I am in the process of setting up for bootc experiments. Taking to heart the value of fedora software supply chain trust I see an opportunity to learn podman better by constructing a fedora based registry container.
docker-distribution is in fedora yum repos for f40. So I was thinking that I could start with a base fedora container image and layer on docker-distribution as an instructive test. Looking for what base images of fedora were built within the fedora project I found a couple candidates. I also pulled the official container image from the upstream project.
podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/fedora/fedora 40-x86_64 1404c219d44f 10 hours ago 233 MB
quay.io/fedora/fedora-minimal 40-x86_64 374e12affd8d 10 hours ago 122 MB
docker.io/library/registry 2 d6b2c32a0f14 8 months ago 26 MB
Now I am willing to use the CNCF docker.io/library/registry image as I consider them to also be trustworthy with software supply chain. But it is an awfully large difference in image size. The CNCF image is based on alpinelinux.
Are there smaller fedora base images available?
Alternatively what techniques are there to reduce the size of the deployable container?
The Fedora images are rather large relatively speaking. Some of that is using glibc instead of the minimalist musl replacement. But it’s also a bunch of cross-dependencies for core packages that is hard to untangle. This isn’t necessarily as bad as it seems, because in many practical deployments you’ll end up needing a lot of them anyway across different applications.
The current fedora-bootc is quite large and has plenty of packages I would rather not have for the target. @mattdm has a good start on discussing where fedora can go with this.
At the current time it looks like the registry distribution of bootable containers in a form I am interested in means I will be generating my own base image. I am not sure if the ostree toolchain currently used to generate fedora-bootc is a good match either. For one thing I have not gotten it to work yet. Additionally it does things that are hard to follow as I peruse the source code. I am also investigating using mkosi instead. For me this is a monumental task as it does not leverage fedora bootc work if I go this way.
In the mean time kickstart and ansible gives me all the flexibility I desire. The commonality is the yum repos.