasty pill to swallow. Swallow it I did, mind, because they were worth the space, and I'm not completely bananas. But a 5MiB container is simply the best. And it's not just to placate my somewhat eccentric space saving tendencies, either. Small containers are good for several reasons.

  1. While not inherently more secure, a small container is easier to make secure than a large one by virtue of its smaller surface area. Easier to contain, less attack vectors, less complexity, less third party software to keep up to date, which is a thing people clearly do not do.
  2. Small images are faster to download, which means that setting up is quicker. Improving somebody's first impression is a huge benefit. In my mind, Docker is the next best thing to magic, and it should feel that way. On a less first world problem note, there are parts of the world where the difference between downloading a 20MiB image and a 280MiB image is everything.
  3. It's fun, for some definition of fun. Like code golf, but less obfuscated.

Note that they're not measurably quicker to run when they download, or anything like that. It's about distribution minimalism and bits down the wire.

Based on these factors, I vowed that any Docker images for which I was responsible would be built atop Alpine Linux, and the world would revel happily ever after in my tiny tiny Docker images.

I've been using Docker to run my Magento 2 projects for the best part of a year now, and I'm mostly happy. I built a few wrappers around it, automated a few parts, and it was all humming along nicely with Alpine. I had containers for Redis, I had containers for RabbitMQ, and y'all wouldn't believe how easy it was to debug PHP scripts.

But those halcyon days weren't fated to last, for we cannot have anything good in this life. It is impossible to do a few things in Magento 2 on Alpine Linux. Things such as compiling static assets, or viewing front end translations. It's all because of GLOB_BRACE, the little constant that couldn't. If you want to read more about this story, I encourage you to read the issue I lodged 4 months ago.

We cannot assume that this is an isolated incident, though. There may be several issues caused by little things like this, things we just haven't found yet. I know for a fact that the Magento 2 test suite does not pass on Alpine.

To that end, I went back and made Debian based clones of all of my Docker images, so that I could use those when I needed to. And I've had no issues.

I'm still maintaining the Alpine ones too, because I firmly believe that small images and containers are good things that we should work towards. To be clear, I'm not saying they are the be all and end all, or that raw size is the most important aspect in judging a container. I'm saying that all else being equal, a smaller container that does what you need is better than a larger one. So we should do our best to make sure things work on them.

But we should be wary, too. Things can work the vast majority of the time, and then one can encounter a bizarre edge case that catastrophically breaks something. Even a relatively inconsequential breakage is cause for concern when the solution is so easy.

While attractive, the road less travelled can be a little bumpy.