5 Most Commonly Asked DockerSlim Questions

We enlisted DockerSlim expert and Slim.AI Developer Experience Engineer to dive into how container slimming works.
Primož Ajdišek
Jul 18, 2022

Photo by ThisisEngineering RAEng on Unsplash

DockerSlim and Slim.AI have been growing in adoption and usage, and along with this, so has our community. We often receive questions from users regarding the product, experience and the open source project itself.

In this post you’ll find a roundup of the most commonly asked questions, and we’ll try to do this every once in a while, when more frequently asked questions come in from our users.

Question 1: How does DockerSlim work under the hood?

DockerSlim uses a technology called ptrace, a standard Linux and Unix utility that allows you to scan and ultimately control a process, then have visibility into the system when it runs. With ptrace, a system can view and understand all the file access, executables, and processes that are running in a Linux kernel. For our purposes, that applies to a running Docker container. During the minification and optimization process, DockerSlim goes through the ptrace data and selects which files and executables to keep in the container by analyzing the ptrace output.

This means that during minification ptrace will analyze whether a certain file or process was accessed, checked, opened or executed, and depending on the type of access, DockerSlim will decide whether to include these in the new image or not.

DockerSlim then creates a container image from scratch including just what is required to successfully run your application, along with any custom configurations you may have provided (more on that later).

A quick note on why ptrace was selected for DockerSlim: DockerSlim is a project that got started well before Slim.AI, when Docker adoption was just gaining momentum. When DockerSlim was first created, technologies like eBPF and lsof were not widely available, and certainly not robust enough for production-grade container minification. The DockerSlim contributors are constantly looking at new kernel technologies to see if they would help improve our results, and there are some exciting demos our team has done with this new tech.

Follow-up question: Does Slim.AI offer any other ways of slimming a container other than the DockerSlim CLI?

Yes - one of the newest features of Slim.AI SaaS is minification optimization, which is essentially like hosted DockerSlim, enabling you to minify your containers through a convenient UI, instead of the CLI flags, and running on Slim.AI’s build servers.

So if using the CLI-based Docker Slim is too complex or has too many options, you can use the UI for a better web-based user experience.

Question 2: What type of applications work best with DockerSlim?

DockerSlim works on any Linux-based OCI-complaint container and supports all application types, technology stacks, and base images for optimization and minification. It’s a founding principle of the project that developers should be able to work the way they want with their favorite tools and tech.

It’s a founding principle of the project that developers should be able to work the way they want with their favorite tools and tech.

That said, DockerSlim is particularly suited for web applications, because it has extensive HTTP probes, which leverages crawlers to check endpoints in the apps, making it simpler for ptrace and other tools to understand what’s happening. This enables DockerSlim to do most of the work automatically, and is one reason the project is popular with Node, Python, DotNet, and Ruby-on-Rails developers — though we see our share of Go, Java, and other frameworks as well.

Console or CLI apps require a bit more manual work and intervention for slimming. To achieve the same level of automation you will either need to write a script or test, for it to run and execute the different commands your apps will need to run successfully. Some external source needs to interact with the CLI in order for ptrace to detect what the application needs, and ensure it is included in the minified version.

DockerSlim also leverages standard HTTP/S for the HTTP probe for server interfacing, to keep this standardized.

Question 3: How do I integrate DockerSlim into my CI/CD pipeline?

Since DockerSlim is a standard utility to run in a terminal, you can easily implement it into your CI/CD pipeline, as long as you have the relevant permissions to access Docker and provide an environment that can actually run Docker. This means it can support any CI/CD tool that has Docker enabled as part of the environment. Check out this article on Automating DockerSlim in your CI/CD Pipeline, which leverages DockerSlim as part of a GitHub Action. We’ve written or seen similar examples using Jenkins, CircleCI, and many other common CI tools.

It’s worth noting that at the time of writing this article, some GitLab users can experience issues with timeouts when running DockerSlim in their CI pipeline. A quick fix is to invoke the `--sensor-ipc-mode proxy` flag in your build command. More on this issue can be found in the DockerSlim Issues section on GitHub.

Regardless of which CI/CD system you use, it is important to have a good suite of tests running on a newly slimmed container before it makes its way to production. You want to ensure that the application in the container is indeed functionally equivalent to the original, and have some process to fall back to the original or stop the deployment should something unexpected happen in the build process.

Regardless of which CI/CD system you use, it is important to have a good suite of tests running on a newly slimmed container before it makes its way to production.

Followup Question: What Slim.AI connectors are they and when are they used?

Slim.AI connectors are not directly related to CI/CD but they are the way to connect to a private Docker registry if you need. With these connectors you will be able to see the containers you have in your private registries, such as a private Docker Hub or private AWS registry.

Question 4: What if my minified container stops working - how do I debug it?

The best way to check why your container has stopped working is to use Slim.AI’s diffing capabilities, and compare the changes between the slimmed and non-slimmed container. This will help you understand which files are missing and were removed in the minification process. Once you are equipped with this information, you can then use the built-in flags to tell Docker Slim to include that file, no matter what happens with it during the ptrace scan.

If you have automated testing, DockerSlim supports any utility you are already using. You can run these tests as part of your pipeline, and you can even have the process fail based on predefined statements, which will prevent the build from proceeding to slimming.

Question 5: Does DockerSlim work with Podman or other Docker alternatives?

DockerSlim does not currently work with Podman directly, however, you can use DockerSlim created containers with Kubernetes and with Podman, but be aware that the slimming process can’t run without Docker. Once minified, the containers can be run on any OCI compliant runtime, including containerd, podman, K8s, among others.

We hope these questions helped you learn a little bit more about how DockerSlim works, as well as works together with Slim.AI. Feel free to drop your questions in our Discord, and we will continue to do roundups when we have new and interesting questions from the community.

Related Articles

5 Ways Slim Containers Save You Money

Do slim containers really save you money on your cloud bill? Are there cost advantages to smaller containers? Find out here.

Chris Tozzi

Automating DockerSlim in Your CICD Pipeline

Using GitHub Actions, you can refine container images automatically making them smaller, faster to load, and more secure by default – all without sacrificing any capabilities.

Nicolas Bohorquez

Contributor

Building Apps Using Cloud Native Buildpacks

Getting started with this innovative technique

Vince Power

Contributor

Building DockerSlim into a Jenkins Pipeline

A step by step tutorial on building DockerSlim into your CI/CD pipeline.

Clarifying the Complex: Meet Ivan Velichko, Container Dude at Slim.AI

Ivan recently joined the team at Slim.AI, and we sat down with him to learn more about the path that led him here.

Ivan Velichko

Container Dude

Container Insights: Dissecting the World's Most Popular Containers

Join Ayse Kaya in this series, as she creates her 2022 Container Report Chalk Full of Important Security Findings for Developers.

Ayse Kaya

Analytics & Strategy

Container of the Week: Python & Flask

Our weekly breakdown of a popular container

What We Discovered Analyzing the Top 100 Public Container Images

Complexity abounds in modern development

Ayse Kaya

Analytics & Strategy

2022 Public Container Report

Vulnerabilities continue to increase and developers are struggling to keep up.

Ayse Kaya

Analytics & Strategy

Containerizing Python Apps for Lambda

A tutorial on deploying AWS Lambda using containers, Python edition.

Docker Containers for Your Raspberry Pi

Compact PCs need compact apps

Martin Wimpress

Community

Explore and analyze a Docker container with DockerSlim X-Ray

Understanding container composition

Martin Wimpress

Community

Five Proven Ways to Debug a Container

When Things Just Are Not Working

Theofanis Despoudis

Contributor

Five Things You Should Never Ship to Production in a Container

Here is our take on five things to avoid when creating a container or shipping it to production.

Chris Tozzi

Increasing Your CI/CD Velocity with Slim Containers

We’ll explain what Slim Containers are, how they speed up the build process, and how they can improve the efficiency of your testing.

Mike Mackrory

Contributor

Integrate Testing into Your Container Pipeline

A closer look at testing within container pipelines, CI/CD, software delivery, and containerization.

Faith Kilonzi

Software Engineer

Reducing Docker Image Size - Slimming vs Compressing

Know the difference

Pieter van Noordennen

Growth

Serverless Applications and Docker

How to Scale the Latest Trend in Infrastructure

Pieter van Noordennen

Growth

Slim.AI Docker Extension for Docker Desktop

How to access our Docker Extension and try it for yourself.

Josh Viney

Product

Slimming a Rails Application with DockerSlim

Dissect a simple Rails application container using DockerSlim to analyze, optimize, and deploy your product more quickly.

Theofanis Despoudis

Contributor

Where Do You Store Your Container Images?

Container Registry Options are Growing in Number and Complexity

Pieter van Noordennen

Growth

Using AppArmor and SecComp Profiles for Security Audits

Conduct better container security audits using tools like SecComp, NGINX, and Docker.

What’s in your container?

Why Docker Layers matter for container optimization

Pieter van Noordennen

Growth

Why Developers Shouldn't Have to Be Infrastructure Experts, Too

Simplifying processes required to containerize and deploy cloud-native apps.

Chris Tozzi

A New Workflow for Cloud Development

Leverage the benefits of containerization without the headaches & hassle

John Amaral

CEO

Why Don’t We Practice Container Best Practices?

Container best practices are easy to understand, hard to do

John Amaral

CEO

Better Security Audits with AppArmor and SecComp via DockerSlim

Combine the power of tools like SecComp, NGINX, and Docker.

Automatically reduce Docker container size using DockerSlim

REST Web Service example using Python/Flask

John Amaral

CEO

Comparing Container Versions with DockerSlim and Slim.AI

See differences between your original and slimmed images

Pieter van Noordennen

Growth

In the Media: DockerSlim and Slim.AI

Latest Mentions

Slim.AI and OSI: Why We Advocate for Open Source

Slim.AI continues its support of OSI and sponsors the OSI licensing API as a part of its ongoing advocacy for open source

Pieter van Noordennen

Growth

The DockerSlim Origin Story

How DockerSlim got its start at Docker's Global Hack Day, and the creation of Slim.AI.

Kyle Quest

CTO

What DockerSlim Users Get Out of Slim's SaaS Platform

Scaling Your Container Game

Martin Wimpress

Community