We reduced our Docker images by 60% with –no-install-recommends

Here at Canonical, we use Dockerfiles on a daily basis for all our web projects. Something that caught our attention recently was the amount of space that we were using for each Docker image, and we realized that we were installing more dependencies than we needed.

In this article, I’ll explain how we improved our image build time and reduced the image size by using the flag --no-install-recommends in our Dockerfiles.

Using APT

As you may know, Advanced Package Tool, or APT, is the interface to handle the installation and removal of software on Debian based distributions. It simplifies the process of managing software by automating the retrieval, configuration and installation of software packages.

Every package has different types of dependencies:

  • Required packages
  • Recommended packages
  • Suggested packages

The required packages are mandatory since they are necessary for the correct operation of the package. Still, the recommended and suggested packages are not essential, and they are there to offer some extra functionality that we might not need to use. By default APT will install required and recommended packages.

Disabling recommended packages

To avoid the installation of recommended packages, we included the flag --no-install-recommends when using APT in our Dockerfile.

RUN apt-get update && apt-get install --no-install-recommends --yes python3

By doing this, we achieve a decrease of around 60% in our Docker images size.

This obviously will vary according to the dependencies you are using. In our case, we did it for all our Python websites which reduced the size of all our Docker containers significantly. Also, the build time sped up about 15%.

I recommend doing this whenever you run apt install in your Dockerfiles, and I hope you find it useful if you are trying to reduce the size of your containers.

It is important to keep in mind that doing this could result in some missing libraries in your projects which you may have to add back explicitly, but this will ultimately give you more control in the dependencies in your project.

Happy dockering!

ubuntu logo

What’s the risk of unsolved vulnerabilities in Docker images?

Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.

Integrate with hardened LTS images ›

Newsletter signup

Select topics you're
interested in

In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.

Related posts

Ubuntu in the wild – 22nd of June

The Ubuntu in the wild blog post ropes in the latest highlights about Ubuntu and Canonical around the world on a bi-weekly basis.

How’s my snap faring on different distributions?

The life of an application can roughly be divided into two: everything that happens before it goes live – building, packaging, publication – and then,...

Design and Web team summary – 4 June 2021

The web team at Canonical run two-week iterations building and maintaining all of Canonical websites and product web interfaces. Here are some of the...