Description of changes:
This PR modifies the Network Policy agent Dockerfile to use eks-distro-minimal-base-glibc as the base image. This minimal image, along with removing the libraries that were installed using yum, significantly decreases the size of the container image. My personal build showed a decrease from ~290MB to ~38MB.
A smaller container image means faster image pulls and a smaller surface area for CVEs.
For the libraries that were installed in the container filesystem using yum, such as libbpf-devel, it turns out that none of these are needed at runtime. The object files created in the bpfbuilder stage already have everything they need statically linked.
Also, I updated the Golang builder image to Golang 1.21.7.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Issue #, if available: https://github.com/aws/aws-network-policy-agent/issues/109
Description of changes: This PR modifies the Network Policy agent Dockerfile to use
eks-distro-minimal-base-glibc
as the base image. This minimal image, along with removing the libraries that were installed usingyum
, significantly decreases the size of the container image. My personal build showed a decrease from ~290MB to ~38MB.A smaller container image means faster image pulls and a smaller surface area for CVEs.
For the libraries that were installed in the container filesystem using
yum
, such aslibbpf-devel
, it turns out that none of these are needed at runtime. The object files created in thebpfbuilder
stage already have everything they need statically linked.Also, I updated the Golang builder image to Golang 1.21.7.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.