Despite all the hype that GitHub Actions, GitLab Runner, and other similar solutions receive, the true workhorse in the world of enterprise CI/CD is Jenkins. Jenkins has been around for over a decade at this point, and it will run essentially anywhere that an organization wants it to run. The Jenkins installation guide covers Kubernetes, containers, and multiple operating systems, and it can be hosted on-premises, in the public cloud, or even on a developer’s laptop.
In this tutorial, we will show you how to build SlimToolkit into a Jenkins pipeline. For our purposes, we’ll assume that you have a system running Docker Community Edition with Internet access. Docker Desktop will also work.
Let’s get into it!
If you do not have an existing Jenkins instance available, you can set up a temporary one on any VM running Docker. To get the basic installation of Jenkins running successfully, the documentation strongly recommends that you have at least 4GB of RAM and 10GB of disk space available.
Based on the Jenkins Installation on Linux documentation, we need to install git, wget, and Jenkins, then enable Jenkins to run Docker commands and start the service. You can do all of that as follows:
sudo yum upgrade -y sudo yum install java-11-openjdk git wget -y sudo wget -O /etc/yum.repos.d/jenkins.repo \ https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key sudo yum install jenkins -y sudo useradd -G docker jenkins sudo systemctl daemon-reload sudo systemctl enable --now jenkins.service
After that, Jenkins will be running on the host on port 8080, and it will want to know the admin password that was generated. This is the command to extract it:
cat /var/lib/jenkins/secrets/initialAdminPassword
Jenkins is now ready to go. You can access it with the password that was output by the command. (It will look something like this: 4444abc2222def6666fed7777cba111.) The first time you connect, you can select the default plugins and create a user, if desired.
The process flow below includes adding SlimToolkit. Things can get far more complex, but this illustrates how easy it is to add SlimToolkit and begin taking advantage of its many benefits, including security posture and container size optimization.
Jenkins runs its multi-stage jobs as pipelines. For our tutorial, we’ll create a minimalist pipeline that will retrieve the source code and build it as a container.
As you can see below, our Jenkins dashboard is empty. Let’s start by adding a new item:
Now, we need to pick “Pipeline” as the type of item to create.
Once you’ve selected “Pipeline,” scroll all the way down to the bottom of the configuration screen. We will be creating our pipeline using a script.
Our script will perform several functions:
Here is the code for the pipeline script:
pipeline {
agent none
stages {
stage('Clone sample container repository') {
agent any
steps { sh 'rm -rf nginx-site-a'
sh 'git clone https://github.com/vincepower/nginx-site-a.git'
sh 'cd nginx-site-a ; git checkout main'
}
}
stage('Building the container') {
agent any
steps {
sh 'cd nginx-site-a ; docker build -t slim.ai/nginx-site-a:latest .'
}
}
stage('List images') {
agent any
steps {
sh 'docker images'
}
}
}The next step is to run “Build Now.” When it finishes, we’ll view the output contained in the build log.
You can view the logs by clicking “Console Output” under “Build History.”
You can see the sizes at the bottom of the log:
[Pipeline] { (List images)
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/tutorial-pipeline
[Pipeline] {
[Pipeline] sh
+ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
slim.ai/nginx-site-a latest 0ad6571ed2ac 1 second ago 142MB
nginx latest 670dcc86b69d 7 days ago 142MB
[Pipeline] }
Now we have a baseline that we can use to see to what extent DockerSlim will improve things.
SlimToolkit is one of the easiest utilities to install.
The first step is to go to the release page and grab the latest release. In this case, that’s version 1.37.5, which you can find here.
wget -O dist_linux.tgz \
https://downloads.dockerslim.com/releases/1.37.5/dist_linux.
tar.gztar -xzf dist_linux.tgz
install dist_linux/docker-slim* /usr/bin/We can confirm that it works like this:
$ docker-slim -v docker-slim version linux|Transformer|1.37.5|86fbd29ab3549fa564e87e4770178480cb0542d3|2022-03-21 _06:10:20AM
This is as easy as adding a separate step to the pipeline. In our case, it comes before the “List Images” step. For more information about using SlimToolkit, the best place to start is the README.md on the GitHub page.
stage('Running DockerSlim') {
agent any
steps {
sh 'docker-slim build slim.ai/nginx-site-a'
}
}After the job finishes, navigate back to “Build History” and select “Console Output.” If you scroll to the bottom of the log, you can view the output. As you can see, the new container that we built (which is 12MB) is much, much smaller than the one we started with (which was 142MB).
[Pipeline\] sh + docker images REPOSITORY TAG IMAGE ID CREATED SIZE slim.ai/nginx-site-a.slim latest bfcc5125d200 1 second ago 12MB docker-slim-empty-image latest 01e6adb432f4 21 seconds ago 0B slim.ai/nginx-site-a latest 0ad6571ed2ac 26 minutes ago 142MB nginx latest 670dcc86b69d 7 days ago 142MB
SlimToolkit is an invaluable tool for creating lightweight containers that are more secure by default. It can be run in production to improve your overall security posture. Regardless of whether the actual container build is performed by Docker, Packer, or another tool, SlimToolkit can perform its magic as long as the container is OCI-compliant.
To learn more about SlimToolkit and how to use it in containerized pipelines, you can sign up for the Slim.AI developer platform.
We're excited to share some big news from Slim.AI. We're taking a bold new direction, focusing all our energy on software supply chain security, now under our new name root.io. To meet this opportunity head-on, we’re building a solution focused on transparency, trust, and collaboration between software producers and consumers.
When we started Slim.AI, our goal was to help developers make secure containers. But as we dug deeper with our early adopters and key customers, we realized a bigger challenge exists within software supply chain security — namely, fostering collaboration and transparency between software producers and consumers. The positive feedback and strong demand we've seen from our early customers made it crystal clear: This is where we need to focus.
This new opportunity demands a company and brand that meet the moment. To that end, we’re momentarily stepping back into stealth mode, only to emerge with a vibrant new identity, and a groundbreaking product very soon at root.io. Over the next few months, we'll be laser-focused on working with design partners and building up the product, making sure we're right on the mark with what our customers need.
Stay informed and up-to-date with our latest developments at root.io. Discover the details about the end of life for Slim services, effective March 31, 2024, by clicking here.
We're excited to share some big news from Slim.AI. We're taking a bold new direction, focusing all our energy on software supply chain security, now under our new name root.io. To meet this opportunity head-on, we’re building a solution focused on transparency, trust, and collaboration between software producers and consumers.
When we started Slim.AI, our goal was to help developers make secure containers. But as we dug deeper with our early adopters and key customers, we realized a bigger challenge exists within software supply chain security — namely, fostering collaboration and transparency between software producers and consumers. The positive feedback and strong demand we've seen from our early customers made it crystal clear: This is where we need to focus.
This new opportunity demands a company and brand that meet the moment. To that end, we’re momentarily stepping back into stealth mode, only to emerge with a vibrant new identity, and a groundbreaking product very soon at root.io. Over the next few months, we'll be laser-focused on working with design partners and building up the product, making sure we're right on the mark with what our customers need.
Stay informed and up-to-date with our latest developments at root.io. Discover the details about the end of life for Slim services, effective March 31, 2024, by clicking here.
