DockerSlim to Minify, Optimize, and Secure Docker Container in Linux

Most docker experts get stuck at a point when it's about the size of the docker containers. Sometimes the size of the docker images goes up to in GB’s which consumes large storage of the system and makes it difficult to upgrade and start the container. Fortunately we have a free Open source tool in Linux/Mac system which allows us to secure and minimize the size of the docker containers up to 30 times.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related docker queries on any Linux System distribution.

In this context, we shall look into how to install DockerSlim and use it to minimize the docker container.


Why use DockerSlim ?

DockerSlim is important due to the following reasons:

  • To minimize the container's size which reduces the storage usage.
  • To create lightweight containers for faster starting.
  • Reduce bugs.


How to Install Dockerslim ?

Dockerslim is currently supported on Linux and UNIX systems including Mac. The dockerslim binary files can be downloaded from DockerSlim GitHub Repository. Go to the GitHub repository link given below, navigate to installation and download the latest binaries for your system.

DockerSlim GitHub Repository: https://github.com/docker-slim/docker-slim

Also, you can use wget command to download the latest DockerSlim binary files as:

$ wget https://downloads.dockerslim.com/releases/1.36.1/dist_linux.tar.gz

To extract the downloaded files, run the following command:

$ tar -zvxf dist_linux.tar.gz

Once the file is extracted, move the binary files to /usr/local/bin directory as:

$ sudo mv dist_linux/* /usr/local/bin

To verify the installation of DockerSlim, run the following command:

$ which docker-slim

Run the docker docker-slim with option help for useful commands and guides:

$ docker-slim help

DockerSlim provides a very useful menu-driven command line. To try the available commands, run docker-slim without any arguments . In the DockerSlim shell, type help to get the help menu in the interactive prompt.

DockerSlim basic commands includes the followings:

  • Exit => Exit from DockerSlim shell
  • Xray => Shows what is inside of the container image and reverse engineers its Dockerfile
  • Version = > Show DockerSlim and docker version information
  • Lint => Analyzes container instructions in the Dockerfiles


How to Prepare a container to slim ?

To create a slim docker container, we need to have a docker image available in the local system. Here, We have selected an httpd image. You can select the image as per your requirement. Use the following syntax to pull docker images from the dockerhub. Remember that you should have installed the docker engine and dependencies on your system.

Syntax :

$ docker pull <image name>
$ docker pull httpd


How to verify the Output of the Container ?

Once the image is pulled, run it as the container and verify the output. Here, We have exposed port 80 of the httpd docker container and access the default apache page using the browser:

$ docker run -d --name apache -p 80:80 httpd

Also, to check the size of the docker images run the following command:

$ docker images


How to use DockerSlim to build the image ?

Docker image has been pulled and we have verified the container is working fine. Now we will use DockerSlim to build optimized images. Use the following syntax to create minimized Docker images:

$ docker-slim build --target <image name>

Example:

$ docker-slim build --target httpd


How to Verify the final image ?

To check the size of the final image, run the following command:

$ docker images


How to run the container from the DockerSlim build image ?

Finally, we will create a container from the optimized image and monitor the output. As I have used httpd docker images to minimize, I am going to run an httpd container from the latest image. You can select your images accordingly.

Syntax:

$ docker run -d --name <name of the container > -p <host port : container port> <image name>

Example:

$ docker run -d --name apache -p 80:80 httpd.slim

Where,

httpd.slim is the optimized httpd docker image

You can find that the container is up with an optimized image. You can also browse the container in the browser and find the output.

Similarly, you can find that the httpd docker container is working fine with the minimized Docker image.


[Need assistance in fixing Ubuntu Linux issues? We can help you. ]

This article covers how to install DockerSlim in the Linux system and how it can be used to optimize and secure Docker containers. DockerSlim has an interactive shell that you can use to slim and secure your containers.

You can open DockerSlim shell by typing docker-slim on you terminal.


The basic commands for dockerslim include:

  • Build – Analyzes, profiles and optimizes your container image then generates the supported security profiles.
  • xray – Used to perform a static analysis of a container image, you can use this command if you want to see what makes the container fat.
  • lint – Used to analyse container instructions in a DockerFile.
  • profile – Used to perform an analysis of the container image without generating an optimized image.

Related Posts