Trending keywords: security, cloud, container,

OVERVIEW

Container Security: What Is Docker Alpine?

Docker Alpine is the “Dockerized” version of Alpine Linux, a Linux distribution known for being exceptionally lightweight and secure. For these reasons and others, Docker Alpine is a popular choice for developers looking for a base image on which to create their own containerized apps.

Keep reading for a look at what Docker Alpine means, how it works, and why you may or may not want to use it.

Understanding Alpine Linux and Its Key Features

Alpine Linux is a Linux distribution designed to be minimalist and lightweight. It implements these principles by providing two key features:

  • The only utilities that are installed on Alpine by default are those provided by BusyBox, an executable that provides access to basic Linux CLI tools (like ls and cd). Unlike most other Linux distributions, Alpine doesn’t bundle any other software by default (although you can install other applications on Alpine if you wish).
  • Alpine uses musl libc, a lightweight version of the libc library. Libc is a library that Linux applications need to run. Most other Linux distributions use glibc, a heavier-weight version of the libc library.

The fact that Alpine is so minimalist also helps to make it secure. With so few utilities installed by default, Alpine has a very small attack surface.

Using Docker Alpine to Run Alpine Linux

If you wish, you can download Alpine Linux and use it to create a bootable device, then install Alpine Linux directly to a physical PC. You could also install Alpine Linux on a VM.

However, if you just want to run a particular application on top of Alpine Linux, you may instead want to use Docker Alpine.

Docker Alpine is an official Docker image based on Alpine Linux. When you run the Docker Alpine container, you get a software-defined environment that is equivalent to the one you’d have if you installed Alpine on an actual PC.

This means that, by using Docker Alpine, you can create lightweight, containerized environments in which to run other applications. (You could also choose to run Alpine inside a container just to experiment with Busybox and Alpine if you wish, although you can’t do much with Alpine on its own given its extremely lightweight nature.)

Benefits of Using Docker Alpine

Docker Alpine is only one of the hundreds of publicly available container images that you could use to host applications or as base images for creating your own container images. However, Docker Alpine provides some special benefits that most other container images lack:

  • It’s extremely lightweight: The Docker Alpine image weighs in at under three megabytes and requires less than 100 megabytes of RAM to run. This makes it fast to download. It also means that Docker Alpine places minimal load on your system.
  • It has a package manager: Unlike some other lightweight Linux distributions, Alpine provides a package management tool (called apk) that makes it easy to install additional software beyond what’s included by default. This is particularly useful if you want to use Docker Alpine as a base image for packaging your own app inside a container, but you need to install additional libraries or utilities for your app to run.
  • It’s fully open source: Docker Alpine (like Alpine Linux as a whole) is completely free and open source. That means you can use Docker Alpine or distribute modified versions of it as part of your own container images without worrying about paying licensing fees or violating any licensing terms.

To be sure, Docker Alpine isn’t always the best option. If you want to run containers inside a more traditional Linux environment that provides more libraries and utilities by default, you’d be better served using images based on distributions like Debian or Ubuntu.

There are also alternatives to Docker Alpine that provide similarly lightweight Linux environments. Probably the most popular is the official BusyBox Docker image. However, an important difference between that image and Docker Alpine is that the BusyBox image doesn’t provide its own package manager, so it’s not ideal if you need to install additional software beyond what BusyBox offers by default.

How to Use Docker Alpine

Using Docker Alpine is straightforward. To get started, download the image from Docker Hub with a command like:

docker pull alpine
Code language: Perl (perl)

You should see output similar to the following:

Using default tag: latest latest: Pulling from library/alpine 213ec9aee27d: Pull complete Digest: sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad Status: Downloaded newer image for alpine:latest docker.io/library/alpine:latest
Code language: Perl (perl)

Once the image has been downloaded, you can run it with:

docker run alpine
Code language: Perl (perl)

To connect to a shell within the environment, first run this command to determine the ID assigned to your Alpine container:

docker ps
Code language: Perl (perl)

The output should look something like this:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2b7d5b00f894 alpine "/bin/sh" 44 seconds ago Up 42 seconds agitated_villani The CONTAINER ID column identifies the container ID, which is 2b7d5b00f894 in this case. To connect to the container, run a command like the following, being sure to insert the correct container ID for your container: docker attach 2b7d5b00f894
Code language: Perl (perl)

Once inside the container, you can explore to see what Alpine provides by default. For instance, here’s a list of all utilities available in the /bin directory:

/ # ls /bin arch echo kill mv setserial ash ed link netstat sh base64 egrep linux32 nice sleep bbconfig false linux64 pidof stat busybox fatattr ln ping stty cat fdflush login ping6 su chattr fgrep ls pipe_progress sync chgrp fsync lsattr printenv tar chmod getopt lzop ps touch chown grep makemime pwd true cp gunzip mkdir reformime umount date gzip mknod rev uname dd hostname mktemp rm usleep df ionice more rmdir watch dmesg iostat mount run-parts zcat dnsdomainname ipcalc mountpoint sed dumpkmap kbd_mode mpstat setpriv
Code language: Perl (perl)

That’s many fewer than the hundreds of utilities available in /bin by default on Ubuntu!

Installing Software in Docker Alpine

If you want to add software to your Docker Alpine environment, connect to the container and use the apk utility. You can list available packages with:

apk search -v
Code language: Perl (perl)

To install a package, use the syntax apk add package_name. For example, to install the Apache Web server, you’d run:

apk add apache2
Code language: Perl (perl)

Creating Containers Using the Docker Alpine Base Image

Keep in mind that any software you add using apk inside a running container will be erased when the container shuts down. If you want to create container images where certain software is installed by default whenever a container based on the image executes, you’ll want to create a new image that uses Alpine as its base, but that includes any changes you’d like to make.

There are two ways to go about this. One is to log into a running Docker Alpine session, make your desired modifications, then use the docker commit command to apply the changes permanently to the image. For example,

sudo docker commit 2b7d5b00f894 updated-alpine
Code language: Perl (perl)

Remember that you should run this command from the container host, not from within the container.

The second approach is to write a Dockerfile (a special file that defines the contents of a Docker container) that tells Docker to pull Alpine as the base image, then make modifications to it. For example, if you want to install additional packages on top of Alpine, you could create a Dockerfile like the following:

FROM alpine:3.14 RUN apk add package1 package 2
Code language: Perl (perl)

You can then use the docker build command to create a custom image based on your Dockerfile.

Conclusion

As an extremely lightweight Linux distribution, Alpine Linux is a popular option for developers who want a simple, resource-efficient environment in which to run containerized apps. Downloading the official Docker Alpine Linux image is fast and easy, and as long as you’re familiar with basic Docker commands and the Alpine package manager, you can easily modify Docker Alpine to suit your needs.