Docker image very big containing a lot of unnecessary stuff
runningman84 opened this issue · comments
What happened:
The image 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.8-eksbuild.1 is very big and takes more than 20 seconds to download.
Looking into the image it contains things like old kernel sources:
bash-4.2# ls -la /usr/src/kernels/
total 4
drwxr-xr-x. 1 root root 44 Feb 5 20:48 .
drwxr-xr-x. 1 root root 21 Jan 23 17:37 ..
drwxr-xr-x. 23 root root 4096 Feb 5 20:48 4.14.336-255.557.amzn2.aarch64
Furthermore it contains a lot of other stuff
bash-4.2# cd /
bash-4.2# du -s -h .
du: cannot access './proc/78/task/78/fd/4': No such file or directory
du: cannot access './proc/78/task/78/fdinfo/4': No such file or directory
du: cannot access './proc/78/fd/3': No such file or directory
du: cannot access './proc/78/fdinfo/3': No such file or directory
975M .
bash-4.2# du --max-depth=1 -h .
0 ./boot
0 ./dev
2.1M ./etc
0 ./home
0 ./local
0 ./media
0 ./mnt
0 ./opt
du: cannot access './proc/79/task/79/fd/4': No such file or directory
du: cannot access './proc/79/task/79/fdinfo/4': No such file or directory
du: cannot access './proc/79/fd/3': No such file or directory
du: cannot access './proc/79/fdinfo/3': No such file or directory
0 ./proc
4.0K ./root
20K ./run
0 ./srv
0 ./sys
0 ./tmp
764M ./usr
19M ./var
104M ./host
975M .
bash-4.2# du --max-depth=1 -h /usr/
74M /usr/bin
0 /usr/etc
0 /usr/games
20M /usr/include
44M /usr/lib
351M /usr/lib64
56M /usr/libexec
4.0K /usr/local
5.7M /usr/sbin
123M /usr/share
92M /usr/src
764M /usr/
bash-4.2# du --max-depth=1 -h /usr/share/
0 /usr/share/X11
8.0K /usr/share/aclocal
32K /usr/share/applications
0 /usr/share/augeas
84K /usr/share/awk
0 /usr/share/backgrounds
72K /usr/share/bash-completion
0 /usr/share/desktop-directories
0 /usr/share/dict
19M /usr/share/doc
0 /usr/share/empty
0 /usr/share/file
0 /usr/share/games
216K /usr/share/gcc-7
8.0K /usr/share/gdb
0 /usr/share/ghostscript
0 /usr/share/glib-2.0
0 /usr/share/gnome
312K /usr/share/gnupg
0 /usr/share/i18n
0 /usr/share/icons
0 /usr/share/idl
4.4M /usr/share/info
1.1M /usr/share/licenses
54M /usr/share/locale
0 /usr/share/lua
8.1M /usr/share/man
5.4M /usr/share/mime
0 /usr/share/mime-info
2.8M /usr/share/misc
0 /usr/share/omf
4.0K /usr/share/p11-kit
0 /usr/share/pixmaps
4.0K /usr/share/pkgconfig
1.1M /usr/share/pki
0 /usr/share/sounds
4.0K /usr/share/systemtap
16K /usr/share/tabset
476K /usr/share/terminfo
0 /usr/share/themes
12K /usr/share/vim
0 /usr/share/xsessions
908K /usr/share/yum-cli
0 /usr/share/yum-plugins
4.5M /usr/share/zoneinfo
16K /usr/share/zsh
1.9M /usr/share/groff
48K /usr/share/opt-viewer
20M /usr/share/perl5
123M /usr/share/
Attach logs
Successfully pulled image "602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.8-eksbuild.1" in 20.619s (20.619s including waiting)
What you expected to happen:
I would like to see a minimal image without any unnecessary stuff.
How to reproduce it (as minimally and precisely as possible):
Install latest aws cni.
Anything else we need to know?:
Especially security related stuff like this agent should be using a very thin auditable image.
Environment:
- Kubernetes version (use
kubectl version
): 1.29.x - CNI Version: v1.16.3-eksbuild.2
- Network Policy Agent Version: v1.0.8-eksbuild.1
- OS (e.g:
cat /etc/os-release
): na - Kernel (e.g.
uname -a
): na
Possibly fixed by
#212
This change should be out soon
New version v1.1.0 is out which uses the minimal build. It reduces the image size to ~40 MB.
addressed via the new node agent release.