Debugging Docker image sizes - how to inspect them with dive
Have you ever wondered why your docker images are so large, and what can be done to drill down into the layers one by one. Well, you can.
Have you ever wondered why your docker images are so large, and what can be done to drill down into the layers one by one. Well, you can.
Introducing Dive
dive
is a cool command line tool for inspecting the layers one by one of your docker images.
A tool for exploring a Docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
Wait, isn't Dive abandoned?
dive
last was updated in February 2024, and since there have been a number of quality of life issues pop up that are yet to be merged. Since then a fork emerged https://github.com/joschi/dive to which I now use regularly.
Running dive on an image
This is simple, and can be run with docker (meta):
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/joschi/dive <registry>/<repo>@sha256:<hash>
Example report
Here is a real life docker image, that came in at 1.3GB, which is on the high side of things. Scrolling through the layers I find this one, to which contributes 560MB all by itself.
The cause jumps out and smacks you in the face, the layer is copying the entire git repo into the image (see the right hand panel, green indicates a file was added in this layer). This folder never really needed in a docker image, and should not be copied if possible. Finding the offending line in the docker file:
# Copy the rest of the application code
COPY . /app
So the fix here is to use .dockerignore
and add in .git
as a line in that file. Simple.
The use of .dockerignore
is covered in more detail on my other blog post that deals with making best practice docker images.