Building SlimToolkit into a Jenkins Pipeline
Sep 02, 2022
Despite all the hype that GitHub Actions, GitLab Runner, and other similar solutions receive, the true workhorse in the world of enterprise CI/CD is Jenkins. Jenkins has been around for over a decade at this point, and it will run essentially anywhere that an organization wants it to run. The Jenkins installation guide covers Kubernetes, containers, and multiple operating systems, and it can be hosted on-premises, in the public cloud, or even on a developer’s laptop.
In this tutorial, we will show you how to build SlimToolkit into a Jenkins pipeline. For our purposes, we’ll assume that you have a system running Docker Community Edition with Internet access. Docker Desktop will also work.
Let’s get into it!
Two-Step Guide to Running a Basic, Temporary Jenkins Instance
If you do not have an existing Jenkins instance available, you can set up a temporary one on any VM running Docker. To get the basic installation of Jenkins running successfully, the documentation strongly recommends that you have at least 4GB of RAM and 10GB of disk space available.
Based on the Jenkins Installation on Linux documentation, we need to install git, wget, and Jenkins, then enable Jenkins to run Docker commands and start the service. You can do all of that as follows:
sudo yum upgrade -y sudo yum install java-11-openjdk git wget -y sudo wget -O /etc/yum.repos.d/jenkins.repo \ https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key sudo yum install jenkins -y sudo useradd -G docker jenkins sudo systemctl daemon-reload sudo systemctl enable --now jenkins.service
After that, Jenkins will be running on the host on port 8080, and it will want to know the admin password that was generated. This is the command to extract it:
cat /var/lib/jenkins/secrets/initialAdminPassword
Jenkins is now ready to go. You can access it with the password that was output by the command. (It will look something like this: 4444abc2222def6666fed7777cba111.) The first time you connect, you can select the default plugins and create a user, if desired.
The Process Flow from Application Source to Image
The process flow below includes adding SlimToolkit. Things can get far more complex, but this illustrates how easy it is to add SlimToolkit and begin taking advantage of its many benefits, including security posture and container size optimization.
Creating a Jenkins Pipeline with a Basic Script
Jenkins runs its multi-stage jobs as pipelines. For our tutorial, we’ll create a minimalist pipeline that will retrieve the source code and build it as a container.
As you can see below, our Jenkins dashboard is empty. Let’s start by adding a new item:
Now, we need to pick “Pipeline” as the type of item to create.
Once you’ve selected “Pipeline,” scroll all the way down to the bottom of the configuration screen. We will be creating our pipeline using a script.
Our script will perform several functions:
- Clone the source code repository.
- Switch to the main branch.
- Build the container.
- List the container image (including its size).
Here is the code for the pipeline script:
pipeline {
agent none
stages {
stage('Clone sample container repository') {
agent any
steps { sh 'rm -rf nginx-site-a'
sh 'git clone https://github.com/vincepower/nginx-site-a.git'
sh 'cd nginx-site-a ; git checkout main'
}
}
stage('Building the container') {
agent any
steps {
sh 'cd nginx-site-a ; docker build -t slim.ai/nginx-site-a:latest .'
}
}
stage('List images') {
agent any
steps {
sh 'docker images'
}
}
}The next step is to run “Build Now.” When it finishes, we’ll view the output contained in the build log.
You can view the logs by clicking “Console Output” under “Build History.”
You can see the sizes at the bottom of the log:
[Pipeline] { (List images)
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/tutorial-pipeline
[Pipeline] {
[Pipeline] sh
+ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
slim.ai/nginx-site-a latest 0ad6571ed2ac 1 second ago 142MB
nginx latest 670dcc86b69d 7 days ago 142MB
[Pipeline] }
Now we have a baseline that we can use to see to what extent DockerSlim will improve things.
Installing SlimToolkit on the Host
SlimToolkit is one of the easiest utilities to install.
The first step is to go to the release page and grab the latest release. In this case, that’s version 1.37.5, which you can find here.
wget -O dist_linux.tgz \
https://downloads.dockerslim.com/releases/1.37.5/dist_linux.
tar.gztar -xzf dist_linux.tgz
install dist_linux/docker-slim* /usr/bin/We can confirm that it works like this:
$ docker-slim -v docker-slim version linux|Transformer|1.37.5|86fbd29ab3549fa564e87e4770178480cb0542d3|2022-03-21 _06:10:20AM
Adding SlimToolkit to the Pipeline
This is as easy as adding a separate step to the pipeline. In our case, it comes before the “List Images” step. For more information about using SlimToolkit, the best place to start is the README.md on the GitHub page.
stage('Running DockerSlim') {
agent any
steps {
sh 'docker-slim build slim.ai/nginx-site-a'
}
}Re-Running the Pipeline and Viewing the Sizes in the Console Output
After the job finishes, navigate back to “Build History” and select “Console Output.” If you scroll to the bottom of the log, you can view the output. As you can see, the new container that we built (which is 12MB) is much, much smaller than the one we started with (which was 142MB).
[Pipeline\] sh + docker images REPOSITORY TAG IMAGE ID CREATED SIZE slim.ai/nginx-site-a.slim latest bfcc5125d200 1 second ago 12MB docker-slim-empty-image latest 01e6adb432f4 21 seconds ago 0B slim.ai/nginx-site-a latest 0ad6571ed2ac 26 minutes ago 142MB nginx latest 670dcc86b69d 7 days ago 142MB
Conclusion
SlimToolkit is an invaluable tool for creating lightweight containers that are more secure by default. It can be run in production to improve your overall security posture. Regardless of whether the actual container build is performed by Docker, Packer, or another tool, SlimToolkit can perform its magic as long as the container is OCI-compliant.
To learn more about SlimToolkit and how to use it in containerized pipelines, you can sign up for the Slim.AI developer platform.
share
Related Articles
Introducing Slim's Scanner Orb for CircleCI
Get vulnerability and container composition analysis with every new container build
Heather Thacker
Contributor
Jit Reduces Container Size 90% And Cuts Bootstrap Time in Half
DevSecOps platform achieves a step change in DevX with minimal integration effort
Anne James
Product Marketing Manager
Increasing Your CI/CD Velocity with Slim Containers
We’ll explain what Slim Containers are, how they speed up the build process, and how they can improve the efficiency of your testing.
Mike Mackrory
Contributor
Are Scratch Containers More Secure?
We dive into the intricacies of whether or not you should build a container from scratch, or use a tool like DockerSlim to harden your containers.
Building SlimToolkit into a Jenkins Pipeline
A step by step tutorial on building SlimToolkit into your CI/CD pipeline.
Integrate Testing into Your Container Pipeline
A closer look at testing within container pipelines, CI/CD, software delivery, and containerization.
Faith Kilonzi
Software Engineer
Creating a Container Pipeline with GitLab CI
Shipping containers the easy way
Improving the Developer Experience When Adopting Cloud-Native Best Practices
PaymentWorks Case Study
Josh Viney
Product
Q&A With Priceline CTO Marty Brodbeck
We talk container workflows, DevX, and cloud-native at scale
Improving the Developer Experience When Adopting Cloud-Native Best Practices
PaymentWorks Case Study
Josh Viney
Product