DockerSlim is an open-source tool that allows you to secure and minify your docker containers up to 30 times! Now, let’s first of all get to know what advantages come along with minifying containers.
- Your containers will be lightweight hence starting faster
- Upgrades will also be faster
- The smaller the container the the less the bugs and security threats.
- You will minimize on storage usage for your systems.
This article will cover how to install DockerSlim and how to use it to slim other containers in your docker environment.
How To Install DockerSlim on Linux | macOS
Install DockerSlim on Linux
Choose “Latest Linux Binaries” to download the binaries for a Linux system using
Extract the binary file from the .tar.gz file.
tar -xvzf dist_linux.tar.gz
Move the extracted binary files to
sudo mv dist_linux/* /usr/local/bin
Install DockerSlim on macOS
Download archive file containing DockerSlim
Extract the file using unzip
Move the extracted binary files to
mv dist_mac/* /usr/local/bin
Confirm that the binary files are recognized by your system using
With the installation ready, we can now use it to manage our docker containers. You need to have Docker Container Engine installed on your system. Follow the guide How To Install Docker CE on Linux Systems to get you up to speed with a Docker environment.
Use DockerSlim To Minify and Optimize Docker Containers
DockerSlim has an interactive shell that you can use to slim and secure your containers.
You can open DockerSlim shell by typing
docker-slim on you terminal.
The basic commands for dockerslim include:
- Build – Analyzes, profiles and optimizes your container image then generates the supported security profiles.
xray– Used to perform a static analysis of a container image, you can use this command if you want to see what makes the container fat.
lint– Used to analyse container instructions in a DockerFile.
profile– Used to perform an analysis of the container image without generating an optimized image.
There are other options that are used alongside the above commands e.g:
--target – Target DockerFile or image
--target-type – explicitly specify the command target type if it is an image or dockerfile
--http-probe – Enables http probing
You can check out many other examples from the DockerSlim GitHub repository here
Let’s run through some examples
Build optimized Nginx image
For you to build an optimized image, you first need to download the image:
$ docker pull nginx:latest
We can check the size of the downloaded image by the command below:
$ docker images nginx:latest REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 519e12e2a84a 2 hours ago 133MB
Now we can build an optimized image with the command below
$ docker-slim build --target nginx:latest
...... cmd=build info=event message='HTTP probe is done' cmd=build state=container.inspection.finishing cmd=build state=container.inspection.artifact.processing cmd=build state=container.inspection.done cmd=build state=building message='building optimized image' cmd=build state=completed cmd=build info=results status='MINIFIED BY 12.00X [133108601 (133 MB) => 11089969 (11 MB)]' cmd=build info=results image.name=nginx.slim image.size='11 MB' data=true cmd=build info=results artifacts.location='/tmp/docker-slim-state/.docker-slim-state/images/519e12e2a84a9eb18094635ae1edfd97b26f95dbc66e317eefb657a1cb08c8dc/artifacts' cmd=build info=results artifacts.report=creport.json cmd=build info=results artifacts.dockerfile.original=Dockerfile.fat cmd=build info=results artifacts.dockerfile.new=Dockerfile cmd=build info=results artifacts.seccomp=nginx-seccomp.json cmd=build info=results artifacts.apparmor=nginx-apparmor-profile cmd=build state=done cmd=build info=commands message='use the xray command to learn more about the optimize image'
The output above states that the image has been reduced from 133MB to 11MB. This is a whooping 12X size.
We can confirm this by checking the size of the new image:
$ docker images nginx.slim
$ docker images nginx.slim REPOSITORY TAG IMAGE ID CREATED SIZE nginx.slim latest 98bc8a53012f 3 minutes ago 11.1MB
Now we can create a container from the new image and see if it can properly function as the original image.
$ docker run -it -d --name slim-webserver -p 86:80 nginx.slim
In the above command, we have started a container in detached mode (-d) whose name is slim-webserver and exposed port 80 of the container to port 86 of the host. We have also used nginx.slim as the image.
You can check the status of the container using the
docker ps -a command.
[email protected]:~# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7d29874994ee nginx.slim "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 0.0.0.0:86->80/tcp slim-webserver
We can access the webserver on port 86 of the host.
This confirms that we have been able to minify Nginx image from 133MB to 11MB and created a working container out of it. Long live DockerSlim!