Slim Down Your Containers: How Slim (ToolKit) Puts Docker Images on a Diet

Introduction

We’ve all experienced the dependency hell that arises while collaborating with others or working in a team. Dependency resolution can indeed be a hassle. However, one technology has proven to be bliss regarding dependency resolution: Containers. They package software into standardized units for development, shipment, and deployment. Simply put, you can visualize containers as the lightest version of your computer containing only the application or service, its dependencies, and its configuration (abstracted as deployment manifest files). These elements are bundled together into what is known as a container image. You may be asking, “What is a container image?”

A container image is a package that includes all the necessary dependencies and information required to create a container. An image incorporates all dependencies (such as frameworks) and deployment and execution configurations used by a container runtime. One tool that significantly simplifies working with containers is Docker. Docker is not just a tool but also a company that promotes the adoption of container technology. In Docker’s context, the container image is referred to as a Docker image.

Containers are known for their lightweight nature and typically do not consume much hardware space. However, many docker container images tend to be quite large. This is due to the Docker creating unnecessary layers and files that are not always required. A larger container can slow your application, make it vulnerable to bugs and security threats, and consume more storage. Furthermore, upgrades and downloads need more time. Here’s where a tool named slimtoolkit comes to the rescue.

Slim (Toolkit)?

SlimToolkit is a tool that helps optimise Docker images by removing unnecessary layers and files, making your containers better, smaller by 30x, and more secure while providing advanced visibility and improved usability when working with the original and minified containers.

It slims down the Docker container image by understanding the applications and applying various analysis techniques. In terms of security, it removes what is not needed, reducing the container’s attack surface.

Note: The minified version by SlimToolkit is safe for production use, but it is always recommended that the images be checked.

Why Slim (Toolkit)?

1. Large Docker images consume significant storage space, leading to increased costs for hosting and distribution.
2. Transferring and deploying large images is time-consuming, slowing the development and deployment processes.
3. Large images can negatively impact the performance of containerised applications due to the overhead of unnecessary files and dependencies. They can also increase the attack surface and make the containers more susceptible to security vulnerabilities.
4. Manually optimising Dockerfiles to reduce image size and improve performance is a complex and error-prone process.

How does Slim (Toolkit) work?

• Creates a temporary container from the original image and inspects the container metadata and data.
• Probes running container to identify app dependencies/requirements
• Tracks minimal files/executables needed for app functionality.
• Rebuilds slimmed image with only required components.
• Flattens layers to remove redundant data in the new image.
• Optionally adds security profiles like Seccomp/AppArmor.
• Produces optimised image 10-30x smaller than original.

Installation

To install Slim on Mac and Linux, follow the steps below:

1. First, download the zip package based on the platform you need to install Slim. I have “Ubuntu 22.04 LTS” and architecture “x86_64” and use the Latest Linux binaries.

curl -L -o ds.tar.gz https://github.com/slimtoolkit/slim/releases/download/1.40.11/dist_linux.tar.gz

2. Now, you need to unzip the downloaded package and move it to the bin directory to make it available system-wide. This means it can be executed from any directory in the terminal.

Note: If mv dist_linux/slim /usr/local/bin/ does not work, try using sudo . The sudo command is used to run the mv command with superuser privileges, which is required to move files to system directories like /usr/local/bin/

For Mac, you can use the following commands:

unzip ds.zip
mv dist_mac/slim /usr/local/bin/ 
mv dist_mac/slim-sensor /usr/local/bin/

3. Check if the slim is installed properly using the command slim –version.

Using Slim To Optimise Docker Images

Optimising Docker images means removing unnecessary layers and files, making your containers better, smaller, and more secure.

Let’s understand how to optimise Docker container images using the slim toolkit command. There are various commands in slimtoolkit, and the basic structure for using all the commands is the same.

The syntax of the command in slimtoolkit is:

slim [global flags][command] [command-specific flags] [image-name:tag]

Let’s understand each term and its usage here.

• Slim – This is the primary executable for SlimToolkit.
  
• Global flags – These are optional flags that apply to all commands in SlimToolkit. They configure the behaviour of the Slim application itself and are not tied to any specific command.
  
• Command – This specifies the action you want SlimToolkit to perform. Each command has its own specific functionality.
  
• Command-specific Flags – These are optional flags specific to the command being used. They modify the behaviour of that particular command.
  
• Image – This specifies the target Docker image you want to work with. The image-name is the name of the Docker image, and tag is the version or variant of the image. You can find the docker images on Dockerhub

Here is a sample example of how to use these command syntaxes. I’ll use the most popular command build, which is used to optimise the Docker image and reduce the image size

slim --debug --log-level debug build --http-probe <my-docker-image>

Please visit the official documentation of slim to learn more about slim commands.

Let’s Understand the slimming of Docker images using practical application

Slimming Ngnix image from Dockerhub installed on AWS EC2

• Prerequisites
  • AWS EC2 instance (e.g., t2.micro)
  • Docker installed in the instance
  • Slimtoolkit installed
  • An understanding of how to pull images from Dockerhub

Step 01: Create an AWS EC2 instance

Use the following command to connect to your instance

`ssh -i "your-key.pem" ec2-user@your-instance-public-dns`

Step 02: Install Docker inside your EC2 instance with the help of Docker Installation on Ubuntu Guide.

Set up the Docker’s apt repository, install the Docker packages, and verify the installation.

Step 03: Install the Slimkittool on your AWS EC2 instance with the help of the slimtoolkit installation guide. 

Step 04: Now, you need to pull the {image} from Dockerhub using the syntax

docker image pull [OPTIONS] NAME[:TAG|@DIGEST or alias docker pull <image-name>

i. Go to Dockehub to check the image name and related tags.

ii. Copy the command in the red box above and paste it into your EC2 terminal.

iii. The below image shows the actual size of the nginx image.

Step 05:

Please skim through the slim commands to slim the image.

I’ll go elementary here, slimming the image without any flags now, and the command is slim build nginx:latest.

What’s interesting here is that slim assumes the image as a web application and sends the API call to the exposed port. slim has this thing called a probe, and by default, http-probe is enabled.

You can use the command http-probe=false to disable it. In most cases, it is not possible to send API calls to check if the port is accessible, and this causes the slim process to take more time or cause errors.

You can read more about HTTP PROBE COMMANDS.

The image has been slimmed here, and the optimised image size is only 13 MB.

The size difference between the two Docker images before and after using the Slim command.

Note: Using the slim build command does not replace your actual image; it creates an image with <imagename>.slim.

Yes, it’s time to celebrate now, you have learnt how to slim your docker images using slimtoolkit.

Other Useful Slim Commands

The slimToolkit provides several commands that help you to optimise your Docker images. Some of the commands are listed below:

xray: With the help of this command, you can analyse the Docker image and see what’s inside your Docker image.

lint: This command helps you to check for any errors in Dockerfiles so you can avoid the errors that occur during the image build process because of errors in Dockerfile.

build: This is the most important command that optimises the Docker image with only the required dependencies and files for the applications and thus reduces the image size.

debug: This command helps you debug a running container that was created from a slimmed Docker image.

profile: This command collects information about the Docker image and reports in JSON format that you can use to analyse its size and performance.

merge: If you want to merge two images into a single image, use the merge command.

Conclusion

In this blog, we explored the importance of optimising Docker images and how SlimToolkit simplifies this process. Docker images, while powerful, often become bloated with unnecessary layers, impacting performance and security. SlimToolkit efficiently trims these images, making them up to 30x smaller and more secure by removing redundant components. We covered the installation process, basic commands, and practical applications using an NGINX image on an AWS EC2 instance. Utilising SlimToolkit enhances development and deployment speed and ensures leaner, faster, and more secure containerised applications.

For more information and insights about Docker images and other cloud-based technologies, refer to the CloudZenia website.