Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Like others here, I wasn't very happy about automatic coverage, so I made this instead https://github.com/viraptor/cruftspy
Instead of going extreme with coverage analysis, it shows places that can be manually cleaned during the build process. Maybe someone will find it useful. Smaller space gains, but gives more confidence.
Scratch is blank. Distroless includes some Debian components that removes a bunch of "gotchas" that some people relying on scratch run into.
- ca-certificates
- A /etc/passwd entry for a root user
- A /tmp directory
- tzdata
- glibc
- libssl
- openssl
https://github.com/GoogleContainerTools/distroless/tree/main...
I've had great success with reducing image size by running docker-show-context (https://github.com/pwaller/docker-show-context) and eliminating big and unnecessary files that it reports. This seems to go just a bit further than that with what seems like more complexity. I got timeouts when following their instructions to run it on two different containers, one of which is just a very simple web server.
This is interesting for optimizing build time. But I think it works a bit different from docker-slim, which is focused on the final resulting image size.
Dive is a good tool for the latter IME. https://github.com/wagoodman/dive
It doesn't do the work for you, but it does single out the big layers in your image.
Related posts
- A COMPLETE guide on how to make Docker images even smaller
- How to use docker-compose, volumes, networks, and more
- Mastering Docker Image Optimization: 6 Key Strategies for building Lighter, Faster, and Safer images
- Optimisation des images Docker: 6 Stratégies clés pour des images plus légeres et plus performantes
- Dive – A tool for exploring each layer in a Docker image