The base image size of Alpine Linux is only 2.67MB, which is ten times smaller than the most popular Linux distributions, Ubuntu and Debian. And yet, it is a full-fledged Linux environment that provides you with a lightweight server solution for virtualization or containers.
If you are tempted to cut the size of your OS but are unsure whether Alpine provides all the necessary functionalities, this article is for you. We will explain what makes Alpine so minuscule yet powerful, in which cases it may be suboptimal, and offer an alternative enterprise-grade solution.
- Inside Alpine Linux
- Benefits for Docker containers
- Possible drawbacks
- Alpaquita Linux: like Alpine, but enterprise
- Useful links
Inside Alpine Linux
Alpine was created as minimalistic as possible thanks to Linux flexibility while preserving all the core functionalities. Developers can add packages they require leaving unnecessary dependencies out and keeping their distro clean and concise. At the same time, Alpine is not only about cleaning up the clutter, as several distinguishing features contribute to its small size.
Alpine Linux is built around musl as opposed to other popular distributions based on glibc. musl is a C library implementation developed with minimalistic design in mind. Project members say it will be finished when there’s nothing else to remove. Contrary to glibc, which has 35 years of history and a reputation for being bloated, musl code is much cleaner. Study the bloat comparison table for musl and glibc. You will notice that glibc is associated with much bigger overhead and requires much more space because it supports legacy code and contains features not required by all software. For instance, locales supported by glibc are not a must-have for all applications and developers prefer using other, more performant libraries even when they are.
musl, in turn, has the smallest static and dynamic overhead. It doesn’t support certain features such as legacy BSD behavior for
longjmp, legacy incorrect format specifiers, symbol versioning, lazy binding, etc. Instead, it provides some enhanced features, for example, lightweight headers, native UTF-8 multibyte, or correct behavior on end of file as per ISO C/POSIX requirements.
As a result, musl is more secure due to a smaller attack surface and requires less space, but in retort, demonstrates inferior performance to glibc.
Note that musl is compatible with most applications, but some of them require portability fixes and patch sets, which are referenced on musl’s compatibility page.
BusyBox, a set of command-line Unix utilities, was originally created for embedded operating systems, i.e., for devices with scarce resources. It comes as a single executable file, which means less overhead because of only one set of ELF headers. It contains smaller simplified versions of 400 common Unix utilities, thus providing a compact but complete environment for system maintenance. It is also customizable — commands and features can be added or removed. Some command-line options you require may be absent, but it is possible to install coreutils that includes numerous core utilities.
The size of BusyBox is about 1 MB, so distributions based on this set of command line tools consume significantly less memory.
OpenRC and apk tool
Apart from musl and BusyBox, Alpine Linux uses other alternative tools. One of them is OpenRC, an init system which, in contrast to systemd utilized by most Linux distributions, is small, modular, more efficient on system resources, and isn’t bloated, i.e., doesn’t contain unnecessary features.
Alpine also uses apk (Alpine Package Keeper) as a package manager. The apk-tools package is smaller than yum/rpm or deb/apt, and although it has drawbacks, it adds to Alpine size optimization.
Benefits for Docker containers
The main advantage of Alpine Linux is its minuscule size. The smaller your Docker images are, the more you will save on cloud deployment regardless of scaling extent. Even if you add additional packages, the size of the Alpine-based image will still be several times smaller than with other popular distributions.
You can try out Alpine Docker images of Liberica JDK and calculate how much you can save with our containers of only 42.72MB!
Another Alpine advantage is the pull speed. The development process implies constant modification to the code, with developers doing multiple push and pull requests per day. For instance, a base Alpine Docker image will be pulled x5 or x3 times faster than the Debian image, depending on the task. Rapid pull times save on traffic and increase the efficiency of team performance by reducing waiting time.
The lesser the attack surface, the higher the security — Alpine Linux is as simple as can be. It doesn’t contain numerous packages or libraries, so the risk of exploits decreases. In addition, the project members implemented additional security measures: the binaries are compiled as Position Independent Executables, and OpenSSL was substituted with a more secure LibreSSL. The team also releases regular CVE fixes.
Depending on your business goals, some Alpine Linux features may be suboptimal for you.
Although, in most cases, the difference between musl and glibc performance is insignificant (and some use cases like the performance of embedded systems are associated with better musl results), several benchmarks1,2 demonstrated inferior musl efficiency in the multi-threaded environment as compared to glibc. Sometimes the root cause lies in malloc implementation, and switching to mimalloc or jemalloc, for example, may solve the issue. However, depending on your application, you may find glibc-based distribution more suitable.
No commercial support
Alpine Linux is a community-based project as opposed to other popular Linux distros like SUSE or RHEL. Community distributions have their perks: overall economy, innovation-oriented philosophy, and informal atmosphere of forum-based support. In addition, enthusiasts working on free projects are no less skilled than engineers providing paid technical support. However, volunteers working on these projects are not obliged to react promptly to posted issues, nor do they have strict management or provide SLAs. If you
- Are used to business-like communication with providers
- Want your problems to be solved quickly
- Need timely patches and updates based on a strict schedule
Alpine Linux may be unsuitable for you. We have already written about the importance of Linux support, so your situation may require a reliable business partner who will help you keep your OS safe and free of bugs.
Challenging migration and compatibility issues
If you already use a glibc-based distribution, the transition to musl will be anything but smooth. The reason is that some applications or their dependencies are dynamically compiled to libc, and as musl and glibc are different libc implementations, it will break the linker. You will have to recompile the whole application and its dependencies to solve compatibility issues. In some cases, an application will produce errors upon startup. For instance, you compiled a program on a glibc system. If you start it on a musl system, you will get a following result:
/home/build # ./a.out /bin/sh: ./a.out: not found /home/build # ldd ./a.out /lib64/ld-linux-x86-64.so.2 (0x7fa126a75000) libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7fa126a75000) /home/build #
The list of libraries includes the dynamic resolver from libc, absent in musl. musl has ld-musl-x86_64.so.1 instead of ld-linux-x86-64.so.2.
In addition, musl doesn’t support some DNS protocols:
- The size of UPD packets above 512 bytes via the Extension Mechanism for DNS (EDNS)
- DNS transport switching from UDP to TCP
It may lead to issues with resolving DNS queries when using Alpine images. This is especially troublesome in Kubernetes clusters because of how Kubernetes handles name resolution. Alpine Linux versions 3.3 and earlier (to be fair, some glibc versions as well) may not work properly in K8s clusters, but DNS issues persist in later Alpine versions, too.
Inspired by Alpine team ambitions and success, BellSoft engineers have decided to use Alpine Linux as the foundation for the innovative solution we will offer to enterprise customers. It includes Alpaquita Linux, a new Linux distribution with all Alpine benefits plus
- Several libc implementations to choose from: improved musl (musl-perf developed by our engineers), standard musl, and glibc
- Enhanced APK tools
- Faster system boot
- Tools for Java development
- Strict LTS release and updates schedule: six years of LTS support with two-year overlap with the previous LTS version, timely security updates, and security advisory
- 24/7 commercial support from engineers who develop the product
What is more, Alpaquita Linux is only part of the deal! The solution called Alpaquita Cloud Native Platform also includes Liberica JDK Lite and Liberica Native Image Kit, so you will receive a complete technology stack packed in a microcontainer for developing and deploying cloud-native Java applications!