A Dive into Docker images
Building Docker images has become commonplace in the IT world. However and despite the use of reference images, our Docker images in their repository are like black boxes that nobody really knows what they really consist of. Worse yet, in an ongoing DevOps process, there are no metrics to measure the level of optimization of our container image.
Of course, there are the commands docker inspect <image>
or even docker history <image>
but these are not very practical commands to handle.
This is why the tool Dive will allow us to dive into the heart of our images Docker/OCI and allow us to finally simply know what they contain.
Features
Let’s review the features of the tool and see what it can do for us:
- Display of the content of the Docker image, for each layer of the image, it is possible to navigate in its filesystem
- Indication of modifications at the level of each layer (addition, modification, deletion)
- Estimation of a image efficiency score
- Integration into a CI possible to calculate the image efficiency and define a blocking limit
Demonstration
Let’s see a concrete case and analyze an image generated by Builpacks and Spring Native:
What does the Dive tool teach us:
- Our image is made of 6 layers of which we can see the changes they operate in the filesystem
- Of the 82 MB of the image, 481 bytes can be recovered, which means not much, hence the image efficiency score of 99%
- The visual aspect of the tool makes the actions of the different layers more understandable: addition of a
cnb
user, addition of the executable in theworskpace
directory, …
Conclusion
This simple tool should allow any developer to understand the impact of each line of their Dockerfile. In addition, as image size is increasingly critical in the context of deployments, it is also a way to impose a limit or at least a level of quality.
And you what do you think ?
Cheers …