this post was submitted on 14 Jul 2023
121 points (93.5% liked)

Selfhosted

40394 readers
305 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

As the title says. I build containers for my platforms/clients/myself-selfhosted@home and you would not believe how much smaller you can get your images. Here's an example when slimming one of my images:

cmd=build info=results status='MINIFIED' by='18.97X' size.original='1.0 GB' size.optimized='55 MB' 

That's a Python app that I didn't have to do multi-staged build with docker because of the Slim command. And it's a working version of that app that I'm using today.

Same for one of my flutter apps that I thought it was as small as it could be:

cmd=build info=results status='MINIFIED' by='1.98X' size.original='66 MB' size.optimized='33 MB'

TLDR: slim your container images!! https://github.com/slimtoolkit/slim

top 21 comments
sorted by: hot top controversial new old
[–] Xepher@lemm.ee 29 points 1 year ago* (last edited 1 year ago) (2 children)

Are there any downsides to doing this?

[–] Ramenator@feddit.de 55 points 1 year ago (1 children)

AFAIK it works by analyzing your docker image, checking whats actually used and then throwing out anything else.
For example if you use the Ubuntu base image you have a full minimal OS install. If you're now running a python server for example it's highly unlikely that you will need the perl interpreter that's in the default install so it can be thrown out.
It can get problematic if you want to run something that loads libraries or runs programs dynamically at runtime, since the tool can't easily detect them then and you need to manually intervene. Tried it once on a custom machine learning container and it kept throwing out parts that I actually needed, so I gave up in the end.
It's usefulness is also somewhat limited, since docker containers also share their base images. So if you have three containers running that are all based on Ubuntu 22.04 you will still only have to download it once

[–] FancyGUI@lemmy.fancywhale.ca 15 points 1 year ago

Great write up! That's everything exactly right. It's mostly useful to try and reduce the time it takes to pull images to run them. And also reduce the footprint of storing those in your registries.

[–] maor@lemmy.org.il 38 points 1 year ago* (last edited 1 year ago) (2 children)

It ptraces the main container process and cuts off unused files. It also fires some customizable HTTP requests to trigger any dynamically loading libraries. Clever idea. If I understand correctly, the problems that arise to me are:

  1. Undoubtedly some essential files will be omitted. Unless my image consists merely of scratch and an executable, I can't imagine myself successfully covering all edge cases.
  2. What about files that aren't loaded by HTTP requests?

I'm not shitting on this program at all. These are two problems that I'm sure they could solve or just tell straight up "we can't guarantee it'll work in XYZ scenarios. Don't use it if that's your use case". Then I saw that this is backed by some kinda SaaS with a domain that ends with .ai, and that explains why THAT FUCKING README IS WRITTEN like a FUCJik/INg MIND NUMBING LINKEDIN POST that my CEO could write bro what the fuck do you mean by simplifying the value of my digital assets in a seamless secure cost efficient way????? Who fucking cares??? ?WHat does your program ACTUALLY DO??????????

10000000s of seemingly AI-generated paragraphs going on and on about how convenient their product is, 1 measly line in a diagram that describes what it actually does. Again not to shit on the programmers at all, this is a great idea and I'm glad that it's being explored I just hate this industry I can't read another pile of gibberish like that. That ruined my night. Thanks for listening

[–] FancyGUI@lemmy.fancywhale.ca 11 points 1 year ago (1 children)

COuldn't agree more on this! Honestly. I understand that people want hefty descriptions with few inputs on their side, but this is sad.

Anyways! Some of my python cronjobs that I run on my cluster don't have an exposed service, and I can still make it work just fine by passing along the --exec flag and the stuff that takes to run the app. The complicated part is to define properly your environment variables that are necessary to run your use-cases and make sure that you execute all the necessary files. It's not a solution that fits all, for sure! And I honestly don't use it for everything. It's a tool to be used in some use-cases

[–] maor@lemmy.org.il 6 points 1 year ago

Oh there's an --exec flag as well? That's great. This seems like a totally viable solution for cases where the crux of the container is a small script, with a handful of decision branches so the surface area to cover is manageable, but it also needs to come in a non-alpine distro because I assume that's the hefty part that we're like to remove. But that's just off the top of my head, I'm sure there's more. It's genuinely a good idea and it deserves a respectful README as well :(

[–] MaxVerstappen@lemmy.world 6 points 1 year ago

I can feel this reply. Cheers to a better weekend!

[–] kinttach@lemm.ee 22 points 1 year ago (1 children)

For a complex (i.e., larger) image, I would be concerned that I didn’t exercise all of my app’s functionality and something important might be stripped out of the image.

I use Alpine instead of Ubuntu when I’m concerned about image size.

[–] FancyGUI@lemmy.fancywhale.ca 4 points 1 year ago

Fair point! What I've done in my app to test out and ensure it works is a proper health endpoint that tests the use-cases of the app. So far it has been very good on keeping everything that I need on slimming.

[–] ArtificialQualia@programming.dev 12 points 1 year ago (2 children)

Huh, I figured my containers were already as small as I could get them by using compiled go binaries in a distroless container. But it looks like there could still be some gains to be made!

[–] FancyGUI@lemmy.fancywhale.ca 2 points 1 year ago (1 children)

Yep, same thing I found out! Crazy to see my already quite slim image being reduce all that much!

[–] theterrasque@infosec.pub 3 points 1 year ago* (last edited 1 year ago) (1 children)

Crazy to see my already quite slim image being reduce all that much!

*size.original='1.0 GB' *

I mean.... I don't know what that does, of course, but I would rarely use "quite slim" to describe that :D

"size.original='66 MB' size.optimized='33 MB'"

This one's nice though

[–] FancyGUI@lemmy.fancywhale.ca 1 points 1 year ago

Yeah? I meant the 66MB one. The 1GB was an image that I just installed everything necessary to compile my code and run from the same image. I didn’t try to make it “right”. Nice to know I don’t have to worry about it though!

[–] CodaBool@lemmy.world 2 points 1 year ago

I love go on distroless, that sucker is like <5Mb. Use it all the time for AWS lambdas.

[–] markstos@lemmy.world 9 points 1 year ago

Another option to slim down containers besides using Alpine is using Buildah to build an image from scratch.

https://www.redhat.com/en/topics/containers/what-is-buildah

[–] Kangie@lemmy.srcfiles.zip 8 points 1 year ago (2 children)

The better solution is to build containers without all of that bloat in the first place. I did up a post on that subject a little while ago.

[–] lebigz@feddit.de 0 points 1 year ago (1 children)

You link to https://lemmy.srcfiles.zip/post/3841 which does not seem to have anything to do with containers, but is about townscaping

[–] Kangie@lemmy.srcfiles.zip 1 points 1 year ago* (last edited 1 year ago) (1 children)

I was wrong on the internet; apparently with certain Lemmy apps this directs to a completely different website.

~~What crack are you smoking? It's literally a post about "building lightweight hardened containers"?~~

~~Edit: wtf is townscaping? Is that like manscaping for a whole town? Or is it just regular landscaping.~~

[–] lebigz@feddit.de 2 points 1 year ago (1 children)

Suuuper weird, when I click the link from the browser, I get to the correct page, but not in the Connect App. Then it's some blog about old houses and nice places in towns

[–] Kangie@lemmy.srcfiles.zip 1 points 1 year ago

Ok, that is weird and I retract my criticism. Just because I don't see it doesn't mean something unusual isn't happening there!

load more comments
view more: next ›