tyk-gateway-docker icon indicating copy to clipboard operation
tyk-gateway-docker copied to clipboard

Published 20 hours ago verified publisher icon TykTechnologies

Reduce docker image size

Open asoorm opened this issue 6 years ago • 3 comments

We need to do some more work in order to reduce the docker image size for the gateway.

At the moment, it stands at 116mb

  1. We currently ship with 3 tyk binaries. Each binary is approx 32mb - py, grpc & lua. These should be separated into separate builds. e.g. tyk-gateway:py-2.7.3, tyk-gateway:grpc-2.7.3 or tyk-gateway:lua-2.7.3

  2. Currently we ship with base image debian:jessie-slim (30mb). We could look into using alpine which is a 2mb base image. If we require glibc https://github.com/sgerrand/alpine-pkg-glibc or if we may be better off using musl binaries.

  3. Strip debug info from compiled binaries using linker flags -s -w. go build -ldflags="-s -w" . which shaves off circa 10mb from each binary.

  4. Investigate using UPX to further pack the binaries - bringing binary size down to approx 5mb. https://github.com/upx/upx

asoorm avatar Oct 19 '18 09:10 asoorm

PoC - 9mb compressed alpine images: https://hub.docker.com/r/mangomm/tyk-gateway/

FROM golang:1.10.0-alpine as build

ARG tykversion
ARG tykcoprocess

ENV CGO_ENABLED=0
ENV GOOS=linux
ENV GOARCH=amd64

RUN apk update && apk upgrade && \
    apk add --no-cache bash git openssh && \
    go get -u github.com/TykTechnologies/tyk

RUN cd /go/src/github.com/TykTechnologies/tyk && git checkout --force $tykversion && \
    go install -a -installsuffix cgo -ldflags="-s -w" -tags "coprocess $tykcoprocess" .

FROM alpine:3.8
ENV TYK_GW_PIDFILELOCATION /tmp/tyk-gateway.pid
ENV TYK_GW_COPROCESSOPTIONS_ENABLECOPROCESS false
RUN apk --no-cache add ca-certificates && \
    adduser -D -g tyk tyk
USER tyk
WORKDIR /opt/tyk-gateway
COPY --from=build /go/bin/tyk /opt/tyk-gateway/tyk
COPY --from=build /go/src/github.com/TykTechnologies/tyk/templates /opt/tyk-gateway/templates
COPY --from=build /go/src/github.com/TykTechnologies/tyk/policies /opt/tyk-gateway/policies
COPY tyk.standalone.conf /opt/tyk-gateway/tyk.conf

EXPOSE 8080

CMD ["./tyk"]

Example how to build:

docker build -t mangomm/tyk-gateway:alpine-grpc-2.7.3--build-arg tykversion=v2.7.3 --build-arg tykcoprocess=grpc -f ./alpine/Dockerfile.grpc .
docker push mangomm/tyk-gateway:alpine-grpc-2.7.3

This example only builds grpc version. Think we should have separate Dockerfile & images for python / lua builds as this adds to the docker image size rather than shipping all binaries in single image.

asoorm avatar Nov 02 '18 11:11 asoorm

Will try to use it

letzya avatar Nov 02 '18 15:11 letzya

If we will automate Docker process build, and pushing it to Docker hub, then we can make such images as optional docker tags. Our latest, and main tags like 2.7.0 and etc will be as it is now, and this images will be smth like: grpc-2.7.0, python-2.7.0 and etc.

buger avatar Dec 18 '18 06:12 buger