docker-slim/docker-slim

docker-slim/docker-slim

Don't change anything in your Docker container image and minify it by up to 30x making it secure too! Optimizing images isn't the only thing it can do though. It can also help you understand and author better container images.

[…]

docker-slim has been used with Node.js, Python, Ruby, Java, Golang, Rust, Elixir and PHP (some app types) running on Ubuntu, Debian, CentOS, Alpine and even Distroless.

[…]

To use the Docker image distribution just start using the dslim/docker-slim container image.

The OS-specific installers for docker-slim will be available soon (there's already a couple of community Homebrew formulas for Mac and Linux, but they need to be enhanced to work properly).

[…]

Here's a basic example of how to use the containerized version of docker-slim: docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/docker-slim build your-docker-image-name

Here's a GitLab example for their dind .gitlab-ci.yml config file: docker run -e DOCKER_HOST=tcp://$(grep docker /etc/hosts | cut -f1):2375 dslim/docker-slim build your-docker-image-name

Here's a CircleCI example for their remote docker .circleci/config.yml config file (used after the setup_remote_docker step):

If you don't specify any Docker connect options docker-slim expects to find the following environment variables: DOCKER_HOST, DOCKER_TLS_VERIFY (optional), DOCKER_CERT_PATH (required if DOCKER_TLS_VERIFY is set to "1")

On Mac OS X you get them when you run eval "$(docker-machine env default)" or when you use the Docker Quickstart Terminal.

[…]

If the Docker environment variables are not set and if you don't specify any Docker connect options docker-slim will try to use the default unix socket.

[…]

docker run --security-opt seccomp:<docker-slim directory>/.images/

[…]

eval "$(docker-machine env default)" <- optional (depends on how Docker is installed on your machine and what kind of Docker version you are using); if the Docker host is not running you'll need to start it first: docker-machine start default; see the Docker connect options section for more details.

[…]

You don't need to read the language spec and lots of books :-) Go through the Tour of Go and optionally read 50 Shades of Go and you'll be ready to contribute!

[…]

You can explore the artifacts DockerSlim generates when it's creating a slim image. You'll find those in <docker-slim directory>/.images/

[…]

Use Go 1.13 or higher to build docker-slim. You can use earlier version of Go, but it can't be lower than Go 1.5.1. Versions prior to 1.5.1 have a Docker/ptrace related bug (Go kills processes if your app is PID 1). When the 'monitor' is separate from the 'launcher' process it will be possible to user older Go versions again.

[…]

Some of the advanced analysis options require a number of Linux kernel features that are not always included. The kernel you get with Docker Machine / Boot2docker is a great example of that.

[…]

DockerSlim was a Docker Global Hack Day #dockerhackday project. It barely worked at the time, but it did get a win in Seattle and it took the second place in the Plumbing category overall :-)

[…]