I do this with Nix. You just tell it what applications to put into the image and it will copy just the image and its dependencies.

https://gitlab.com/kevincox/feed-test/-/blob/1a09590e98608ed...

This is a trivial example but even that will pull in libc and some TZ data if required. I've also used this to package up more complex dependencies with data files and lots of native libraries such as the mumble server.

Im surprised we haven't bit the bullet and just jumped to unikernels and OS as a library yet. It removes a whole layer we just don't need.

agree. I don’t understand why we are not there yet. I'm mostly an app developer but sometimes I ask a backender "are we unikernel yet?" And they just look at me like I'm speaking alien to them.

Because then you'd need to make literally everything you use support the unikernel. Containers, and VMs running Linux, are nice because everything already works on Linux. Also, I don't see what you would actually gain. Like what layer is actually being removed here?

The userland. It’s mostly bloatware in the age of containers

From the title, I thought it’s about mountain photography. Oh boy, those title words sometimes become too unrecognizable.

Great, save some small amount of disk space in exchange for increasing operations complexity.

I'm sure the storage savings far outweigh the cost of extra more senior headcount required to troubleshoot issues on containers with no diagnostic tools installed.

Actually, it's a good practice to reduce the attack surface.

Diagnostic tools are easily made available by installing an ephemeral debug sidecar.

So activate a feature gate for alpha status debug containers on a production cluster, sounds like good practice to me.