For image and layer manipulation, crane is awesome - as is the underlying go-containerregistry library.<p>It lets you add new layers, or edit any metadata (env vars, labels, entrypoint, etc) in existing images. You can also "flatten" an image with multiple layers into a single layer. Additionally you can "rebase" an image (re-apply your changes onto a new/updated base image). It does all this directly in the registry, so no docker needed (though it's still useful for creating the original image).<p><a href="https://github.com/google/go-containerregistry/blob/main/cmd/crane/recipes.md">https://github.com/google/go-containerregistry/blob/main/cmd...</a><p>(updated: better link)
I found dive super useful for understanding how docker images work, and how to write efficient dockerfiles. Reading the docs is one thing, but making a change to the dockerfile and then seeing how it has affected the resulting layer structure is what really made me get it.
Dive is great. Tools like that are critical for both learning and developing confidence on what you are precisely building/shipping.<p>Dredge is another tool to look at. I use it for diffing layers.<p><a href="https://github.com/mthalman/dredge/blob/main/docs/commands/images.md#compare-image-layers">https://github.com/mthalman/dredge/blob/main/docs/commands/i...</a>
A dumb question: Why are most of the container/infrastructure tools written in GoLang?<p>Examples that come to my mind include Docker, Podman, nerdctl, Terraform and Kubernetes.<p>Is there any obvious advantage that GoLang offers, making it so popular for building these tools?
I love dive and its something that I use in my tool kit multiple times a month.<p>I am curious if anyone knows how to get the contents of the file you have highlighted, a lot of the times I use dive to validate that a file exists in a layer and then I want to peak at it. Currently I normally revert to running the container and using cat or extracting the contents and then wandering into the folders.
Dive has saved my ass so many times it's not funny when trying to pull apart what various common docker containers do when I'm extending them.<p>A+ software.
There’s other great TUI terminal tools like dive here [0], lazydocker and dry come to mind.<p>And some in the docker category as well:<p>[0] <a href="https://terminaltrove.com/" rel="nofollow">https://terminaltrove.com/</a>
Dive is an amazing tool in the container/Docker space. It makes life so much easier to debug what is actually in your container. When we were first getting started with Depot [0], we often got asked how to reduce image size as well as make builds faster. So we wrote up a quick blog post that shows how to use Dive to help with that problem [1]. It might be a bit dated now, but in case it helps a future person.<p>Dive also inspired us to make it easier to surface what is actually in your build context, on every build. So we shipped that as a feature in Depot a few weeks back.<p>[0] <a href="https://depot.dev">https://depot.dev</a><p>[1] <a href="https://depot.dev/blog/reducing-image-size-with-dive">https://depot.dev/blog/reducing-image-size-with-dive</a><p>[2] <a href="https://depot.dev/blog/build-context">https://depot.dev/blog/build-context</a>
There's a tool from google called container-diff that's also really useful!<p>I use it to see what random scripts one is encouraged to pipe into bash would do to a system.
Dive is a gem. It's helped me find a lot of cruft ...<p>- unneeded build dependencies. Used a scratch image and/or removed build deps in the same step
- node_modules for dev-deps . Used prod
- Embeded Chromium builds (with puppetteer). Removed chromium and remoted an external build<p>Docker desktop now has this feature built in, but I've been using dive for years to find wasted space & potential security issues.
Dive is incredible, it saved my butt numerous times and taught me a lot about layers. It's so good that Docker Desktop emulated its functionality.
Great tool, I use it with this alias:<p><pre><code> alias dive='docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive'
</code></pre>
(as suggested in project the README)
What's the reason docker uses tar archives instead of ordinary directories for layer contents? This tool is great but it fixes something that should not exist in the first place.