Debugging Docker image sizes - how to inspect them with dive
Have you ever wondered why your docker images are so large, and what can be done to drill down into the layers one by one. Well, you can.
Have you ever wondered why your docker images are so large, and what can be done to drill down into the layers one by one. Well, you can.
Introducing Dive
dive is a cool command line tool for inspecting the layers one by one of your docker images.
A tool for exploring a Docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
Running dive on an image
This is simple, and can be run with docker (meta):
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker.io/wagoodman/dive:latest <registry>/<repo>@sha256:<hash>Example report
Here is a real life docker image, that came in at 1.3GB, which is on the high side of things. Scrolling through the layers I find this one, to which contributes 560MB all by itself.
The cause jumps out and smacks you in the face, the layer is copying the entire git repo into the image (see the right hand panel, green indicates a file was added in this layer). This folder never really needed in a docker image, and should not be copied if possible. Finding the offending line in the docker file:
# Copy the rest of the application code
COPY . /appSo the fix here is to use .dockerignore and add in .git as a line in that file. Simple.
The use of .dockerignore is covered in more detail on my other blog post that deals with making best practice docker images.