Despite all the hype that GitHub Actions, GitLab Runner, and other similar solutions receive, the true workhorse in the world of enterprise CI/CD is Jenkins. Jenkins has been around for over a decade at this point, and it will run essentially anywhere that an organization wants it to run. The Jenkins installation guide covers Kubernetes, containers, and multiple operating systems, and it can be hosted on-premises, in the public cloud, or even on a developer’s laptop.
In this tutorial, we will show you how to build SlimToolkit into a Jenkins pipeline. For our purposes, we’ll assume that you have a system running Docker Community Edition with Internet access. Docker Desktop will also work.
Let’s get into it!
If you do not have an existing Jenkins instance available, you can set up a temporary one on any VM running Docker. To get the basic installation of Jenkins running successfully, the documentation strongly recommends that you have at least 4GB of RAM and 10GB of disk space available.
Based on the Jenkins Installation on Linux documentation, we need to install git, wget, and Jenkins, then enable Jenkins to run Docker commands and start the service. You can do all of that as follows:
sudo yum upgrade -y sudo yum install java-11-openjdk git wget -y sudo wget -O /etc/yum.repos.d/jenkins.repo \ https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key sudo yum install jenkins -y sudo useradd -G docker jenkins sudo systemctl daemon-reload sudo systemctl enable --now jenkins.service
After that, Jenkins will be running on the host on port 8080, and it will want to know the admin password that was generated. This is the command to extract it:
cat /var/lib/jenkins/secrets/initialAdminPassword
Jenkins is now ready to go. You can access it with the password that was output by the command. (It will look something like this: 4444abc2222def6666fed7777cba111.) The first time you connect, you can select the default plugins and create a user, if desired.
The process flow below includes adding SlimToolkit. Things can get far more complex, but this illustrates how easy it is to add SlimToolkit and begin taking advantage of its many benefits, including security posture and container size optimization.
Jenkins runs its multi-stage jobs as pipelines. For our tutorial, we’ll create a minimalist pipeline that will retrieve the source code and build it as a container.
As you can see below, our Jenkins dashboard is empty. Let’s start by adding a new item:
Now, we need to pick “Pipeline” as the type of item to create.
Once you’ve selected “Pipeline,” scroll all the way down to the bottom of the configuration screen. We will be creating our pipeline using a script.
Our script will perform several functions:
Here is the code for the pipeline script:
pipeline {
agent none
stages {
stage('Clone sample container repository') {
agent any
steps { sh 'rm -rf nginx-site-a'
sh 'git clone https://github.com/vincepower/nginx-site-a.git'
sh 'cd nginx-site-a ; git checkout main'
}
}
stage('Building the container') {
agent any
steps {
sh 'cd nginx-site-a ; docker build -t slim.ai/nginx-site-a:latest .'
}
}
stage('List images') {
agent any
steps {
sh 'docker images'
}
}
}The next step is to run “Build Now.” When it finishes, we’ll view the output contained in the build log.
You can view the logs by clicking “Console Output” under “Build History.”
You can see the sizes at the bottom of the log:
[Pipeline] { (List images)
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/tutorial-pipeline
[Pipeline] {
[Pipeline] sh
+ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
slim.ai/nginx-site-a latest 0ad6571ed2ac 1 second ago 142MB
nginx latest 670dcc86b69d 7 days ago 142MB
[Pipeline] }
Now we have a baseline that we can use to see to what extent DockerSlim will improve things.
SlimToolkit is one of the easiest utilities to install.
The first step is to go to the release page and grab the latest release. In this case, that’s version 1.37.5, which you can find here.
wget -O dist_linux.tgz \
https://downloads.dockerslim.com/releases/1.37.5/dist_linux.
tar.gztar -xzf dist_linux.tgz
install dist_linux/docker-slim* /usr/bin/We can confirm that it works like this:
$ docker-slim -v docker-slim version linux|Transformer|1.37.5|86fbd29ab3549fa564e87e4770178480cb0542d3|2022-03-21 _06:10:20AM
This is as easy as adding a separate step to the pipeline. In our case, it comes before the “List Images” step. For more information about using SlimToolkit, the best place to start is the README.md on the GitHub page.
stage('Running DockerSlim') {
agent any
steps {
sh 'docker-slim build slim.ai/nginx-site-a'
}
}After the job finishes, navigate back to “Build History” and select “Console Output.” If you scroll to the bottom of the log, you can view the output. As you can see, the new container that we built (which is 12MB) is much, much smaller than the one we started with (which was 142MB).
[Pipeline\] sh + docker images REPOSITORY TAG IMAGE ID CREATED SIZE slim.ai/nginx-site-a.slim latest bfcc5125d200 1 second ago 12MB docker-slim-empty-image latest 01e6adb432f4 21 seconds ago 0B slim.ai/nginx-site-a latest 0ad6571ed2ac 26 minutes ago 142MB nginx latest 670dcc86b69d 7 days ago 142MB
SlimToolkit is an invaluable tool for creating lightweight containers that are more secure by default. It can be run in production to improve your overall security posture. Regardless of whether the actual container build is performed by Docker, Packer, or another tool, SlimToolkit can perform its magic as long as the container is OCI-compliant.
To learn more about SlimToolkit and how to use it in containerized pipelines, you can sign up for the Slim.AI developer platform.
