Reduce your TCO of building and using Spring Native applications with just 3 steps. Switch to the best Unified Java Runtime. Learn More.

Alpine Linux, a lightweight distro for Docker images

Alpine Linux: small and powerful distro for Docker images


Published August 03, 2022


The base image size of Alpine Linux is only 2.67MB, which is ten times smaller than the most popular Linux distributions, Ubuntu and Debian. And yet, it is a full-fledged Linux environment that provides you with a lightweight server solution for virtualization or containers.

If you are tempted to cut the size of your OS but are unsure whether Alpine provides all the necessary functionalities, this article is for you. We will explain what makes Alpine so minuscule yet powerful, in which cases it may be suboptimal, and offer an alternative enterprise-grade solution.

  1. Inside Alpine Linux
    1. musl
    2. BusyBox
    3. OpenRC and apk tool
  2. Benefits for Docker containers
    1. Small images
    2. Speed
    3. Security
  3. Possible drawbacks
    1. Performance
    2. No commercial support
    3. Challenging migration and compatibility issues
  4. New Linux: like Alpine, but enterprise
  5. Further reading
  6. Useful links

Inside Alpine Linux

Alpine was created as minimalistic as possible thanks to Linux flexibility while preserving all the core functionalities. Developers can add packages they require leaving unnecessary dependencies out and keeping their distro clean and concise. At the same time, Alpine is not only about cleaning up the clutter, as several distinguishing features contribute to its small size.

musl

Alpine Linux is built around musl as opposed to other popular distributions based on glibc. musl is a C library implementation developed with minimalistic design in mind. Project members say it will be finished when there’s nothing else to remove. Contrary to glibc, which has 35 years of history and a reputation for being bloated, musl code is much cleaner. Study the bloat comparison table for musl and glibc. You will notice that glibc is associated with much bigger overhead and requires much more space because it supports legacy code and contains features not required by all software. For instance, locales supported by glibc are not a must-have for all applications and developers prefer using other, more performant libraries even when they are.

musl, in turn, has the smallest static and dynamic overhead. It doesn’t support certain features such as legacy BSD behavior for setjmp/longjmp, legacy incorrect format specifiers, symbol versioning, lazy binding, etc. Instead, it provides some enhanced features, for example, lightweight headers, native UTF-8 multibyte, or correct behavior on end of file as per ISO C/POSIX requirements.

As a result, musl is more secure due to a smaller attack surface and requires less space, but in retort, demonstrates inferior performance to glibc.

Note that musl is compatible with most applications, but some of them require portability fixes and patch sets, which are referenced on musl’s compatibility page.

BusyBox

BusyBox, a set of command-line Unix utilities, was originally created for embedded operating systems, i.e., for devices with scarce resources. It comes as a single executable file, which means less overhead because of only one set of ELF headers. It contains smaller simplified versions of 400 common Unix utilities, thus providing a compact but complete environment for system maintenance. It is also customizable — commands and features can be added or removed. Some command-line options you require may be absent, but it is possible to install coreutils that includes numerous core utilities.

The size of BusyBox is about 1 MB, so distributions based on this set of command line tools consume significantly less memory.

OpenRC and apk tool

Apart from musl and BusyBox, Alpine Linux uses other alternative tools. One of them is OpenRC, an init system which, in contrast to systemd utilized by most Linux distributions, is small, modular, more efficient on system resources, and isn’t bloated, i.e., doesn’t contain unnecessary features.

Alpine also uses apk (Alpine Package Keeper) as a package manager. The apk-tools package is smaller than yum/rpm or deb/apt, and although it has drawbacks, it adds to Alpine size optimization.

Benefits for Docker containers

Small images

The main advantage of Alpine Linux is its minuscule size. The smaller your Docker images are, the more you will save on cloud deployment regardless of scaling extent. Even if you add additional packages, the size of the Alpine-based image will still be several times smaller than with other popular distributions.

You can try out Alpine Docker images of Liberica JDK and calculate how much you can save with our containers of only 42.72MB!

Speed

Another Alpine advantage is the pull speed. The development process implies constant modification to the code, with developers doing multiple push and pull requests per day. For instance, a base Alpine Docker image will be pulled x5 or x3 times faster than the Debian image, depending on the task. Rapid pull times save on traffic and increase the efficiency of team performance by reducing waiting time.

Security

The lesser the attack surface, the higher the security — Alpine Linux is as simple as can be. It doesn’t contain numerous packages or libraries, so the risk of exploits decreases. In addition, the project members implemented additional security measures: the binaries are compiled as Position Independent Executables, and OpenSSL was substituted with a more secure LibreSSL. The team also releases regular CVE fixes.

Possible drawbacks

Depending on your business goals, some Alpine Linux features may be suboptimal for you.

Performance

Although, in most cases, the difference between musl and glibc performance is insignificant (and some use cases like the performance of embedded systems are associated with better musl results), several benchmarks1,2 demonstrated inferior musl efficiency in the multi-threaded environment as compared to glibc. Sometimes the root cause lies in malloc implementation, and switching to mimalloc or jemalloc, for example, may solve the issue. However, depending on your application, you may find glibc-based distribution more suitable.

No commercial support

Alpine Linux is a community-based project as opposed to other popular Linux distros like SUSE or RHEL. Community distributions have their perks: overall economy, innovation-oriented philosophy, and informal atmosphere of forum-based support. In addition, enthusiasts working on free projects are no less skilled than engineers providing paid technical support. However, volunteers working on these projects are not obliged to react promptly to posted issues, nor do they have strict management or provide SLAs. If you

  • Are used to business-like communication with providers
  • Want your problems to be solved quickly
  • Need timely patches and updates based on a strict schedule

Alpine Linux may be unsuitable for you. We have already written about the importance of Linux support, so your situation may require a reliable business partner who will help you keep your OS safe and free of bugs.

Challenging migration and compatibility issues

If you already use a glibc-based distribution, the transition to musl will be anything but smooth. The reason is that some applications or their dependencies are dynamically compiled to libc, and as musl and glibc are different libc implementations, it will break the linker. You will have to recompile the whole application and its dependencies to solve compatibility issues. In some cases, an application will produce errors upon startup. For instance, you compiled a program on a glibc system. If you start it on a musl system, you will get a following result:

/home/build # ./a.out
/bin/sh: ./a.out: not found
/home/build # ldd ./a.out
/lib64/ld-linux-x86-64.so.2 (0x7fa126a75000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7fa126a75000)
/home/build #

The list of libraries includes the dynamic resolver from libc, absent in musl. musl has ld-musl-x86_64.so.1 instead of ld-linux-x86-64.so.2.

In addition, musl doesn’t support some DNS protocols:

  • The size of UPD packets above 512 bytes via the Extension Mechanism for DNS (EDNS)
  • DNS transport switching from UDP to TCP

It may lead to issues with resolving DNS queries when using Alpine images. This is especially troublesome in Kubernetes clusters because of how Kubernetes handles name resolution. Alpine Linux versions 3.3 and earlier (to be fair, some glibc versions as well) may not work properly in K8s clusters, but DNS issues persist in later Alpine versions, too.

New Linux: like Alpine, but enterprise

Inspired by Alpine team ambitions and success, BellSoft engineers have decided to use Alpine Linux as the foundation for the innovative solution we will offer to enterprise customers. It includes a new Linux distribution with all Alpine benefits plus

  • Improved musl and an option to use glibc
  • Enhanced APK tools
  • Faster system boot
  • Tools for Java development
  • Strict LTS release and updates schedule
  • Commercial support from engineers who develop the product

What is more, Linux is only part of the deal! The solution will also include Liberica JDK Lite and Liberica Native Image Kit, so you will receive a complete technology stack for developing and deploying cloud-native Java applications. Stay tuned for the upcoming breakthrough in the IT world!

Further reading

Do you want to compare various Linux distros to choose a suitable solution for your business? Read our article about the best Linux distributions for server and cloud

Curious about other ways to lower TCO apart from small images? Study alternative methods of decreasing costs in IT

Are you frustrated with inflated cloud bills? Discover tips on reducing cloud expenses

  1. Testing alternative C memory allocators in musl
  2. Rust benchmark results for musl
Announcements
Author image

Dmitry Chuyko

Senior Performance Architect at BellSoft

 Twitter

 LinkedIn