WingNews logo WingNews
top | item 32336538

(no title)

jmercan | 3 years ago

Personally I feel like shrinking images by guessing unused parts is an a good way to have an image explode in your face randomly in the future. (Probes and heuristics missing critical but rarely used parts and more) Also wouldn't it hurt reproducibility? Temporary runtime monitoring doesn't exactly sound like a deterministic metric.

A containerizable project probably has its requirements known and well-specified? I think building on top of a base with a smaller unused surface is a better idea than using analysis that might backfire. These days I am using apko + melange for my personal images and they are super neat.

discuss

order

kylequest|3 years ago

There's always a trade off. You are willing to do more low level work "manually" assembling container images your way with apko. You are also willing to accept Alpine randomly exploding in your face :) Different people have different preferences in terms of what risks they will take. For example, I wouldn't use Alpine even if somebody paid me money to use it :) That's because Alpine is not a standard Linux distro and you need to be able to "own" it with all of it's gotchas and incompatibilities. Not everybody is capable of doing that. I know I'm not that good :-) In other cases people can't change their base images.

davidtpate|3 years ago

Some form of tree-shaking type of thing would probably be quite handy for images, but yeah I'm a bit wary here as well. First thought would be what happens when it hits Out-of-Memory, DNS timeout, or loses network connectivity or another edge case that totally happens in Production.

Removing those code paths would not be a good thing, but I guess if you build your apps right you could just have your container orchestration system recover by replacing the Pod.

game-of-throws|3 years ago

I wouldn't want anything killing pods every time there's a network timeout. That sounds like a quick way to turn a tiny problem into a huge problem.

password4321|3 years ago

The commercial version could include a small filesystem shim that tracked references to missing files and maybe even did some work to fill them back in over the network!

moritonal|3 years ago

Surely we'd struggle to trust a super secure container that non-deterministically downloads code over the Internet.

hacknews20|3 years ago

Uh oh, someone mentioned “shim” which means a hack to make something that shouldn’t work, work.

nikau|3 years ago

gotta wonder how much you are shaving off your cloud spend doing this