KubeCon EU DockerSlim Hack

# KubeCon EU DockerSlim Hack ## Main Theme: Simplified Debugging Experience for Minified Containers (`debug` command) ![](https://i.imgur.com/pvO8BuO.jpg) ### Notes Debugging sidecar Manual Repro (using `docker run`): ```bash # Target container docker run -d --rm -P \ --ipc 'shareable' \ --name golang_service \ golang_service # Debug sidecar docker run -it --rm \ --network container:golang_service \ --pid container:golang_service \ --ipc container:golang_service \ --name debug_sidecar \ nicolaka/netshoot bash ``` The idea is to keep the approach but make it more user-friendly with the new interactive DockerSlim entrypoint `docker-slim debug`. The full syntax is something like that: ```bash docker-slim debug --target <running-container> --image <debugging-image> [cmd] ``` #### Caveats The problem with the above approach is that the target container filesystem is not the same as the debugging sidecar's filesystem. To browse the target container fs, you can use the following trick: ```bash ls /proc/1/root ``` **How can we make the target container filesystem exploration more handy?** Solution 1: `chroot /proc/1/root /bin/bash` ([more](https://wiki.archlinux.org/title/Chroot)) - Pros: - super simple - Cons: - debugging tools won't be available after `chroot`-ing - `/proc`, `/sys`, `/dev` and other _special_ filesystems might be messed up ## Other Ideas * Decode the base image OCI annotations (`org.opencontainers.image.base.name`, `org.opencontainers.image.base.digest`) to `xray` command reports and output (info: https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys) * Lambda proxy mode for HTTP probes * Integrate the lightweight registry in the `go-containerregistry` library as the `server` subcommand under the `registry` command in DockerSlim (info: https://github.com/google/go-containerregistry/blob/main/cmd/registry/main.go) * Replace the existing update progress bar with a bubbletea-based version (info: https://github.com/charmbracelet/bubbletea) * Add a terminal UI file explorer to the `xray` command using bubbletea/lipgloss/bubbles (info: https://github.com/charmbracelet/bubbletea , https://github.com/charmbracelet/lipgloss , https://github.com/charmbracelet/bubbles) * Ability to run the sensor as a standalone app * Fix a bug (pick any existing DockerSlim bug and fix it) * [`--tag option not being respected if it contains a commit sha in it`](https://github.com/docker-slim/docker-slim/issues/321) * any other issue you see here: https://github.com/docker-slim/docker-slim * Add your own