Skip to content

Commit

Permalink
Reduce footprint of UBI images (#717)
Browse files Browse the repository at this point in the history
* Reduce footprint of UBI images by only keeping relevant packages and rpm DB

Signed-off-by: jack-baines <[email protected]>

* Fix bash syntax error

Signed-off-by: jack-baines <[email protected]>

* Add missing ARG

Signed-off-by: jack-baines <[email protected]>

* TARGETARCH set by buildx and avoids splitting another VAR

Signed-off-by: jack-baines <[email protected]>

* Update Dockerfile.ubi

Change top level build label to avoid confusion

---------

Signed-off-by: jack-baines <[email protected]>
  • Loading branch information
bainsy88 authored Aug 28, 2024
1 parent e8704b6 commit 6c9c609
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 5 deletions.
31 changes: 26 additions & 5 deletions Dockerfile.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,37 @@ ARG BASE_IMAGE

FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE} as SRC

FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi8/ubi-minimal:latest}
FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi8/ubi:latest} as ubi
ARG TARGETARCH


RUN dnf update -y && dnf install -y binutils
# prep target rootfs for scratch container
WORKDIR /
COPY --from=SRC /manager .
RUN mkdir /image && \
ln -s usr/bin /image/bin && \
ln -s usr/sbin /image/sbin && \
ln -s usr/lib64 /image/lib64 && \
ln -s usr/lib /image/lib && \
mkdir -p /image/{usr/bin,usr/lib64,usr/lib,root,home,proc,etc,sys,var,dev}

# Update image
RUN microdnf update
COPY ubi-build-files-${TARGETARCH}.txt /tmp
# Copy all the required files from the base UBI image into the image directory
# As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files
RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/ \
&& strip --strip-unneeded /image/usr/lib64/*[0-9].so

USER 65532:65532
# Generate a rpm database which contains all the packages that you said were needed in ubi-build-files-*.txt
RUN rpm --root /image --initdb \
&& PACKAGES=$(rpm -qf $(cat /tmp/ubi-build-files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \
&& echo dnf install -y 'dnf-command(download)' \
&& dnf download --destdir / ${PACKAGES} \
&& rpm --root /image -ivh --justdb --nodeps `for i in ${PACKAGES}; do echo $i.rpm; done`

FROM scratch
COPY --from=ubi /image/ /
COPY --from=SRC /manager .
USER 65532:65532
# Port for metrics and probes
EXPOSE 9090

Expand Down
15 changes: 15 additions & 0 deletions ubi-build-files-amd64.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
etc/pki
root/buildinfo
etc/ssl/certs
etc/redhat-release
usr/share/zoneinfo
usr/lib64/ld-2.28.so
usr/lib64/ld-linux-x86-64.so.2
usr/lib64/libc-2.28.so
usr/lib64/libc.so.6
usr/lib64/libdl-2.28.so
usr/lib64/libdl.so.2
usr/lib64/libpthread-2.28.so
usr/lib64/libpthread.so.0
usr/lib64/libm-2.28.so
usr/lib64/libm.so.6
15 changes: 15 additions & 0 deletions ubi-build-files-arm64.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
etc/pki
root/buildinfo
etc/ssl/certs
etc/redhat-release
usr/share/zoneinfo
usr/lib64/ld-2.28.so
usr/lib64/ld-linux-aarch64.so.1
usr/lib64/libc-2.28.so
usr/lib64/libc.so.6
usr/lib64/libdl-2.28.so
usr/lib64/libdl.so.2
usr/lib64/libpthread-2.28.so
usr/lib64/libpthread.so.0
usr/lib64/libm-2.28.so
usr/lib64/libm.so.6

0 comments on commit 6c9c609

Please sign in to comment.