UBI: reduce webservice and rails image size
UBI: reduce webservice and rails image size
Use a `composite` intermediate container image when setting permissions
on files in the rails related images to eliminate a very large and
unnecessary image layer.
- Move all `ADD` of tarballs to 'composite'
- Move all `COPY` of `UID` owned files to 'composite'
- Set permissions, as needed, to `UID:0`
- `COPY` from `composite` to `final` removing the need to `chown` large
amounts of dataWhat does this MR do?
UBI: webservice final as multi-stage, control permissions
Control the permissions better of artifacts within UBI final images through use of 'composite' stage.
- Move all
ADDof tarballs to 'composite' - Move all
COPYofUIDowned files to 'composite' - Set permissions, as needed, to
UID:0 -
COPYfrom 'composite' in 'final', removing need tochownlarge amounts of data.
UBI: rails final as multi-stage, control permissions bloat
The ADD then set permissions was adding excessive bloat to the
UBI images. Move to the use of multi-stage images, setting all
appropriate permissions within the composite stage before COPY
into final image.
Ideally, this saves the entire unpacked size of the rails-ee
tarball (everything under /srv/gitlab prior to modifications
within this Dockerfile.ubi8
Related issues
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated -
New dependencies are managed with dependencies.io
Edited by Robert Marshall