Add curl in liberica-runtime-container image

[AkagiYui]

Is it possible to add curl or other tools to the "liberica-runtime-container:jre-17-slim-musl" image for healthcheck?

[kholmanskikh]

Hello,

the idea behind "slim" images is to provide a small image for running java applications (i.e. java plus minimum amount of dependencies) with a reduced attack surface (no apk-tools). Addition of curl would add around 4 mb to the image size, and may increase the attack surface. So we'd avoid adding curl to "slim" images.

All liberica-runtime-container images are based on Alpaquita Linux, which uses the APK package manager. There are regular (ie non-slim) images, which, unlike slim images, contain the APK package manager.

If one takes the regular image, modify it as needed and finally delete the apk-tools package, they, effectively, create a customized slim image.

For example, below is a Dockerfile for a customized jre-17-slim-musl with curl installed:

FROM bellsoft/liberica-runtime-container:jre-17-musl
RUN apk add --no-cache curl ca-certificates ca-certificates-bundle && apk del --no-cache apk-tools

Other modifications can be performed similarly.

If you need other tools, you may check whether they are available in Alpaquita Linux by executing apk search in the liberica-runtime-container:jre-17-musl.

More details on how to work with APK are available at:

https://packages.bell-sw.com/alpaquita/docs/stream/alpaquita-apk-guide.pdf

[kholmanskikh]

Slim images already provide the wget tool (Busybox version). It may be unnecessary to build a custom image, if your health check procedure can be implemented with wget.

[AkagiYui]

Thank you very much for your answer, I am now using the following command to implement health check.

code=$(wget --no-check-certificate --spider --server-response http://localhost/server/version 2>&1 | awk '/^  HTTP/{print $2}'); if [ "$code" -ne "200" ]; then exit 1; fi