Image build with podman is much larger than the docker version (apache druid) #27801
Description
Issue Description
I am creating an image for apache druid with podman and docker. When using podman the final image is almost twice as large
Podman version:
aws ecr describe-images --repository-name adjoe/druid --image-ids imageTag=release-35.0.0-aws.jdbc.podman --query 'imageDetails[0].imageSizeInBytes' --output text
1242004994Docker version:
aws ecr describe-images --repository-name adjoe/druid --image-ids imageTag=release-35.0.0-aws.jdbc.docker --query 'imageDetails[0].imageSizeInBytes' --output text
716198282
Steps to reproduce the issue
Steps to build the podman version:
a) The druid base image
- git clone https://github.com/apache/druid
- cd druid
- git fetch --tags https://github.com/apache/druid
- git checkout tags/druid-35.0.0
- podman manifest create xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:35.0.0-base-cross.podman
- podman build --platform linux/amd64,linux/arm64 --manifest xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:35.0.0-base-cross.podman -f distribution/docker/Dockerfile .
- podman manifest push xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:35.0.0-base-cross.podman
b) the final image
- Download the required
.jarfiles described here - Create a Containerfile/Dockerfile
FROM xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:35.0.0-base-cross.podman
WORKDIR /opt/druid/extensions/mysql-metadata-storage
USER root
RUN mkdir /opt/druid/extensions/protobuf-extensions
COPY kafka-protobuf-provider-6.0.1.jar kotlin-stdlib-1.4.0.jar wire-schema-3.2.2.jar /opt/druid/extensions/protobuf-extensions/
COPY kafka-protobuf-provider-6.0.1.jar kotlin-stdlib-1.4.0.jar wire-schema-3.2.2.jar /opt/druid/extensions/druid-protobuf-extensions/
COPY aws-mysql-jdbc-1.1.12.jar .
ARG MYSQL_JAR=aws-mysql-jdbc-1.1.12.jar
# https://repo1.maven.org/maven2/software/aws/rds/aws-mysql-jdbc/1.1.15/aws-mysql-jdbc-1.1.15.jar.sha1
ARG MYSQL_SHA=311c71d68045bab42c1947d2e8bda6bd9d08e288
RUN echo "${MYSQL_SHA} ${MYSQL_JAR}" | sha1sum -c \
&& ln -s ../extensions/mysql-metadata-storage/${MYSQL_JAR} /opt/druid/lib
WORKDIR /opt
RUN /opt/druid/bin/run-java -classpath "/opt/druid/lib/*" org.apache.druid.cli.Main tools pull-deps -c org.apache.druid.extensions.contrib:druid-moving-average-query:35.0.0
RUN mkdir /opt/druid/tmpdir && chown -R druid:druid /opt/druid
USER druid
WORKDIR /opt/druid- podman manifest create xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:release-35.0.0-aws.jdbc.podman
- podman build --platform linux/amd64,linux/arm64 --manifest xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:release-35.0.0-aws.jdbc.podman .
- podman manifest push xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:release-35.0.0-aws.jdbc.podman
Steps to build the docker version:
a) The druid base image
- git clone https://github.com/apache/druid
- cd druid
- git fetch --tags https://github.com/apache/druid
- git checkout tags/druid-35.0.0
- docker buildx create --use --name multiarchbuilder
- docker buildx build --platform linux/amd64,linux/arm64 --push -t xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:35.0.0-base-cross.docker -f distribution/docker/Dockerfile .
b) the final image
- Download the required
.jarfiles described here - Create a Containerfile/Dockerfile identical to the first one, just replace the base image with the one we build with docker
- docker buildx build --platform linux/amd64,linux/arm64 --push -t xyz.dkr.ecr.eu-central-1.amazonaws.com/adjoe/druid:release-35.0.0-aws.jdbc.docker
Note: the size difference between the base images build by docker and podman is only a few MB, only the final image has a such a huge difference in size.
aws ecr describe-images --repository-name adjoe/druid --image-ids imageTag=35.0.0-base-cross.docker --query 'imageDetails[0].imageSizeInBytes' --output text
591013888
aws ecr describe-images --repository-name adjoe/druid --image-ids imageTag=35.0.0-base-cross.podman --query 'imageDetails[0].imageSizeInBytes' --output text
604844677
Describe the results you received
The image build with podman is ~500MB larger than the one build with docker buildx
Describe the results you expected
I expected the images to be of similar size. This was the case for the base image but not for the final image.
podman info output
host:
arch: amd64
buildahVersion: 1.42.2
cgroupControllers:
- cpuset
- cpu
- io
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-1:2.1.13-1.1
path: /usr/bin/conmon
version: 'conmon version 2.1.13, commit: 82de887596ed8ee6d9b2ee85e4f167f307bb569b'
cpuUtilization:
idlePercent: 96.48
systemPercent: 0.68
userPercent: 2.84
cpus: 16
databaseBackend: sqlite
distribution:
distribution: cachyos
version: unknown
emulatedArchitectures:
- linux/arm
- linux/arm64
- linux/arm64be
- linux/loong64
- linux/mips
- linux/mips64
- linux/ppc
- linux/ppc64
- linux/ppc64le
- linux/riscv32
- linux/riscv64
- linux/s390x
eventLogger: journald
freeLocks: 2048
hostname: pad
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.18.0-3-cachyos
linkmode: dynamic
logDriver: journald
memFree: 9052463104
memTotal: 62816247808
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.17.0-1.1
path: /usr/lib/podman/aardvark-dns
version: aardvark-dns 1.17.0
package: netavark-1.17.1-1.1
path: /usr/lib/podman/netavark
version: netavark 1.17.1
ociRuntime:
name: runc
package: runc-1.4.0-1.1
path: /usr/bin/runc
version: |-
runc version 1.4.0
commit: 1.4.0-1-0-g109da5c-dirty
spec: 1.3.0
go: go1.25.4 X:nodwarf5
libseccomp: 2.5.6
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-2025_12_15.b40f5cd-1.1
version: |
pasta 2025_12_15.b40f5cd
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 62815830016
swapTotal: 62815989760
uptime: 5h 27m 10.00s (Approximately 0.21 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /home/marius/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/marius/.local/share/containers/storage
graphRootAllocated: 1022043148288
graphRootUsed: 60249907200
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 114
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/marius/.local/share/containers/storage/volumes
version:
APIVersion: 5.7.1
Built: 1765448727
BuiltTime: Thu Dec 11 11:25:27 2025
GitCommit: f845d14e941889ba4c071f35233d09b29d363c75
GoVersion: go1.25.5 X:nodwarf5
Os: linux
OsArch: linux/amd64
Version: 5.7.1Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
No
Additional environment details
I am running Linux but a colleague who build the image on Mac also ended up with the larger image when using podman.
Additional information
No response