Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Kyle Quest
    @kcq
    This is the place for all things docker-slim :)
    Jasper Morgan
    @jasperamorgan_gitlab
    I'm running docker-slim on a centos-7 Docker image that has JDK11 and Gradle installed. The intention is for this to be our base image for java app builds. (There is no ENTRYPOINT) in the Dockerfile. docker-slim is stripping out both the java & gradle installs. Do I need to use --include-file for everything to make java & gradle run in the slimmed image?
    Kyle Quest
    @kcq
    @jasperamorgan_gitlab is there a specific reason you want to minify your base image instead of your app images?
    The gotcha with the base images in general is that you don't know what your application will need, so slimming them is more complicated because you have to explicitly select what you want using the --include-path, --include-file, --include-shell, --include-exe, --include-bin options. If you minify your app images instead you don't have to do this extra manual work.
    Kyle Quest
    @kcq
    Do you want to make your base image a bit smaller (so the app image builds are faster) and then you want to run docker-slim on the app images too?
    Jasper Morgan
    @jasperamorgan_gitlab
    Yeah - that's exactly it
    Kyle Quest
    @kcq
    Thanks for confirming! Slimming down base images will be a great feature (this question came up a few times already) though the maximum possible size reduction will happen with the app images.
    Kit Cragin
    @kcragin
    I came across this as I was winding down from the night, so forgive my ignorance. Can this be used on ASP.NET Core/Kestrel/Linux images? If, so how would that work? Through the HTTP probing?
    Kyle Quest
    @kcq
    It will be possible to use it with .Net Core, but there's still some work to do. The last time I tried it a few DLLs didn't make. Need to investigate further... Any help with the .Net internals on Linux is appreciated :)
    Leandro
    @chuleh
    Hi everyone :)
    I'm running into an issue when trying to use docker-slim in our pipeline in gitlab-ci
    Been reading this thread: docker-slim/docker-slim#34
    Is it build or builds?
    Leandro
    @chuleh
    Nevermind, just read that it's build/subdir :)
    Kyle Quest
    @kcq
    The enhancement for this is almost there... Sorry for the delay
    I mean, the extra extra enhancements to run without using local mounts, which will make things easier in gitlab-ci
    Kyle Quest
    @kcq
    What's your setup? How is configured? Where do you have docker-slim? What are the parameters when you run it?
    hrushikesh ramesh potbhare
    @hrushikeshpotbhare
    what work is done in background of docker slim ? how it works ?
    Tom Mason
    @mrmason
    Hi, I've reported docker-slim/docker-slim#90 - happy to chat about it here if anyone wants to help debug
    I'm seeing the same thing in my gitlab-CI process as well, although if I run the command directly on the host it seems to work fine
    ( on the gitlab-ci runner host that is )
    so feels like a permissions problem
    Tom Mason
    @mrmason
    i tried the stuff in the above issue ( 34 ) but I'm not using DIND on this pipeline, so it shouldn't matter, and indeed moving stuff to /builds made no difference
    Tom Mason
    @mrmason
    $ /builds/docker-slim --state-path '/builds/docker-slim-state/' build --tag $CI_COMMIT_SHA-slim --http-probe=false $CI_COMMIT_SHA-fat
<snip>
time="2019-10-01T11:37:27Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"OCI runtime create failed: container_linux.go:348: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\": unknown"}
    Kyle Quest
    @kcq
    @mrmason can you check the permissions on the docker-slim-sensor executable in your environment
    added a few more comments in the ticket too
    Tom Mason
    @mrmason
    Thanks, I've replied - it looks like /opt/dockerslim/bin/sensor is a folder in the slim image, when it should be an executable
    Tom Mason
    @mrmason
    btw, I'm aware ubuntu base isn't the ideal candidate for slimming, I want to run it on our real containers, but I used that as an example to show it wasn't working on something nice and simple :)
    It's doing the same thing on our gitlab runners, which are hosted on Ubuntu
    Tom Mason
    @mrmason
    oh sorry, the host machine is ubuntu, but it will be running inside docker:latest
    which according to this https://github.com/docker-library/docker/blob/eb1b8297d29bb1fb2208c98f41c1ff4c053c4173/19.03/Dockerfile
    is alpine
    Malys
    @malys

    Hi,
    I have the same probleme

    $ /builds/docker-slim --state-path '/builds/docker-slim-state/' build --tag $CI_COMMIT_SHA-slim --http-probe=false $CI_COMMIT_SHA-fat
<snip>
time="2019-10-01T11:37:27Z" level=fatal msg="docker-slim: failure" error="API error (400): {"message":"OCI runtime create failed: container_linux.go:348: starting container process caused \"exec: \\\"/opt/dockerslim/bin/sensor\\\": permission denied\": unknown"}

    I use docker for windows and docker in docker.
    My dockerfile:
    FROM docker as builder

    RUN apk add --no-cache curl
    RUN curl -kL https://github.com/docker-slim/docker-slim/releases/download/1.25.3/dist_linux.tar.gz | tar xvz

    FROM alpine:3.7
    COPY --from=builder /dist_linux/docker-slim /usr/local/bin/
    COPY --from=builder /dist_linux/docker-slim-sensor /usr/local/bin/
    COPY --from=builder /usr/local/bin/docker /usr/local/bin/
    COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/
    ENTRYPOINT ["docker-entrypoint.sh"]

    Kyle Quest
    @kcq
    @mrmason thanks for the base ubuntu image clarification... sounds like it'll be good to have a very simple hello world ubuntu sample image (i'll add it to the examples repo)
    Kyle Quest
    @kcq
    @mrmason the Github issue snippets have Fedora in them... Are you seeing the same with both host machines... Ubuntu and Fedora?
    Kyle Quest
    @kcq
    @malys the dind use cases are not officially supported yet because the current version relies on mounting a local volume, which isn't always possible with dind. The dind and the docker-based CI support is coming soon in 1.26, which will use another option to add and get container components that doesn't related on volume mounts.
    Tom Mason
    @mrmason
    Yes @kcq - the same problem on Ubuntu, PopOS and Fedora ( and Centos )
    Malys
    @malys

    @malys the dind use cases are not officially supported yet because the current version relies on mounting a local volume, which isn't always possible with dind. The dind and the docker-based CI support is coming soon in 1.26, which will use another option to add and get container components that doesn't related on volume mounts.

    Thx @kcq

    Malys
    @malys
    @kcq I found a workaround:
    docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v //var/run/docker.sock:/var/run/docker.sock -v d:\:/D --name dslim alpine /bin/sh -> full rights on my "docker for windows" host and dind enabled
    you have to put docker-slim and sensor on shared folder (in my case, a child of d:) and launch docker-slim command in previous container from shared folder.
    => mounting and slim process work fine
    Tom Mason
    @mrmason
    windows :o
    have you managed to reproduce the problem @kcq ? Anything else you need, or anything more I can help with ?
    Kyle Quest
    @kcq
    @malys yes, the trick there is to leverage already shared folders, but it makes it more complex than it should be
    @mrmason i'll have more to share soon, sorry about the delay Tom
    Kyle Quest
    @kcq
    Tom, can you check if you have 'docker-slim-sensor' in the '/usr/local/bin' directory on your host machine