Adding Packages to Minimus Images

Customize Minimus images by adding packages from the MinimOS package repo. This process requires repo credentials in addition to the usual Minimus image pull token. If you need access to repo credentials, please contact your account team.

Note that this is only relevant if you need to add arbitrary packages to images that do not normally include them. Minimus images already include a complete (but minimal) set of packages required to run a given app. However, in your environment you may wish to add some additional package not normally included in the Minimus image. For example, you may wish to add a monitoring tool to the Minimus nginx image. Minimus can create this image and maintain it for you in your private image gallery or you can use this article to create and maintain this image yourself.

​

Shell example

In the following example, we will add an nginx package to the Minimus Redis image.

To begin, run the dev version of the image so that you have a shell included. You need to run the container as root and override the entrypoint to start up in a shell:

docker run -it  --user 0 --entrypoint /bin/bash --rm \
reg.mini.dev/redis:latest-dev

Run whoami to confirm that you are running as root:

bash-5.2# whoami
root

Provide the MinimOS package repository URL as a package source. Your Minimus account team will provide the repo user and password credentials.

bash-5.2# echo "https://<REPO_USER>:<REPO_PASS>@packages.mini.dev/os" > /etc/apk/repositories

Check for updates:

bash-5.2# apk update   

You should see a confirmation with the number of packages found:

OK: 7640 distinct packages available

Add the nginx package from MinimOS:

bash-5.2# apk add nginx

You should see the installation messages specifying the package version and dependencies, for example:

(1/4) Installing nginx-mainline-config (1.27.3-r0)
(2/4) Installing libstdc\+\+ (14.2.0-r4)
(3/4) Installing pcre (8.45-r1)
(4/4) Installing nginx-mainline (1.27.3-r0)
OK: 64 MiB in 45 packages

​

Dockerfile example

The following example shows how to utilize the package manager during the build process with Dockerfile. Authentication to the MinimOS package repo is required:

• The first example uses hardcoded credentials for the sake of simplicity. This should only be used in a demo or basic testing environment.
• The second example offers a secure method for passing build secrets to Dockerfile. Refer to Docker documentation to learn more about build secrets

As a first step, always login to the Minimus registry using your Minimus token. This will allow you to pull images from the Minimus registry:

docker login reg.mini.dev -u minimus
Password: {Minimus_Token}

​

Exposed build arguments

This Dockerfile illustrates how to utilize the package manager during the build process. The credentials are hardcoded:

FROM reg.mini.dev/redis:latest-dev

USER root

ARG REPO_USER
ARG REPO_PASS

RUN echo "https://${REPO_USER}:${REPO_PASS}@packages.mini.dev/os" > /etc/apk/repositories && \
    apk update && \
    apk add --no-cache nginx

CMD ["nginx", "-g", "daemon off;"]

When you build the app, you will need to pass the repository username & password as build arguments:

docker build \
  --build-arg REPO_USER={REPO_USER} \
  --build-arg REPO_PASS={REPO_PASS} \
  -t redis-with-nginx-test .

​

Protect build secrets

As a best practice, pass credentials to the MinimOS package repo using a credentials file.

1. Create a text file to store the credentials, for example repo_credentials.txt. Add the repo user and repo password as key values in the following format:

   Copy

   Ask AI

   REPO_USER=repo_username
   REPO_PASS=repo_password
   

2. In the Dockerfile, use the flag --mount=type=secret and reference the file id=repo_credentials.txt:

   Copy

   Ask AI

   FROM reg.mini.dev/redis:latest-dev
   
   USER root
   
   RUN --mount=type=secret,id=repo_credentials.txt \
       REPO_USER=$(grep '^REPO_USER=' /run/secrets/repo_creds | cut -d'=' -f2) && \
       REPO_PASS=$(grep '^REPO_PASS=' /run/secrets/repo_creds | cut -d'=' -f2) && \
       echo "https://${REPO_USER}:${REPO_PASS}@packages.mini.dev/os" > /etc/apk/repositories && \
       apk update && \
       apk add --no-cache nginx
   
   CMD ["nginx", "-g", "daemon off;"]
   

3. When you build the image, reference the credentials file. Note that the period . specifies the current directory as the build context:

   Copy

   Ask AI

   docker build --secret id=repo_credentials.txt,src=./repo_credentials.txt \
   -t redis-with-nginx-test .
   

4. Run the image as usual. For example: docker run redis-with-nginx-test.

   Please note that this example utilizes the default NGINX setup. Additional NGINX configurations are needed for a usable app.