Skip to content

UBI: reduce webservice and rails image size

Jason Plum requested to merge ubi8-multistage-finals into master
UBI: reduce webservice and rails image size
    
Use a `composite` intermediate container image when setting permissions
on files in the rails related images to eliminate a very large and
unnecessary image layer.
    
- Move all `ADD` of tarballs to 'composite'
- Move all `COPY` of `UID` owned files to 'composite'
- Set permissions, as needed, to `UID:0`
- `COPY` from `composite` to `final` removing the need to `chown` large
  amounts of data

What does this MR do?

UBI: webservice final as multi-stage, control permissions

Control the permissions better of artifacts within UBI final images through use of 'composite' stage.

  • Move all ADD of tarballs to 'composite'
  • Move all COPY of UID owned files to 'composite'
  • Set permissions, as needed, to UID:0
  • COPY from 'composite' in 'final', removing need to chown large amounts of data.

UBI: rails final as multi-stage, control permissions bloat

The ADD then set permissions was adding excessive bloat to the UBI images. Move to the use of multi-stage images, setting all appropriate permissions within the composite stage before COPY into final image.

Ideally, this saves the entire unpacked size of the rails-ee tarball (everything under /srv/gitlab prior to modifications within this Dockerfile.ubi8

Related issues

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

  • Merge Request Title, and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Integration tests added to GitLab QA
  • The impact any change in container size has should be evaluated
  • New dependencies are managed with dependencies.io
Edited by Robert Marshall

Merge request reports