Idea: an e2e test runner that builds and estargz optimizes your image, runs tests, and tracks what files in the image were actually used. Then you can generate a whiteout layer to remove the rest. You don't need to run optimized images in prod if you can't, and you don't have all those CVEs in unrelated packages
Your image might be big, but Ubuntu etc are cached and whiteout layers are tiny. It'd be more for reducing attack surface
I just need a registry implementation (or passthrough proxy) that records which byte ranges/files in an estargz are requested. That could generate a prioritized TOC and/or whiteout layer
imjasonh
commented
3 years ago