Standalone `tbot` docker image

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

17.52k stars 1.75k forks source link

Standalone `tbot` docker image #21280

Closed hagaibarel closed 8 months ago

hagaibarel commented 1 year ago

What would you like Teleport to do?

I would like teleport to publish a standalone container image with just the tbot binary included, so running it as a sidecar won't required pulling the entire teleport image which is ~600mb in size.

What problem does this solve?

Smaller footprint for running tbot as a sidecar container for other applications, smaller image -> less time to pull -> quicker startup, especially in a kubernetes pod sidecar setup.

If a workaround exists, please include it.

Other than building a custom version of the docker image, none.

It might be related to the this thread https://github.com/gravitational/teleport/issues/8735, although specifically I'm referring to tbot container image

strideynet commented 1 year ago

Thanks for raising this. I don't see why we couldn't do this - no promises on a timeline though.

I'm sure https://github.com/gravitational/teleport/issues/19019 will be of interest to you as well.

hagaibarel commented 1 year ago

Hi folks, any update on this?

Jasstkn commented 1 year ago

we ended up writing our own Dockerfile for tbot:

FROM frolvlad/alpine-glibc:alpine-3.17 AS builder

ARG TELEPORT_VERSION
ARG ARCH=amd64

RUN apk add curl

RUN curl https://get.gravitational.com/teleport-ent-v${TELEPORT_VERSION}-linux-${ARCH}-bin.tar.gz.sha256 > checksum  && \
    curl -O https://cdn.teleport.dev/teleport-ent-v${TELEPORT_VERSION}-linux-${ARCH}-bin.tar.gz && \
    sha256sum -c checksum

RUN tar -xvf teleport-ent-v${TELEPORT_VERSION}-linux-${ARCH}-bin.tar.gz && \
    cd teleport-ent && \
    ./install

FROM frolvlad/alpine-glibc:alpine-3.17

COPY --from=builder /usr/local/bin/tbot /usr/local/bin/tbot

strideynet commented 9 months ago

Work has started on this ✅

strideynet commented 9 months ago

After the image has been released, the documentation for the Machine ID on Kubernetes flow should be updated. We aim to publish this for v15, v14 and v13.

strideynet commented 7 months ago

public.ecr.aws/gravitational/tbot-distroless:15.1.0 is now available. We've also backported this to 14/13 so this should also be available in their next releases.

hagaibarel commented 7 months ago

Fantastic, thanks a lot.

Just for reference:

$ docker images
REPOSITORY                                         TAG       IMAGE ID       CREATED       SIZE
public.ecr.aws/gravitational/teleport-distroless   15.1.0    f70023b07832   8 hours ago   658MB
public.ecr.aws/gravitational/tbot-distroless       15.1.0    1785d46a3f20   8 hours ago   127MB

The tbot image is ~20% of the full teleport image

strideynet commented 7 months ago

Great - just the result I was hoping for. I'm hoping to carry out some refactors over the next few quarters to reduce the dependencies of tbot and keep shrinking that binary :D