Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kbs: shrink the size of docker image #417

Merged
merged 2 commits into from
Jun 18, 2024
Merged

kbs: shrink the size of docker image #417

merged 2 commits into from
Jun 18, 2024

Conversation

Xynnn007
Copy link
Member

After this patch, the image size will be ~215MB

$ docker images | grep slim
kbs     coco-as-slim      baf4fd2a16ed   37 minutes ago   215MB

Close #416

BbolroC
BbolroC reviewed Jun 14, 2024
View reviewed changes
kbs/docker/Dockerfile
libsgx-dcap-default-qpl \
libsgx-dcap-quote-verify \
tpm2-tools; fi

# Intel PCCS URL Configurations
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I ask a rationale for removing this? I don't think the removal has nothing to do with reducing a image size (because it is just environment variable declaration and string replacement). Thanks!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it has nothing to do with the topic. Originally, I thought this code was actually useless. Most people who use KBS would mount this file instead of hardcoding it during the image building phase. I just deleted these lines by the way; Let me set this piece of content as a separate commit, and then collecte more opinions to see if we should keep it.

mkulke
mkulke approved these changes Jun 14, 2024
View reviewed changes
Copy link
Contributor

@mkulke mkulke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. thanks.

I think tpm2-tools can be replaced by libtss2-tctildr0 + libtss2-esys-3.0.2, if that saves some more space

@Xynnn007
Copy link
Member Author

I think tpm2-tools can be replaced by libtss2-tctildr0 + libtss2-esys-3.0.2, if that saves some more space

Thanks for the pointers. I just test locally it would be a little bigger

$ docker images | grep slim
kbs     coco-as-slim      baf4fd2a16ed   37 minutes ago   215MB
kbs     coco-as-slim-2    14a4e935ccf0   1 minutes ago    219MB

mythi
mythi reviewed Jun 14, 2024
View reviewed changes
kbs/docker/Dockerfile
RUN if [ "${ARCH}" = "x86_64" ]; then apt-get install -y --no-install-recommends \
gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
apt-get update && \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is also possible to uninstall gnupg-agent and curl at this point..

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it also deletes about ~3 MB in size. Let me repush

BbolroC added a commit to BbolroC/cc-guest-components that referenced this pull request Jun 14, 2024
@BbolroC
tests: Skip image.rs test for s390x
90f3925 
There is an issue on pulling an image `mcr.microsoft.com/hello-world` on s390x.
It looks a load balancer for the microsoft registry is unstable so that the runner
was able to pull the image with 10& success ratio (see
confidential-containers/trustee#417)
It is not reasonable to let the test run under the unstable environment.

This commit skips the tests at image.rs for the platform.

Signed-off-by: Hyounggyu Choi <[email protected]>
@BbolroC BbolroC mentioned this pull request Jun 14, 2024
Merged
fitzthum
fitzthum approved these changes Jun 14, 2024
View reviewed changes
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Xynnn007
kbs: shrink the size of docker image
5216c73 
After this patch, the image size will be ~215MB

Close confidential-containers#416

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
kbs: delete PCCS config part in Dockerfile
323284f 
Users would like to mount a sgx_qcnl_default.conf to container rather
than determine a static one at build time.

Signed-off-by: Xynnn007 <[email protected]>
mythi
mythi approved these changes Jun 18, 2024
View reviewed changes
Copy link
Contributor

@mythi mythi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@fitzthum fitzthum merged commit a533ee9 into confidential-containers:main Jun 18, 2024
15 checks passed
@Xynnn007 Xynnn007 deleted the shrink-kbs-image branch June 19, 2024 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BbolroC BbolroC BbolroC left review comments

@mkulke mkulke mkulke approved these changes

@mythi mythi mythi approved these changes

@fitzthum fitzthum fitzthum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dockerfile: optimize the KBS image size
5 participants
@Xynnn007 @mkulke @mythi @fitzthum @BbolroC