cpuguy83
commented
1 year ago I moved the full tty handshake into C, so at least this is greatly reduced. Still have to deal with the container bootstrapper.
Testing shows the bootstrap process uses ~12MB of RAM before doing anything. Because we need to read the mounts config (requires a json parser), moving this into C is not as simple as I'd like it to be and will likely add some bloat the the tty copier.
Today the shim currently uses a bootstrap/control process when starting a container. This is needed for multiple reasons (managing stdio pipes, differentiating runc exit vs container exit).
Currently this control process is using an extra subcommand on the main shim binary, which means each container is firing up it's own iteration of the shim (with the go runtime, all deps, etc) and consuming tons of resources.
Ideally we wouldn't need this extra control process, and it may be possible to eliminate it for some things but today it cannot (as far as I can tell execs absolutely need it until there is split like exec-create and exec-start). The overhead of this control process needs to be minimal.
This could be a separate binary or a C implementation hooked up before the go runtime starts (like the pty handler currently does). No matter the solution, the current footprint is far too big since every container and every exec needs this control process.