logo

Unravelling the Magical Act of DockerSlim Minifying Container Images

Conference:  ContainerCon 2022

2022-06-23

Authors:   Mritunjay Sharma


Summary

Docker Slim is a tool that makes Docker images smaller, faster, and more secure by analyzing and collecting information from a temporary container.
  • Docker Slim creates a temporary container to analyze and collect information from a fat image
  • It applies heuristics to optimize the image and create a security profile
  • The resulting slim image is much smaller and faster than the original image
  • Docker Slim is a developer-oriented tool that can be used on existing commercial software
  • Future plans for Docker Slim include introducing a Docker Compose feature and using traditional HTTP probes
The pre-recorded demo showed how Docker Slim reduced the size of a Node Docker image from 432 MB to 14 MB while still maintaining the same functionality

Abstract

Ever thought of attending a magical act in an Open Source Summit? Or for that matter doing an X-Ray of your containers or maybe giving them some magical portion to minify their image size? That’s exactly what magician Mritunjay is going to pull out in this act! Growing containers sizes can be a problem for both the size and security it demands. From minifying your Docker container image by up to 30x to make it securer too, this talk will entail how the magical portion of DockerSlim can simplify and optimize the developer experience with containers by making them better, smaller and securer without changing anything in the Docker container image. Through this talk, the audience will learn how DockerSlim optimizes containers by understanding the application and what it needs using various analysis techniques and how one can customize/edit containers and container metadata. Wondering what if you need some of those extra things to debug the containers? Hold your beers, this talk also entails the use of dedicated debugging side-car containers for that! So join this magical act to hook you to the journey of no longer worrying about manually creating Seccomp and AppArmor security profiles or for that matter being an expert in Linux syscalls to have securer and optimized containers!

Materials: