search

slimtoolkit / slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Apache License 2.0
18.85k stars 702 forks source link

Feature: New top level helper command to create a multi-architecture image from architecture specific images #605

Closed kcq closed 4 months ago

kcq commented 7 months ago

The main use case is making it easier to create minified multi-architecture images. We need a possibly top level helper command that takes references to architecture specific minified images (could be unminified too) and it creates a fat manifest (aka manifest list aka image index).

Additional things to consider:

Notes:

The biggest gotcha is getting/generating the minified container images for all architecture on the same machine. At least, for now using QEMU (and similar) emulation options to run non-native architecture images doesn't work because QEMU doesn't support FA Notify.

yashdeharia commented 7 months ago

Define the Command Interface:

Create a new command-line interface (CLI) command for your tool. This command should take references to architecture-specific minified images as input. Input Validation and Retrieval:

Validate the input image references to ensure they are valid and exist. Implement logic to pull the input image references. You may use container orchestration tools or registry APIs to fetch the images. Create the Fat Manifest:

Develop logic to create a fat manifest (manifest list or image index) that includes references to all the architecture-specific images. This could involve generating a manifest file in a standard format. Push the Output Manifest:

Implement logic to push the created fat manifest to the container registry. This step ensures that the multi-architecture image is available for use. Consideration for Minified Images:

If the input images can be either minified or unminified, incorporate logic to handle both cases. You might need to include options or parameters in your command to specify whether the images are minified or unminified. Handling QEMU Limitations:

Acknowledge the limitation with QEMU and similar emulation options for running non-native architecture images. If QEMU doesn't support FA Notify, consider documenting this limitation and suggesting alternative approaches. Users might need to use native hardware or other virtualization solutions that support FA Notify. Documentation:

Provide comprehensive documentation for your new command, detailing its usage, supported parameters, and any considerations or limitations. Include examples to help users understand how to use the tool effectively. Testing:

Thoroughly test your tool with various scenarios, including different combinations of architecture-specific images and minified/unminified options. This ensures that the tool behaves as expected and handles potential edge cases.

kcq commented 4 months ago

The basic version of it is available as the image-index-create subcommand for the registry command. Run slim registry image-index-create --help to list the currently supported flags.