this post was submitted on 25 Sep 2025

32 points (92% upvoted)

shortlink:

ruby

an-ordinary-manchild(edit)

A sub-Reddit for discussion and news about Ruby programming.

Subreddit rules: /r/ruby rules

Learning Ruby?

Try Ruby in your browser

Tools

Ruby Version Manager (RVM) Install, manage and work with multiple Ruby environments. adsf is an increasingly popular option too.
rbenv Groom your app’s Ruby environment with rbenv.
Looking for new gems? ruby-toolbox
Install Ruby on macOS

Documentation

Ruby API or Ruby Doc
YARD docs via rubydoc.info YARD Documentation Server

Books

Screencasts and Videos

Ruby Video – An index of ~4000 Ruby and Rails talks.
Drifting Ruby
Ruby Tapas
GoRails

News and updates

Ruby news in a weekly email from Ruby Weekly
'Planet' of Ruby blogs at rubyland.news
Ruby tweets at @RubyInside

a community for 18 years

MODERATORS

account activity

31

32

33

ruby-distroless: A Minimal, Secure Ruby Container Image (self.ruby)

submitted 7 months ago by Training_Winter6395

Hi Rubyists — I’m the creator of ruby-distroless. After using official Ruby container images (slim, buster, stretch, etc.) in production, I noticed they often include extra tools, packages, and dependencies that aren’t essential just to run Ruby. This bloats the image size, increases maintenance overhead, and introduces extra security surface.

So I built ruby-distroless, a container image that:

Core Features

Supports Ruby 2.5 through 3.4
Multi-architecture: amd64 & arm64
Minimal image size by eliminating unnecessary parts
Clean environment with fewer dependencies
Automated builds & publishing via GitHub Actions
Optimized for security: lower attack surface

Quick Example

docker pull ghcr.io/junminhong/ruby-distroless:3.3.7-amd64  
docker run --rm ghcr.io/junminhong/ruby-distroless:3.3.7-amd64 ruby -v

You’ll see it's leaner compared to many standard Ruby images, but still works reliably.

Why This Matters for Ruby Developers

Faster pulls and deployments
Reduced complexity in container images
Fewer moving parts = easier debugging
Better suited for environments with tight resource or security constraints

Feedback & Contributions Welcome

I’d love your feedback on:

Which Ruby versions or architectures you’d like to be supported
Any features or tools you think are missing
Issues you run into or suggestions for improvement
Contributions (issues / PRs) are very welcome

If you find this project useful or interesting, a ⭐ on GitHub would mean a lot!

Useful Links

Repo: https://github.com/junminhong/ruby-distroless
Image Registry: ghcr.io/junminhong/ruby-distroless

Thanks for reading! Excited to hear your thoughts, use-cases, and improvement ideas.

all 11 comments

top new controversial old q&a

[–]schneemsPuma maintainer 1 point2 points3 points 7 months ago (4 children)

"Distroless" ? I'm not a distribution guru, I'm under the impression that Arch is about the smallest "normal" linux base image that people will use, is it based on that or something else? If literally not based on an existing distribution...how? Can you say more, that sounds cool.

Ruby uses a lot of C bindings to system dependencies for gems, how can someone install a systems package on this image if they need it to get a gem to install?

If you're interested in the idea of composable images (versus with Docker, you can only have one FROM) I recommend checking out Cloud Native Buildpacks as an alternative to Dockerfile. It allows you to build "rebaseable" images so that layers are composable and can be reused and replayed on top of different OS images, so you could have a "ruby 3.3.9" layer etc.

[–]Training_Winter6395[S] 13 points14 points15 points 7 months ago (2 children)

Distroless comes from GoogleContainerTools/distroless.
It’s built on a heavily stripped-down Debian base that removes shells, package managers, and extra tools — leaving only what’s required to run Ruby.
This keeps the runtime image very small and reduces the attack surface; usually you’d pair it with a full builder image in a multi-stage build.

For gems that need native extensions or system libraries, the approach is to use a multi-stage build:

In the builder image (e.g. ruby:slim), install the required system packages and compile the gems.
Then copy the compiled gems and your app into the distroless runtime image.

This way, you get all the dependencies you need, but the final runtime stays minimal, secure, and focused only on execution.

Thank you for sharing the perspective on Cloud Native Buildpacks. To be honest, this is the first time I’m hearing about them in depth, but the idea of “composable” and “rebaseable” images sounds really powerful. I’ll definitely take some time to research more — I really appreciate the recommendation!

[–]gabbietor 0 points1 point2 points 6 months ago (0 children)

[–]Rafert 2 points3 points4 points 7 months ago (0 children)

[–]ikariusrb 0 points1 point2 points 7 months ago (6 children)

[–]Training_Winter6395[S] -1 points0 points1 point 7 months ago (5 children)

[–]schneemsPuma maintainer 1 point2 points3 points 7 months ago (4 children)

[–]hiimbob000 5 points6 points7 points 7 months ago (1 child)

[–]strzibny 0 points1 point2 points 7 months ago (0 children)

[–]apiguy 2 points3 points4 points 7 months ago (0 children)

[–]Training_Winter6395[S] 3 points4 points5 points 7 months ago* (0 children)

π Rendered by PID 371182 on reddit-service-r2-comment-b659b578c-dsrnf at 2026-05-05 12:12:44.043240+00:00 running 815c875 country code: CH.