Closed AkagiYui closed 1 year ago
Hello,
the idea behind "slim" images is to provide a small image for running java applications (i.e. java plus minimum amount of dependencies) with a reduced attack surface (no apk-tools). Addition of curl would add around 4 mb to the image size, and may increase the attack surface. So we'd avoid adding curl to "slim" images.
All liberica-runtime-container images are based on Alpaquita Linux, which uses the APK package manager. There are regular (ie non-slim) images, which, unlike slim images, contain the APK package manager.
If one takes the regular image, modify it as needed and finally delete the apk-tools package, they, effectively, create a customized slim image.
For example, below is a Dockerfile for a customized jre-17-slim-musl with curl installed:
FROM bellsoft/liberica-runtime-container:jre-17-musl
RUN apk add --no-cache curl ca-certificates ca-certificates-bundle && apk del --no-cache apk-tools
Other modifications can be performed similarly.
If you need other tools, you may check whether they are available in Alpaquita Linux by executing apk search
in the liberica-runtime-container:jre-17-musl.
More details on how to work with APK are available at:
https://packages.bell-sw.com/alpaquita/docs/stream/alpaquita-apk-guide.pdf
Slim images already provide the wget
tool (Busybox version). It may be unnecessary to build a custom image, if your health check procedure can be implemented with wget
.
Thank you very much for your answer, I am now using the following command to implement health check.
code=$(wget --no-check-certificate --spider --server-response http://localhost/server/version 2>&1 | awk '/^ HTTP/{print $2}'); if [ "$code" -ne "200" ]; then exit 1; fi
Is it possible to add curl or other tools to the "liberica-runtime-container:jre-17-slim-musl" image for healthcheck?