speckle-server icon indicating copy to clipboard operation
speckle-server copied to clipboard

Published 20 hours ago verified publisher icon specklesystems

perf(server, webhook-service): production images are based on distroless

Open iainsproat opened this issue 2 years ago • 1 comments

As well as improving boot-up & restart time (via smaller download & load size), Distroless reduces the attack surface area by removing almost all binaries & packages (e.g. shell, chown) that are not necessary to run node or python.

  • speckle-server
    • ✅ moved to distroless in this PR. Before (v2.7.1): 352Mb, Now: 203Mb — a 42% reduction! 📉
  • frontend
    • Before (v2.7.1): 114Mb.
    • 🚫 based on openresty to run nginx. openresty does not currently provide an official distroless base image.
  • preview-service
    • Before (v2.7.1): 1195Mb 🐳
    • ❓ installs a number of binaries via apt-get to run chromium to create previews. Moving to distroless would require manually installing packages (wget and untar, similar to this).
  • test-deployment
    • ✅ moved to distroless in this PR. Before (v2.7.1): 201Mb, Now: 113Mb - a 43% reduction! 📉
  • monitoring-deployment
    • ✅ moved to distroless in this PR. Before (v2.7.1): 142Mb, Now: 69Mb - a 51% reduction! 📉
  • webhook-service
    • ✅ moved to distroless in this PR. Before (v2.7.1): 207Mb, Now: 116Mb — a 44% reduction! 📉
  • fileimport-service
    • ✅ moved to distroless in this PR. Before (v2.7.1): 952Mb, Now: 462Mb - a 51% reduction! 📉

Total image size reduced: 891Mb 📉 (28%), but - and most importantly - less security surface area 🔐

Partially address https://github.com/specklesystems/speckle-server/issues/883

iainsproat avatar Aug 07 '22 10:08 iainsproat

Codecov Report

Merging #899 (9a01820) into main (427050a) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #899   +/-   ##
=======================================
  Coverage   90.54%   90.54%           
=======================================
  Files          87       87           
  Lines        3374     3374           
  Branches        5        5           
=======================================
  Hits         3055     3055           
  Misses        319      319

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Aug 07 '22 10:08 codecov[bot]