Your submission was sent successfully! Close

We reduced our Docker images by 60% with –no-install-recommends

Here at Canonical, we use Dockerfiles on a daily basis for all our web projects. Something that caught our attention recently was the amount of space that we were using for each Docker image, and we realized that we were installing more dependencies than we needed.

In this article, I’ll explain how we improved our image build time and reduced the image size by using the flag --no-install-recommends in our Dockerfiles.

Using APT

As you may know, Advanced Package Tool, or APT, is the interface to handle the installation and removal of software on Debian based distributions. It simplifies the process of managing software by automating the retrieval, configuration and installation of software packages.

Every package has different types of dependencies:

  • Required packages
  • Recommended packages
  • Suggested packages

The required packages are mandatory since they are necessary for the correct operation of the package. Still, the recommended and suggested packages are not essential, and they are there to offer some extra functionality that we might not need to use. By default APT will install required and recommended packages.

Disabling recommended packages

To avoid the installation of recommended packages, we included the flag --no-install-recommends when using APT in our Dockerfile.

RUN apt-get update && apt-get install --no-install-recommends --yes python3

By doing this, we achieve a decrease of around 60% in our Docker images size.

This obviously will vary according to the dependencies you are using. In our case, we did it for all our Python websites which reduced the size of all our Docker containers significantly. Also, the build time sped up about 15%.

I recommend doing this whenever you run apt install in your Dockerfiles, and I hope you find it useful if you are trying to reduce the size of your containers.

It is important to keep in mind that doing this could result in some missing libraries in your projects which you may have to add back explicitly, but this will ultimately give you more control in the dependencies in your project.

Happy dockering!

ubuntu logo

What’s the risk of unsolved vulnerabilities in Docker images?

Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.

Integrate with hardened LTS images ›

Newsletter signup

Select topics you're
interested in

In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.

Related posts

Top 6 projects from our Hackathon

On the 4th and the 5th of October 2021, the Web & Design team ran a remote Hackathon. The theme of it was to build tools that would make our life easier at...

Craft Parts – Reusable code, Snapcraft style

Throughout the ages, humans have always used simpler tools and materials to create more complex ones. Wood and stone for smelting bronze and iron; iron to...

Design and Web team summary – 16 November 2021

The Web and design team at Canonical run two-week iterations building and maintaining all of the Canonical websites and product web interfaces. Here are some...