We reduced our Docker images by 60% with –no-install-recommends
Francisco Jiménez Cabrera
on 15 November 2019
Tags: Design , Development , docker , web
Here at Canonical, we use Dockerfiles on a daily basis for all our web projects. Something that caught our attention recently was the amount of space that we were using for each Docker image, and we realized that we were installing more dependencies than we needed.
In this article, I’ll explain how we improved our image build time and reduced the image size by using the flag --no-install-recommends
in our Dockerfiles.
Using APT
As you may know, Advanced Package Tool, or APT, is the interface to handle the installation and removal of software on Debian based distributions. It simplifies the process of managing software by automating the retrieval, configuration and installation of software packages.
Every package has different types of dependencies:
- Required packages
- Recommended packages
- Suggested packages
The required packages are mandatory since they are necessary for the correct operation of the package. Still, the recommended and suggested packages are not essential, and they are there to offer some extra functionality that we might not need to use. By default APT will install required and recommended packages.
Disabling recommended packages
To avoid the installation of recommended packages, we included the flag --no-install-recommends
when using APT in our Dockerfile.
RUN apt-get update && apt-get install --no-install-recommends --yes python3
By doing this, we achieve a decrease of around 60% in our Docker images size.
This obviously will vary according to the dependencies you are using. In our case, we did it for all our Python websites which reduced the size of all our Docker containers significantly. Also, the build time sped up about 15%.
I recommend doing this whenever you run apt install in your Dockerfiles, and I hope you find it useful if you are trying to reduce the size of your containers.
It is important to keep in mind that doing this could result in some missing libraries in your projects which you may have to add back explicitly, but this will ultimately give you more control in the dependencies in your project.
Happy dockering!
What’s the risk of unsolved vulnerabilities in Docker images?
Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.
Newsletter signup
Related posts
Introducing a VSCode extension for Vanilla CSS Framework
The Vanilla CSS Framework is a utility class-based and customizable SASS library that is the go-to when it comes to styling websites and dashboards across the...
An Introduction to Open Source Licensing for complete beginners
Open source is one of the most exciting, but often misunderstood, innovations of our modern world. I still remember the first time I installed linux on my...
Web Engineering: Hack Week 2024
At Canonical, the work of our teams is strongly embedded in the open source principles and philosophy. We believe open source software will become the most...