Background: For TurnKey 15 (codenamed TKLX) we're evaluating a change of architecture from the current generation of monolithic systems to systems as collections of container based micro-services. Essentially the service container replaces the package as the highest level system abstraction.
There are several layers to the new architecture, but the first step is to figure out the best way to create the service containers. Alon has been quietly working on this for the last couple of months and managed to slim down Debian to 12MB compressed for the base image:
With Anton's help we added PoC tklx containers for Mongodb, Nginx, Postgres, Apache, Django and others:
So far the most thought provoking question we've received is: why are we using Debian for this instead of Alpine Linux, the trendy minimalist upstart blessed by the powers at Docker?
That is a very good question, and it deserves a good answer.
Alpine Linux has its roots in LEAF, an embedded router project, which was in turn forked from the Linux Router on a Floppy project.
As far as I can tell Alpine would have stayed on the lonely far fringe of Linux distributions if not for Docker. I suspect a big part of Dockers motivation for adopting Alpine was the petabytes of bandwidth they could save if people using Docker didn't default to using a fat Ubuntu base image.
Debian is superior compared to Alpine Linux with regards to:
- quantity and quality of supported software
- the size and maturity of its development community
- amount of testing everything gets
- quality and quantity of documentation
- present and future security of its build infrastructure
- the size and maturity of its user community, number of people who know its ins and outs
- compatibility with existing software (libc vs musl)
Alpine Linux's advantages on the other hand:
- it has a smaller filesystem footprint than stock Debian.
- its slightly more memory efficient thanks to BusyBox and musl library
Alpine touts security as an advantage but aside from defaulting to a grsecurity kernel (which isn't advantage for containers) they don't really offer anything special. If anything the small size and relative immaturity of the Alpine dev community makes it much more likely that their infrastructure and build systems are compromised. Debian is also at risk but there are more eyes on the prize, and they're working to mitigate this with reproducible/deterministic builds, which isn't on Alpine's roadmap and may be beyond their resources.
Though Alpine advertises a range of benefits the thing its dev community seems to obsess about the most is size. As small as possible.
Regarding the footprint, Alon showed you can slim down Debian so the footprint advantage is small. If that isn't enough we can take it one step further and use Debian Embedded to slim things down further by using BusyBox, and smaller libc versions, just like Alpine.
Choosing Alpine over Debian for this use case trades off people-oriented advantages that increase with value over time (skilled dev labour, bug hunters, mindshare, network effects) for machine-oriented advantages (storage and memory) that devalue rapidly thanks to Moore's Law.
I can see Alpine's advantages actually mattering in the embedded space circa 2000, but these days Debian runs fine on the $5 Raspberry Pi Zero computer, while the use case Alpine is actually being promoted for are servers with huge amounts of disk space and memory by comparison.
Maybe I'm missing something but doesn't that seem awfully short sighted?
OTOH, I can see how from Docker's POV, assuming bandwidth isn't getting as cheap as fast as storage or memory, and they're subsidizing petabytes of it, swinging from the fattest image to the slimmest image could help cut down costs. I bet Docker also like that they can have much more influence over Alpine after hiring its founder than they could ever hope to have over a big established distribution like Debian.
Summary of Debian pros:
- vastly larger dev & user community
- more packages
- more testing
- more derived distributions
- more likely to still be in robust health in 10 years
- working towards reproducible builds
- better documentation
- libc more compatible than musl, less likely to trigger bugs
- more trustworth infrastructure
Summary of Alpine pros:
- lighter: community obsessed with footprint
- musl: more efficient libc alternative
- simpler init system: OpenRC instead of systemd
- lead dev & founder is a Docker employee