Building DockerSlim into a Jenkins Pipeline

A step by step tutorial on building DockerSlim into your CI/CD pipeline.
Sep 02, 2022

Photo by Crystal Kwok on Unsplash

Despite all the hype that GitHub Actions, GitLab Runner, and other similar solutions receive, the true workhorse in the world of enterprise CI/CD is Jenkins. Jenkins has been around for over a decade at this point, and it will run essentially anywhere that an organization wants it to run. The Jenkins installation guide covers Kubernetes, containers, and multiple operating systems, and it can be hosted on-premises, in the public cloud, or even on a developer’s laptop.

In this tutorial, we will show you how to build DockerSlim into a Jenkins pipeline. For our purposes, we’ll assume that you have a system running Docker Community Edition with Internet access. Docker Desktop will also work.

Let’s get into it!

Two-Step Guide to Running a Basic, Temporary Jenkins Instance

If you do not have an existing Jenkins instance available, you can set up a temporary one on any VM running Docker. To get the basic installation of Jenkins running successfully, the documentation strongly recommends that you have at least 4GB of RAM and 10GB of disk space available.

Based on the Jenkins Installation on Linux documentation, we need to install git, wget, and Jenkins, then enable Jenkins to run Docker commands and start the service. You can do all of that as follows:

sudo yum upgrade -y
sudo yum install java-11-openjdk git wget -y
sudo wget -O /etc/yum.repos.d/jenkins.repo \
    https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
sudo yum install jenkins -y
sudo useradd -G docker jenkins
sudo systemctl daemon-reload
sudo systemctl enable --now jenkins.service

After that, Jenkins will be running on the host on port 8080, and it will want to know the admin password that was generated. This is the command to extract it:

cat /var/lib/jenkins/secrets/initialAdminPassword

Jenkins is now ready to go. You can access it with the password that was output by the command. (It will look something like this: 4444abc2222def6666fed7777cba111.) The first time you connect, you can select the default plugins and create a user, if desired.

The Process Flow from Application Source to Image

The process flow below includes adding DockerSlim. Things can get far more complex, but this illustrates how easy it is to add DockerSlim and begin taking advantage of its many benefits, including security posture and container size optimization.

Creating a Jenkins Pipeline with a Basic Script

Jenkins runs its multi-stage jobs as pipelines. For our tutorial, we’ll create a minimalist pipeline that will retrieve the source code and build it as a container.

As you can see below, our Jenkins dashboard is empty. Let’s start by adding a new item:

Now, we need to pick “Pipeline” as the type of item to create.

Once you’ve selected “Pipeline,” scroll all the way down to the bottom of the configuration screen. We will be creating our pipeline using a script.

Our script will perform several functions:

  1. Clone the source code repository.
  2. Switch to the main branch.
  3. Build the container.
  4. List the container image (including its size).

Here is the code for the pipeline script:

pipeline {
  agent none
  stages {
    stage('Clone sample container repository') {
      agent any
      steps { sh 'rm -rf nginx-site-a'
        sh 'git clone https://github.com/vincepower/nginx-site-a.git'
        sh 'cd nginx-site-a ; git checkout main'
      }
    }
    stage('Building the container') {
      agent any
      steps {
        sh 'cd nginx-site-a ; docker build -t slim.ai/nginx-site-a:latest .'
      }
    }
    stage('List images') {
      agent any
      steps {
        sh 'docker images'
      }
    }
  }

The next step is to run “Build Now.” When it finishes, we’ll view the output contained in the build log.

You can view the logs by clicking “Console Output” under “Build History.”

You can see the sizes at the bottom of the log:

[Pipeline] { (List images)
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/tutorial-pipeline
[Pipeline] {
[Pipeline] sh
+ docker images
REPOSITORY            TAG      IMAGE ID         CREATED       SIZE
slim.ai/nginx-site-a  latest   0ad6571ed2ac     1 second ago  142MB
nginx                 latest   670dcc86b69d     7 days ago    142MB
[Pipeline] }

Now we have a baseline that we can use to see to what extent DockerSlim will improve things.

Installing DockerSlim on the Host

DockerSlim is one of the easiest utilities to install.

The first step is to go to the release page and grab the latest release. In this case, that’s version 1.37.5, which you can find here.

wget -O dist_linux.tgz \
    https://downloads.dockerslim.com/releases/1.37.5/dist_linux.
tar.gztar -xzf dist_linux.tgz
install dist_linux/docker-slim* /usr/bin/

We can confirm that it works like this:

$ docker-slim -v
docker-slim version linux|Transformer|1.37.5|86fbd29ab3549fa564e87e4770178480cb0542d3|2022-03-21
_06:10:20AM

Adding DockerSlim to the Pipeline

This is as easy as adding a separate step to the pipeline. In our case, it comes before the “List Images” step. For more information about using DockerSlim, the best place to start is the README.md on the GitHub page.

    stage('Running DockerSlim') {
      agent any
      steps {
        sh 'docker-slim build slim.ai/nginx-site-a'
      }
    }

Re-Running the Pipeline and Viewing the Sizes in the Console Output

After the job finishes, navigate back to “Build History” and select “Console Output.” If you scroll to the bottom of the log, you can view the output. As you can see, the new container that we built (which is 12MB) is much, much smaller than the one we started with (which was 142MB).

[Pipeline\] sh
+ docker images
REPOSITORY                  TAG         IMAGE ID        CREATED         SIZE
slim.ai/nginx-site-a.slim   latest      bfcc5125d200    1 second ago    12MB
docker-slim-empty-image     latest      01e6adb432f4    21 seconds ago  0B
slim.ai/nginx-site-a        latest      0ad6571ed2ac    26 minutes ago  142MB
nginx                       latest      670dcc86b69d    7 days ago      142MB

Conclusion

DockerSlim is an invaluable tool for creating lightweight containers that are more secure by default. It can be run in production to improve your overall security posture. Regardless of whether the actual container build is performed by Docker, Packer, or another tool, DockerSlim can perform its magic as long as the container is OCI-compliant.

To learn more about DockerSlim and how to use it in containerized pipelines, you can sign up for the Slim.AI developer platform.

Related Articles

Automating DockerSlim in Your CICD Pipeline

Using GitHub Actions, you can refine container images automatically making them smaller, faster to load, and more secure by default – all without sacrificing any capabilities.

Nicolas Bohorquez

Contributor

Cloud Development Is Still Too Manual & Complex

Lessons we learned from interviewing more than 30 developers

John Amaral

CEO

Improving the Developer Experience When Adopting Cloud-Native Best Practices

PaymentWorks Case Study

Josh Viney

Product

Increasing Your CI/CD Velocity with Slim Containers

We’ll explain what Slim Containers are, how they speed up the build process, and how they can improve the efficiency of your testing.

Mike Mackrory

Contributor

Integrate Testing into Your Container Pipeline

A closer look at testing within container pipelines, CI/CD, software delivery, and containerization.

Faith Kilonzi

Software Engineer

Where Do You Store Your Container Images?

Container Registry Options are Growing in Number and Complexity

Pieter van Noordennen

Growth

Creating a Container Pipeline with GitLab CI

Shipping containers the easy way

Nicolas Bohorquez

Contributor

5 Most Commonly Asked DockerSlim Questions

We enlisted DockerSlim expert and Slim.AI Developer Experience Engineer to dive into how container slimming works.

Primož Ajdišek

Technical Staff

5 Ways Slim Containers Save You Money

Do slim containers really save you money on your cloud bill? Are there cost advantages to smaller containers? Find out here.

Chris Tozzi

Building Apps Using Cloud Native Buildpacks

Getting started with this innovative technique

Vince Power

Contributor

Clarifying the Complex: Meet Ivan Velichko, Container Dude at Slim.AI

Ivan recently joined the team at Slim.AI, and we sat down with him to learn more about the path that led him here.

Ivan Velichko

Container Dude

Container Insights: Dissecting the World's Most Popular Containers

Join Ayse Kaya in this series, as she creates her 2022 Container Report Chalk Full of Important Security Findings for Developers.

Ayse Kaya

Analytics & Strategy

Container of the Week: Python & Flask

Our weekly breakdown of a popular container

What We Discovered Analyzing the Top 100 Public Container Images

Complexity abounds in modern development

Ayse Kaya

Analytics & Strategy

2022 Public Container Report

Vulnerabilities continue to increase and developers are struggling to keep up.

Ayse Kaya

Analytics & Strategy

Containerizing Python Apps for Lambda

A tutorial on deploying AWS Lambda using containers, Python edition.

Docker Containers for Your Raspberry Pi

Compact PCs need compact apps

Martin Wimpress

Community

Explore and analyze a Docker container with DockerSlim X-Ray

Understanding container composition

Martin Wimpress

Community

Five Proven Ways to Debug a Container

When Things Just Are Not Working

Theofanis Despoudis

Contributor

Five Things You Should Never Ship to Production in a Container

Here is our take on five things to avoid when creating a container or shipping it to production.

Chris Tozzi

Reducing Docker Image Size - Slimming vs Compressing

Know the difference

Pieter van Noordennen

Growth

Serverless Applications and Docker

How to Scale the Latest Trend in Infrastructure

Pieter van Noordennen

Growth

Slim.AI Docker Extension for Docker Desktop

How to access our Docker Extension and try it for yourself.

Josh Viney

Product

Slimming a Rails Application with DockerSlim

Dissect a simple Rails application container using DockerSlim to analyze, optimize, and deploy your product more quickly.

Theofanis Despoudis

Contributor

Using AppArmor and SecComp Profiles for Security Audits

Conduct better container security audits using tools like SecComp, NGINX, and Docker.

What’s in your container?

Why Docker Layers matter for container optimization

Pieter van Noordennen

Growth

Why Developers Shouldn't Have to Be Infrastructure Experts, Too

Simplifying processes required to containerize and deploy cloud-native apps.

Chris Tozzi

A New Workflow for Cloud Development

Leverage the benefits of containerization without the headaches & hassle

John Amaral

CEO

Why Don’t We Practice Container Best Practices?

Container best practices are easy to understand, hard to do

John Amaral

CEO

Better Security Audits with AppArmor and SecComp via DockerSlim

Combine the power of tools like SecComp, NGINX, and Docker.

Automatically reduce Docker container size using DockerSlim

REST Web Service example using Python/Flask

John Amaral

CEO

Comparing Container Versions with DockerSlim and Slim.AI

See differences between your original and slimmed images

Pieter van Noordennen

Growth

In the Media: DockerSlim and Slim.AI

Latest Mentions

Slim.AI and OSI: Why We Advocate for Open Source

Slim.AI continues its support of OSI and sponsors the OSI licensing API as a part of its ongoing advocacy for open source

Pieter van Noordennen

Growth

The DockerSlim Origin Story

How DockerSlim got its start at Docker's Global Hack Day, and the creation of Slim.AI.

Kyle Quest

CTO

What DockerSlim Users Get Out of Slim's SaaS Platform

Scaling Your Container Game

Martin Wimpress

Community