slimtoolkit / slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Apache License 2.0
18.89k stars 704 forks source link

Non usable python-gunicorn docker slimed image #579

Open carmilso opened 10 months ago

carmilso commented 10 months ago

Hi all. I have been several days trying to reduce my image size using slim. The image contains three important directories in / that I want to preserve: /code, /venv and /models. It consists of a ubuntu-based cuda image that runs a gunicorn python app that exposes an API.

This is the command that I'm running to slim the image:

slim build \                                                                                                                                                                                                                          (AI-792-investigate-how-we-can-reduce-docker-image-size|✚3…103)
--publish-exposed-ports \
--expose 8080 \
--compose-env-file .env \
--http-probe=false \
--include-path /code \
--include-path /bin \
--include-path /models \
--include-path /venv \
ai-backend:latest-gpu
cmd=build info=exec message='changing continue-after from probe to nothing because http-probe is disabled'
cmd=build info=exec message='changing continue-after to enter'
cmd=build state=started
cmd=build info=params target='ai-backend:latest-gpu' continue.mode='enter' rt.as.user='true' keep.perms='true' tags='' target.type='image'
cmd=build state=image.inspection.start
cmd=build info=image id='sha256:f123cc0e8ad9821f81801019164333e31cc7cbdc8fb170b0e011cfd72d8e6412' size.bytes='14583660396' size.human='15 GB'
cmd=build info=image.stack index='0' name='base-cudnn8-cuda11-ubuntu20.04:98360d7dde8a43a2c4d937cba0573ae7ef5e356b' id='sha256:286383a731a373c0991793a46b9e59cae715e9dd238c5ac26045ce6eb944d4a3'
cmd=build info=image.stack index='1' name='ai-backend:0.14.1-cuda11-98360d7dde8a43a2c4d937cba0573ae7ef5e356b' id='sha256:f123cc0e8ad9821f81801019164333e31cc7cbdc8fb170b0e011cfd72d8e6412'
cmd=build state=image.inspection.done
cmd=build state=container.inspection.start
cmd=build info=container id='bb9a5c5d6fce468e420317dfa5cdd6b2286182d24624ed23352d895e2963857b' status='created' name='slimk_102841_20230912091453'
cmd=build info=container status='running' name='slimk_102841_20230912091453' id='bb9a5c5d6fce468e420317dfa5cdd6b2286182d24624ed23352d895e2963857b'
cmd=build info=container message='obtained IP address' ip='172.17.0.2'
cmd=build info=cmd.startmonitor status='sent'
cmd=build info=event.startmonitor.done status='received'
cmd=build info=container id='bb9a5c5d6fce468e420317dfa5cdd6b2286182d24624ed23352d895e2963857b' target.port.list='8080' target.port.info='8080/tcp => 0.0.0.0:8080' message='YOU CAN USE THESE PORTS TO INTERACT WITH THE CONTAINER' name='slimk_102841_20230912091453'
cmd=build info=continue.after mode='enter' message='provide the expected input to allow the container inspector to continue its execution'
cmd=build prompt='USER INPUT REQUIRED, PRESS <ENTER> WHEN YOU ARE DONE USING THE CONTAINER'

cmd=build state=container.inspection.finishing
cmd=build state=container.inspection.artifact.processing
cmd=build state=container.inspection.done
cmd=build state=building message="building optimized image" engine=internal
cmd=build state=completed
cmd=build info=results status='MINIFIED' by='3.28X' size.original='15 GB' size.optimized='4.5 GB'
cmd=build info=results image.size='4.5 GB' has.data='true' image.name='ai-backend.slim'
cmd=build info=results artifacts.location='/tmp/slim-state/.slim-state/images/f123cc0e8ad9821f81801019164333e31cc7cbdc8fb170b0e011cfd72d8e6412/artifacts'
cmd=build info=results artifacts.report='creport.json'
cmd=build info=results artifacts.dockerfile.reversed='Dockerfile.fat'
cmd=build info=results artifacts.dockerfile.optimized='Dockerfile'
cmd=build info=results artifacts.seccomp='ai-backend-seccomp.json'
cmd=build info=results artifacts.apparmor='ai-backend-apparmor-profile'
cmd=build state=done
cmd=build info=commands message='use the xray command to learn more about the optimize image'
cmd=build info=report file='slim.report.json'
app='slim' message='GitHub Discussions' info='https://github.com/slimtoolkit/slim/discussions'
app='slim' message='Join the CNCF Slack channel to ask questions or to share your feedback' info='https://cloud-native.slack.com/archives/C059QP1RH1S'
app='slim' message='Join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
app='slim' message='Join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'

This is the entrypoint defined in the image, defined in /docker-entrypoint.sh:

#! /bin/bash

set -eo pipefail
source /venv/bin/activate

if [ -z "$1" ]; then
echo "Please, add a command to run this docker image"
exit 1
fi

$@

When I run the slim build command I interact with the container to run the following gunicorn command:

/docker-entrypoint.sh "gunicorn --forwarded-allow-ips '''*''' -b 0.0.0.0:8080 --max-requests 5 --threads 1 -k uvicorn.workers.UvicornWorker --preload bin.api:main()"

From outside the container I query the api using curl and it answers correctly. I also run the python interpreter to make slim understand that I want it. Anyway, when I press enter and slim creates the slim image, I try to enter into a container but the image has become unusable:

> docker run -p 8080:8080 -ti ai-backend.slim:latest bash
(venv) /docker-entrypoint.sh "gunicorn --forwarded-allow-ips '''*''' -b 0.0.0.0:8080 --max-requests 5 --threads 1 -k uvicorn.workers.UvicornWorker --preload bin.api:main()"
/docker-entrypoint.sh: /venv/bin/gunicorn: /venv/bin/python3: bad interpreter: No such file or directory

I would be very grateful if someone could help me, please.

Rajat72 commented 9 months ago

you can use a pytest module that can be triggered inside of the image and use --continue-after "exec" or "probe&exec" --exec pytest