Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Docker, Alpine, Ubuntu, and You

This article was last updated 8 years ago.


There’s no shortage of excitement, controversy, and readership, any time you can work “Docker” into a headline these days. Perhaps a bit like “Donald Trump”, but for CIO tech blogs and IT news — a real hot button. Hey, look, I even did it myself in the title of this post!

There’s no shortage of excitement, controversy, and readership, any time you can work “Docker” into a headline these days. Perhaps a bit like “Donald Trump”, but for CIO tech blogs and IT news — a real hot button. Hey, look, I even did it myself in the title of this post!

Sometimes an article even starts out about CoreOS, but gets diverted into a discussion about Docker, like this one, where shykes (Docker’s founder and CTO) announced that Docker’s default image would be moving away from Ubuntu to Alpine Linux.

I have personally been Canonical’s business and technical point of contact with Docker Inc, since September of 2013, when I co-presented at an OpenStack Meetup in Austin, Texas, with Ben Golub and Nick Stinemates of Docker. I can tell you that, along with most of the rest of the Docker community, this casual declaration in an unrelated Hacker News thread, came as a surprise to nearly all of us!

Docker’s default container image is certainly Docker’s decision to make. But it would be prudent to examine at a few facts:

(1) Check DockerHub and you may notice that while Busybox (Alpine Linux) has surpassed Ubuntu in the number downloads (66M to 40M), Ubuntu is still by far the most “popular” by number of “stars” — likes, favorites, +1’s, whatever, (3.2K to 499).

(2) Ubuntu’s compressed, minimal root tarball is 59 MB, which is what is downloaded over the Internet. That’s different from the 188 MB uncompressed root filesystem, which has been quoted a number of times in the press.

(3) The real magic of Docker is such that you only ever download that base image, one time! And you only store one copy of the uncompressed root filesystem on your disk! Just once, sudo docker pull ubuntu, on your laptop at home or work, and then launch thousands of images at a coffee shop or airport lounge with its spotty wifi. Build derivative images, FROM ubuntu, etc. and you only ever store the incremental differences.

Actually, I encourage you to test that out yourself… I just launched a t2.micro — Amazon’s cheapest instance type with the lowest networking bandwidth. It took 15.938s to sudo apt install docker.io. And it took 9.230s to sudo docker pull ubuntu. It takes less time to download Ubuntu than to install Docker!

ubuntu@ip-172-30-0-129:~⟫ time sudo apt install docker.io -y
...
real    0m15.938s
user    0m2.146s
sys     0m0.913s

As compared to…

ubuntu@ip-172-30-0-129:~⟫ time sudo docker pull ubuntu
latest: Pulling from ubuntu
f15ce52fc004: Pull complete 
c4fae638e7ce: Pull complete 
a4c5be5b6e59: Pull complete 
8693db7e8a00: Pull complete 
ubuntu:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:457b05828bdb5dcc044d93d042863fba3f2158ae249a6db5ae3934307c757c54
Status: Downloaded newer image for ubuntu:latest
real    0m9.230s
user    0m0.021s
sys     0m0.016s

Now, sure, it takes even less than that to download Alpine Linux (0.747s by my test), but again you only ever do that once! After you have your initial image, launching Docker containers take the exact same amount of time (0.233s) and identical storage differences. See:

ubuntu@ip-172-30-0-129:/tmp/docker⟫ time sudo docker run alpine /bin/true
real    0m0.233s
user    0m0.014s
sys     0m0.001s
ubuntu@ip-172-30-0-129:/tmp/docker⟫ time sudo docker run ubuntu /bin/true
real    0m0.234s
user    0m0.012s
sys     0m0.002s

(4) I regularly communicate sincere, warm congratulations to our friends at Docker Inc, on its continued growth. shykes publicly mentioned the hiring of the maintainer of Alpine Linux in that Hacker News post. As a long time Linux distro developer myself, I have tons of respect for everyone involved in building a high quality Linux distribution. In fact, Canonical employs over 700 people, in 44 countries, working around the clock, all calendar year, to make Ubuntu the world’s most popular Linux OS. Importantly, that includes a dedicated security team that has an outstanding track record over the last 12 years, keeping Ubuntu servers, clouds, desktops, laptops, tablets, and phones up-to-date and protected against the latest security vulnerabilities. I don’t know personally Natanael, but I’m intimately aware of what a spectacular amount of work it is to maintain and secure an OS distribution, as it makes its way into enterprise and production deployments. Good luck!

(5) There are currently 5,854 packages available via apk in Alpine Linux (sudo docker run alpine apk search -v). There are 8,862 packages in Ubuntu Main (officially supported by Canonical), and 53,150 binary packages across all of Ubuntu Main, Universe, Restricted, and Multiverse, supported by the greater Ubuntu community. Nearly all 50,000+ packages are updated every 6 months, on time, every time, and we release an LTS version of Ubuntu and the best of open source software in the world every 2 years. Like clockwork. Choice. Velocity. Stability. That’s what Ubuntu brings.

Docker holds a special place in the Ubuntu ecosystem, and Ubuntu has been instrumental in Docker’s growth over the last 3 years. Where we go from here, is largely up to the cross-section of our two vibrant communities.

And so I ask you honestly…what do you want to see? How would you like to see Docker and Ubuntu operate together?

Original article

ubuntu logo

What’s the risk of unsolved vulnerabilities in Docker images?

Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.

Integrate with hardened LTS images ›

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Profile-guided optimization: A case study

Software developers spend a huge amount of effort working on optimization – extracting more speed and better performance from their algorithms and programs....

Meet Canonical at KubeCon + CloudNativeCon North America 2024

We are ready to connect with the pioneers of open-source innovation! Canonical, the force behind Ubuntu, is returning as a gold sponsor at KubeCon +...

Canonical at India Mobile Congress 2024 – a retrospective

With an ambition to become Asia’s technology hub for telecommunications in the 5G/6G era, India hosts the annual India Mobile Congress (IMC) in Pragati...