-v
docker run param) when you run your optimized container. Would it be possible to do? There’s a couple of extra capabilities I can add to docker-slim to streamline this use case. One is an ability to copy files within the container image when docker-slim is running it. This would make it possible to mount your clean config as a new file and then it would replace the modified config file. Another option is a capability to add extra files to the optimized image during the build step, so you’d be able to replace the modified config file with a fresh copy.
--preserve-path
. Set its value to your entrypoint’s file path something like this: docker-slim build --preserve-path /path/to/your/entrypoint.sh your-container-image-name
-preserve-path
flag and lots of other enhancements. Give it a try (linux: https://downloads.dockerslim.com/releases/1.35.0/dist_linux.tar.gz
and macs: https://downloads.dockerslim.com/releases/1.35.0/dist_mac.zip
)
—continue-after
parameter to docker-slim
defines how you want to decide when the analysis is done. The parameter defaults to probe
, which means that docker-slim
will wait until all (http) probes are done executing and then it moves on to the next phase. In addition to configuring custom http probe commands with --http-probe-cmd
and --http-probe-cmd-file
you can also invoke external apps during the probing phase. This can be done using the --http-probe-exec
and --http-probe-exec-file
parameters, which allows you to use those external apps to decide when the analysis is done.
—continue-after
options you can use to decide when the analysis phase is done. enter
tells docker-slim
to wait for external console input. That way you can manually signal the end of the analysis phase.
signal
--continue-after
option lets you use unix signals to let docker-slim
know when the analysis phase should be done.
exec
—continue-after
option lets you indicate that you want the analysis phase to be done once the shell commands passed through the —exec
or —exec-file
params are done executing in the temporary container.
exec
and probe
options (e.g., --continue-after probe&exec
). With these stacked options the analysis phase will be done once the exec commands are done executing and the probing phase is done.
docker run
parameters to the docker-slim build
command? Some/all of the ones mentioned here: https://docs.docker.com/engine/reference/commandline/run/ . For my use case I'm looking to increase the shm size via --shm-size
--cro-shm-size
), but there’s already a flag you can leverage to get the same results. It’s called --cro-host-config-file
and you can specify a custom shared mem size in the ShmSize
there. You’ll need to build the latest code yourself to get the --cro-host-config-file
flag.
--include-shell
, even though the container has a non-shell CMD set (otherwise, I got exec user process caused "no such file or directory"
). Any idea why?
I am new to using docker-slim. I tried using docker-slim on ubuntu 20.04 and it worked with slimming down an nginx (official) docker image. But when I tried using the same technique on official image of ubuntu:20.04 or ubuntu:18.04, it threw an error. Is this quite common with ubuntu:20.04? Any help will be appreciated. Thank you.
Failure message With ubuntu:20.04
$ docker-slim build --target ubuntu:20.04 --tag sugatoray/ubuntu.slim:20.04
docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
cmd=build info=param.http.probe message='using default probe'
cmd=build state=started
cmd=build info=params rt.as.user='true' keep.perms='true' tags='sugatoray/ubuntu.slim:20.04' target.type='image' target='ubuntu:20.04' continue.mode='probe'
cmd=build state=image.inspection.start
cmd=build info=image id='sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1' size.bytes='72776513' size.human='73 MB'
cmd=build info=image.stack id='sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1' index='0' name='ubuntu:20.04'
cmd=build state=image.inspection.done
cmd=build state=container.inspection.start
cmd=build info=container status='created' name='dockerslimk_1783268_20211026094927' id='db7d8b4f1abc847b0be54a88c497495cf72eca8b9e31fd79194acb0284fa866b'
time="2021-10-26T04:49:28-05:00" level=error msg="channel.Client.Read: read error (read tcp 127.0.0.1:58832->127.0.0.1:49175: read: connection reset by peer), exiting..."
time="2021-10-26T04:49:28-05:00" level=error msg="channel.NewCommandClient: channel verify error = read tcp 127.0.0.1:58832->127.0.0.1:49175: read: connection reset by peer"
cmd=build info=cmd.startmonitor status='sent'
cmd=build info=event.startmonitor.done status='received'
cmd=build info=container target.port.list='' target.port.info='' message='YOU CAN USE THESE PORTS TO INTERACT WITH THE CONTAINER' name='dockerslimk_1783268_20211026094927' id='db7d8b4f1abc847b0be54a88c497495cf72eca8b9e31fd79194acb0284fa866b'
cmd=build state=http.probe.error error=no exposed ports message=expose your service port with --expose or disable HTTP probing with --http-probe=false if your containerized application doesnt expose any network services
cmd=build state=exited code=33554435
docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
docker-slim
expects to see ports in the target image, so it can probe the application running in the container using those ports, but the ubuntu
image doesn’t have any ports declared. It’s a base image that you’d normally use to be a containerized app. You can disable probing by using the —http-probe=false
flag, but if you want to minify a base image like ubuntu
you’ll need to figure out what you still want in that base image and you’ll need to use —include-path
or other similar parameter to tell docker-slim
about what you want to keep. Normally when you minify an application container image you don’t need to do that because your application provides enough information for docker-slim
. Without an application docker-slim
can’t guess how you intend to use the image and that’s why you need to use those —include-*
parameters.
hostname
, resolv.conf
, etc. files, and compared the docker inspect
output, between the fat and the slimmed containers, and I can't see anything glaringly wrong or different. I also used --include-path
to include everything under /etc
and everything under python's site-packages
folder. I can upload more info, but I thought I'd start here. Here's the request connection error:requests.exceptions.ConnectionError: HTTPSConnectionPool(host='wildflowerschools.auth0.com', port=443): Max retries exceeded with url: /.well-known/jwks.json (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f8d2239ccd0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
Hi Everyone :wave:
Loving docker-slim! Having some issues getting it to run as part of our gitlab pipelines though. I can build the docker image as normal but then get an image.not.found
status when running docker-slim build
. I'm using docker dind
here. Sanitised gitlab-ci.yml if anyone can offer any advice
build_and_push:
image: docker:latest
stage: build
services:
- docker:dind
variables:
ECR: 'xxx.dkr.ecr.xxx.amazonaws.com'
NAMESPACE: 'xxx'
IMG_NAME: 'my-img'
TAG: 'test'
FULL_PATH: "${ECR}/${NAMESPACE}/${IMG_NAME}"
before_script:
- wget -O /usr/local/bin/docker-credential-ecr-login https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.5.0/linux-amd64/docker-credential-ecr-login
- chmod +x /usr/local/bin/docker-credential-ecr-login
- mkdir ~/.docker
- echo "{\"credsStore\":\"ecr-login\",\"credHelpers\":{\"$ECR\":\"ecr-login\"}}" > ~/.docker/config.json
- cat ~/.docker/config.json
- docker info
script:
# Build image
- docker build -t "${FULL_PATH}:${TAG}" .
# Build docker-slim image
- docker run -v $(pwd):/mnt -e DOCKER_HOST=tcp://$(grep docker /etc/hosts | cut -f1):2375 dslim/docker-slim --in-container build --http-probe=false --exec-file mnt/files/slim/slim.sh --include-path-file mnt/files/slim/includes.txt --tag "${FULL_PATH}:${TAG}-slim" "${FULL_PATH}:${TAG}"
# Push both versions to ECR
- docker push "${FULL_PATH}:${TAG}"
- docker push "${FULL_PATH}:${TAG}-slim"
only:
- master
cmd=build info=params target.type='image' target='xxx.dkr.ecr.xxx.amazonaws.com/xxx/my-img:test' continue.mode='exec' rt.as.user='true' keep.perms='true' tags='xxx.dkr.ecr.xxx.amazonaws.com/xxx/my-img:test-slim'
cmd=build info=target.image.error status='image.not.found' image='xxx.dkr.ecr.xxx.amazonaws.com/xxx/my-img:test' message='make sure the target image already exists locally (use --pull flag to auto-download it from registry)'
Hey!
I am trying to minify a spring boot (java11) image. when running build with docker-slim it starts the http-probe but it seems to timeout everytime. The application itself is defnitely working and the ports are exposed. When I try to minify it without the http-probe, build finishes but when I try to run the image I get a java stacktrace, saying it is missing it's main class. Can somebody tell me what is going wrong here?
Hi! Hope you all good.
I have recently started using docker-slim and I have spent almost all day trying to slim an image, but at the end I get the same error message:
level=error msg="dockerutil.CopyFromContainer: dclient.DownloadFromContainer() error = inactivity time exceeded timeout"
level=fatal msg="docker-slim: failure" error="inactivity time exceeded timeout" stack="goroutine 1 [running]:\nruntime/debug .................
All my probes are succefull, and the slim report returns:
{
"version": "1.0",
"engine": "linux|Transformer|1.37.6|26a36c88a94c677efd734e874ba081dabb84a224|2022-04-23_06:03:56AM",
"containerized": false,
"host_distro": {
"name": "Ubuntu",
"version": "22.04",
"display_name": "Ubuntu 22.04 LTS"
},
"type": "build",
"state": "error",
"target_reference": "my_api",
"system": {
"type": "",
"release": "",
"distro": {
"name": "",
"version": "",
"display_name": ""
}
},
"source_image": {
"identity": {
"id": ""
},
"size": 0,
"size_human": "",
"create_time": "",
"docker_version": "",
"architecture": "",
"container_entry": {
"exe_path": ""
}
},
"minified_image_size": 0,
"minified_image_size_human": "",
"minified_image": "",
"minified_image_has_data": false,
"minified_by": 0,
"artifact_location": "",
"container_report_name": "",
"seccomp_profile_name": "",
"apparmor_profile_name": "",
"image_stack": [...]
}
I hope you can help me. Thanks!