Finding the best container image variant
Alpine, Slim, Buster, Bullseye... which one to use?
Sometimes choices like this can freeze us up from acting, so we just go with the standard image and avoid looking into it further. Choosing the right base image for your container is one of the first steps in successfully containerizing an application.
Standard Docker Image
FROM node
WORKDIR /usr/src/app
COPY . /usr/src/app
RUN npm install
CMD "npm" "start"
These images are typically based on a full Linux distribution like Ubuntu or Debian and include a wide range of pre-installed packages and dependencies. They tend to be larger in size than other types of images.
Alpine
FROM node:alpine
Alpine images are based on the Alpine Linux Project, which is an operating system that was built specifically for use inside of containers.
Alpine is a lightweight Linux distribution that is popular for its small size, fast boot times, and minimalistic design. Alpine-based images are ideal for running small, resource-constrained applications that require a small footprint.
However, some teams are moving away from Alpine because these images can cause compatibility issues that are hard to debug. Unfortunately, Alpine Linux does not keep old packages. This is a huge problem, as it forces you to avoid pinning down package versions and resort to repository pinning.
Slim
FROM node:slim
The slim image is a paired-down version of the full image. This image generally only installs the minimal packages needed to run your particular tool.
By leaving out lesser-used tools, these images are smaller. Use this image if you have space constraints and do not need the full version.
Slim-based images are suitable for running larger applications that need more resources than Alpine-based images.
Buster
Buster is the current stable release of Debian and provides a balance between stability and new features. Buster-based images are suitable for running modern applications that require a stable and up-to-date environment.
Bullseye
Future versions in development, but not yet stable, are “Bullseye” and “Bookworm.” You may start seeing these tags in the list of image versions on DockerHub.
Stretch
Stretch is the previous stable release of Debian and is still widely used in production environments. Stretch-based images are ideal for running legacy applications that are not yet compatible with Bullseye.
Windows Server Core
Windows Server Core is a lightweight version of Windows Server that is optimized for running containers. It provides a minimal environment for running Windows-based applications in containers.
What is a distroless image?
FROM gcr.io/distroless/nodejs:14
Distroless is a more recent addition to the Docker image variants. It is based on the principle of a "zero trust" approach, where the image only contains the application and nothing else. This means that Distroless images do not contain a shell, package manager, or other unnecessary tools, making them more secure and lightweight. Distroless is a good choice for applications that require a higher level of security and do not need any additional tools or libraries.
Learnt more at Google's distroless container images
Still can’t decide which one do I choose? Here are some general guidelines
If you need something up and running quickly, have no space constraints, and don’t have time to test much, start with the standard image. The main concern here is that the image has everything I need to work out of the box, and will be the largest in size.
If space is a concern and you need only the minimal packages for running a particular language like node, go with Slim.
For some projects that you have time to test thoroughly, and have extreme space constraints, use the Alpine images. But be aware that this can lead to longer build times and obscure bugs. If you are having trouble porting your docker container to new environments, or something breaks as you add a new package, it may be because of the Alpine image.
You can always change the image in your Dockerfile and rebuild your images. Just be sure to test thoroughly before deploying to production.
Comparison of Node.js Docker image variants
| Image tag | Node.js runtime version | Image size | OS dependencies | OS security vulnerabilities | Node.js runtime vulnerabilities | Yarn available |
| node | 18.2.0 | 952MB | 409 | 289 | 7 | Yes |
| node:bullseye | 18.2.0 | 952MB | 409 | 289 | 7 | Yes |
| node:bullseye-slim | 18.2.0 | 246MB | 97 | 56 | 7 | Yes |
| node:lts-bullseye-slim | 16.15.0 | 188MB | 97 | 55 | 6 | Yes |
| node:alpine | 18.2.0 | 178MB | 16 | 2 | 0 | Yes |
| gcr.io/distroless/nodejs:16 | 16.17.0 | 112MB | 9 | 11 | 0 | No |
