Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Optimize docker image size #7040

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: Optimize docker image size #7040

wants to merge 1 commit into from

Conversation

hoperays
Copy link

@hoperays hoperays commented Jan 9, 2024
edited
Loading

  • Remove RUN after COPY instruction.
  • Use the nobody user directly.
  • Set /thanos as the working directory.
  • I added CHANGELOG entry for this change.
  • Change is not relevant to the end user.

Changes

Before (179MB):

➜  thanos git:(main) docker history 93159880a2d9
IMAGE          CREATED          CREATED BY                                       SIZE      COMMENT
93159880a2d9   14 seconds ago   ENTRYPOINT ["/bin/thanos"]                       0B        buildkit.dockerfile.v0
<missing>      14 seconds ago   USER 1001                                        0B        buildkit.dockerfile.v0
<missing>      14 seconds ago   RUN |2 ARCH=arm64 OS=linux /bin/sh -c adduse…   87.8MB    buildkit.dockerfile.v0
<missing>      18 minutes ago   COPY .build/linux-arm64/thanos /bin/thanos #…   87.8MB    buildkit.dockerfile.v0
<missing>      18 minutes ago   ARG OS=linux                                     0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   ARG ARCH=amd64                                   0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   LABEL maintainer=The Thanos Authors              0B        buildkit.dockerfile.v0
<missing>      3 weeks ago      COPY /rootfs / # buildkit                        1.54MB    buildkit.dockerfile.v0
<missing>      3 weeks ago      MAINTAINER The Prometheus Authors <prometheu…   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago      /bin/sh -c #(nop)  CMD ["sh"]                    0B
<missing>      4 weeks ago      /bin/sh -c #(nop) ADD file:1582deb90400e4ba7…   1.46MB

After (90.8MB):

➜  thanos git:(main) docker history b429a5714aa0
IMAGE          CREATED          CREATED BY                                       SIZE      COMMENT
b429a5714aa0   18 minutes ago   ENTRYPOINT ["/bin/thanos"]                       0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   WORKDIR /thanos                                  0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   USER nobody                                      0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   COPY .build/linux-arm64/thanos /bin/thanos #…   87.8MB    buildkit.dockerfile.v0
<missing>      18 minutes ago   ARG OS=linux                                     0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   ARG ARCH=amd64                                   0B        buildkit.dockerfile.v0
<missing>      18 minutes ago   LABEL maintainer=The Thanos Authors              0B        buildkit.dockerfile.v0
<missing>      3 weeks ago      COPY /rootfs / # buildkit                        1.54MB    buildkit.dockerfile.v0
<missing>      3 weeks ago      MAINTAINER The Prometheus Authors <prometheu…   0B        buildkit.dockerfile.v0
<missing>      4 weeks ago      /bin/sh -c #(nop)  CMD ["sh"]                    0B
<missing>      4 weeks ago      /bin/sh -c #(nop) ADD file:1582deb90400e4ba7…   1.46MB

This changed the default user in container image from 1001(thanos) to 65534(nobody), which is unified with prometheus and alertmanager images.

Verification

Tested thanos-query in k8s cluster

@hoperays
chore: Optimize docker image size
a80f630 
* Remove RUN after COPY instruction.
* Use the nobody user directly.
* Set /thanos as the working directory.

Signed-off-by: Cheng Qiliang <[email protected]>
@hoperays hoperays force-pushed the optimize_docker_image_size branch from dd25862 to a80f630 Compare January 9, 2024 05:54
@hoperays hoperays marked this pull request as ready for review January 10, 2024 03:41
@douglascamata
Copy link
Contributor

The change in user ID is a potential breaking change for people running Thanos because of filesystem permissions, k8s PVs, and k8s security policies. Maybe we could refrain from doing it just for the sake of adopting the same user as other project's images?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature request/improvement size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hoperays @douglascamata