from Hacker News

Dive: A tool for exploring a Docker image, layer contents and more

by tomas789 on 1/8/24, 3:35 PM with 61 comments

  • by miquong on 1/8/24, 5:34 PM

    For image and layer manipulation, crane is awesome - as is the underlying go-containerregistry library.

    It lets you add new layers, or edit any metadata (env vars, labels, entrypoint, etc) in existing images. You can also "flatten" an image with multiple layers into a single layer. Additionally you can "rebase" an image (re-apply your changes onto a new/updated base image). It does all this directly in the registry, so no docker needed (though it's still useful for creating the original image).

    https://github.com/google/go-containerregistry/blob/main/cmd...

    (updated: better link)

  • by notatoad on 1/8/24, 4:26 PM

    I found dive super useful for understanding how docker images work, and how to write efficient dockerfiles. Reading the docs is one thing, but making a change to the dockerfile and then seeing how it has affected the resulting layer structure is what really made me get it.

  • by runfaster2000 on 1/8/24, 4:57 PM

    Dive is great. Tools like that are critical for both learning and developing confidence on what you are precisely building/shipping.

    Dredge is another tool to look at. I use it for diffing layers.

    https://github.com/mthalman/dredge/blob/main/docs/commands/i...

  • by maxloh on 1/8/24, 7:36 PM

    A dumb question: Why are most of the container/infrastructure tools written in GoLang?

    Examples that come to my mind include Docker, Podman, nerdctl, Terraform and Kubernetes.

    Is there any obvious advantage that GoLang offers, making it so popular for building these tools?

  • by TechIsCool on 1/8/24, 4:59 PM

    I love dive and its something that I use in my tool kit multiple times a month.

    I am curious if anyone knows how to get the contents of the file you have highlighted, a lot of the times I use dive to validate that a file exists in a layer and then I want to peak at it. Currently I normally revert to running the container and using cat or extracting the contents and then wandering into the folders.

  • by indrora on 1/9/24, 12:52 AM

    Dive has saved my ass so many times it's not funny when trying to pull apart what various common docker containers do when I'm extending them.

    A+ software.

  • by diazc on 1/8/24, 5:13 PM

    There’s other great TUI terminal tools like dive here [0], lazydocker and dry come to mind.

    And some in the docker category as well:

    [0] https://terminaltrove.com/

  • by kylegalbraith on 1/9/24, 2:04 PM

    Dive is an amazing tool in the container/Docker space. It makes life so much easier to debug what is actually in your container. When we were first getting started with Depot [0], we often got asked how to reduce image size as well as make builds faster. So we wrote up a quick blog post that shows how to use Dive to help with that problem [1]. It might be a bit dated now, but in case it helps a future person.

    Dive also inspired us to make it easier to surface what is actually in your build context, on every build. So we shipped that as a feature in Depot a few weeks back.

    [0] https://depot.dev

    [1] https://depot.dev/blog/reducing-image-size-with-dive

    [2] https://depot.dev/blog/build-context

  • by eris_agx on 1/8/24, 11:56 PM

    Other than being super useful, Dive has an underrated feature: its author is a great developer and very fun to work with.

  • by sureglymop on 1/8/24, 8:03 PM

    There's a tool from google called container-diff that's also really useful!

    I use it to see what random scripts one is encouraged to pipe into bash would do to a system.

  • by tonymet on 1/9/24, 3:30 AM

    Dive is a gem. It's helped me find a lot of cruft ...

    - unneeded build dependencies. Used a scratch image and/or removed build deps in the same step - node_modules for dev-deps . Used prod - Embeded Chromium builds (with puppetteer). Removed chromium and remoted an external build

    Docker desktop now has this feature built in, but I've been using dive for years to find wasted space & potential security issues.

  • by oooyay on 1/8/24, 5:13 PM

    Dive is incredible, it saved my butt numerous times and taught me a lot about layers. It's so good that Docker Desktop emulated its functionality.

  • by radus on 1/9/24, 5:18 AM

    Great tool, I use it with this alias:

      alias dive='docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive'
    (as suggested in project the README)

  • by vbezhenar on 1/8/24, 7:19 PM

    What's the reason docker uses tar archives instead of ordinary directories for layer contents? This tool is great but it fixes something that should not exist in the first place.

  • by animeshjain on 1/8/24, 4:57 PM

    I used dive when I was trying to cut down on the size of the image. Diffing and seeing what files/directories go into each layer was very useful.

  • by a_t48 on 1/8/24, 5:14 PM

    Dive is great. It struggles a bit with very very large images but beyond that no real complaints.

  • by tornadofart on 1/8/24, 5:20 PM

    What exactly is meant by a layer?

  • by greenie_beans on 1/8/24, 4:38 PM

    this helped me debug a docker thing recently, very handy tool!