Twitter | Search | |
Johannes Schnatterer Apr 27
Holy 🐄! Just built my first image `FROM scratch` While only 7 MB (compressed), it contains a container w/ & 😮 Thx to and native images! Huge leap ahead for Java in containers & contexts!
Reply Retweet Like
Johannes Schnatterer
BTW Why do you rely on base image in the getting started guide and don't use the `--static` flag? IMO statically linked native images allow for using so much more smaller and more secure base images.
Reply Retweet Like More
Johannes Schnatterer Apr 27
Replying to @QuarkusIO
One more thing: Wouldn't it be easier to get started with a self-contained docker image, without prerequisites like installing graalvm and running maven builds beforehand? I built one myself to get started: Maybe it's useful to someone else
Reply Retweet Like
John Clingan Apr 27
I haven’t dug into your code yet, but you can avoid having graal installed locally if you want native Linux binary: ./mvnw package -Pnative -Dnative-image.docker-build=true It is admittedly a two-step process - 1) build linux binary and 2) create app container
Reply Retweet Like
Jason Greene Apr 28
We could definitely slim it further, although going as far as —static is something we are still thinking about (you are welcome to join discussions!). For dns to work, a special glibc build with static dns is req., and we also are thinking about best practices for CVE updates 1/2
Reply Retweet Like
Jason Greene Apr 28
Glibc is frequently patched for security hardening and layers are useful in detection / patch automation without requiring a native image rebuild. On the other hand, immediate transfer is a powerful benefit, and the update process is a solvable problem.
Reply Retweet Like
Jason Greene Apr 28
Thanks for sharing! It’s a great idea. had similar thoughts with a dev mode image that you can just use with source files. Contributions like this are always welcome!
Reply Retweet Like
Claus Ibsen Apr 29
Maybe the command can be simplified to mvn package -Pnative-docker 😃
Reply Retweet Like
George Gastaldi 🇧🇷 Apr 29
Or you can add a <native-image.docker-build>true</native-image.docker-build> property in your native profile and use mvn package -Dnative ;)
Reply Retweet Like
George Gastaldi 🇧🇷 Apr 29
Er, -Pnative
Reply Retweet Like
John Clingan Apr 29
Ahhh, true, brings it down to a single step. Have you considered opening up a github issue (RFE)?
Reply Retweet Like
Johannes Schnatterer Apr 29
Replying to @jtgreene @QuarkusIO
thanks for sharing those insights! At what point would "my" scratch image with the statically linked binary be hit by the missing glibc?
Reply Retweet Like
Johannes Schnatterer Apr 29
Replying to @jclingan
Yeah, I could do that, next time I find a quiet spot and some spare time. About what exactly, self contained docker image in the docs or static image?
Reply Retweet Like
Johannes Schnatterer May 3
BTW alpine-glibc might be a compromise. It's only 6 MB and does not require a statically compiled binary. seem to use it by default
Reply Retweet Like