Docker: Are node alpine images at the end smaller then full node images?
In case you are running nodejs 10 or above, consider memory leak issues detected with alpine:
https://github.com/nodejs/node/issues/29038
Alpine images are smaller, since other packages using a lot of libraries, which are not used by your solution.
What's are the benefits to use small images?
The benefits are: less memory, better performance, security and maintainability.
A smaller docker image reduce the size needed on disk, but disk space is cheap.
Much more important is that it also consume less memory, which is limited on every server. If you reduce the amount of base images on your server, this also lead that you need less memory at all. Less memory means also you have less swapping and so you can get some performance improvements in having all base images loaded in memory.
Another feature is, that base images from alpine using less depend libraries, which improve the overall security. You can separate risks easily, with your base alpine image and using on top images which only use the apk, which really needed. This has also advantages regarding the overall maintenance.
You can see on https://hub.docker.com/r/library/node/tags/, that the alpine version has no vulnerabilities. All other image version have some issues, which may target the security of your solution.
Why the default is still "buildpack-deps" and why you maybe should use them?
When you read the official documentation to the docker images for node:
https://hub.docker.com/_/node/
Main takeaways are:
- You can use the normal image, since it is based on the "buildpack-deps", which is commonly used by a lot of images.
- Alpine images very small and reduce the amount of needed memory. Especially there is no other type of installation of the docker container.
For me this means finally, that you can use the normal package in the most cases, if you use other images build on "buildpack-deps". It maybe possible to be the better solution, in this case since you don't have the need beside of the "buildpack-deps" to hold an "alpine" base image in on your disk and memory.
Conclusion
If you have "only" alpine images on your docker environment, then you should go with "alpine" or if the security of the "node" containers are really important to you.
In most cases the "node" images based on "buildpack-deps" are suitable, since you have other docker containers based on "buildpack-deps".
In future I assume more and more packages will be available based on "alpine" and then you should go with node-alpine.
In general, yes alpine images are better than the official node images which comes with pre-baked binaries.
But this is highly case specific.
- If you have heavy customization, you might still end up adding dependencies even with the official node image.
- If you don't have a lot of customization, adding small dependencies to node alpine will not cost you much in terms of size and build time when compared to official node images.
- If you are having complicated dependencies (sometimes docs can be poor), things will work fine in the official node image but you will need to go out of your way to get things working in node alpine and still it will be unstable. (This happened to me once with
libpng16-dev
package and it worked only with the official node image and I couldn't figure out why it didn't work with node alpine even after trying for days).
So to wrap up, generally it's a good idea to opt for node alpine unless you have a complicated setup and the official node image makes things easier for you.
Almost all the node containers I have worked with, 90% of them run on alpine image.