aries-cloudagent-python icon indicating copy to clipboard operation
aries-cloudagent-python copied to clipboard
verified publisher icon hyperledger

Slim down docker images

Open dbluhm opened this issue 2 years ago • 1 comments

The current images we're building include utilities like curl, git, less, vim-tiny, etc. I think inclusion of at least some of these utilities is a leftover from von-image days. While these utilities are helpful for debugging, it's generally considered best practice to keep container images minimal to reduce attack surface.

We should remove anything that isn't critical. Some of these utilities may be necessary while fetching and installing dependencies but are not critical after they've been retrieved. In that case, we should split the image into a multipart build so at least the resulting image is minimized.

Might be a good one to tackle alongside changes needed for #2289

dbluhm avatar Jul 18 '23 18:07 dbluhm

This isn't an image size issue but just as a matter of interest:

ghcr.io/hyperledger/aries-cloudagent-python   py3.6-indy-1.16.0-0.8.2              268f7e5883d4     627 MB
ghcr.io/hyperledger/aries-cloudagent-python   py3.9-indy-1.16.0-0.8.2              9aaa2cbd5a4b     624 MB
ghcr.io/hyperledger/aries-cloudagent-python   py3.6-0.8.2                          81bfaa69ce92     599 MB
ghcr.io/hyperledger/aries-cloudagent-python   py3.9-0.8.2                          aa86a542de71     595 MB

For comparison, python base image:

docker.io/library/python                      3.9-slim-bullseye                    e95114f5f756     129 MB

My local virtual environment (which does include dev dependencies) is about 300 MB

dbluhm avatar Jul 18 '23 18:07 dbluhm