Description of problem: operator-registry image needs clean up has 265MB+ data in /tmp that are copied to /bin also, the darwin and windows binaries are copied there and not needed as the image is platform dependant Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
1, Built an image without this PR, its size is 1.03G [root@preserve-olm-env operator-registry]# docker image ls quay.io/olmqe/builder:1883560 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/olmqe/builder 1883560 788fad670d98 6 minutes ago 1.03GB 2, Build another image with this PR, its size is 1.03G too, seems like no effects to the image size although the /tmp size is 4.0K now. [root@preserve-olm-env operator-registry]# docker image ls quay.io/olmqe/builder:new1883560 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/olmqe/builder new1883560 06c701aaf65a 31 seconds ago 1.03GB [root@preserve-olm-env operator-registry]# docker run --rm --entrypoint="/bin/bash" -ti quay.io/olmqe/builder:new1883560 bash-4.4$ ls ... bash-4.4$ du -h /bin/ 398M /bin/ bash-4.4$ du -h /tmp 4.0K /tmp bash-4.4$ Details as follows: [root@preserve-olm-env operator-registry]# docker build -f Dockerfile -t quay.io/olmqe/builder:new1883560 . Sending build context to Docker daemon 790.7MB Step 1/22 : FROM registry.svc.ci.openshift.org/ocp/builder:rhel-8-golang-openshift-4.6 as builder ---> 46c7c3b83298 Step 2/22 : ENV GOPATH /go ---> Using cache ---> 99af01b81b0a Step 3/22 : ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH ---> Using cache ---> 60bbe03b6762 Step 4/22 : WORKDIR /src ---> Using cache ---> 77ea56f63ac4 Step 5/22 : COPY vendor vendor ---> Using cache ---> 42cae8abb29b Step 6/22 : COPY cmd cmd ---> 34df77d30c4b Step 7/22 : COPY pkg pkg ---> 5181cab46c2a Step 8/22 : COPY Makefile go.mod go.sum ./ ---> 58a3c68ddeae Step 9/22 : RUN make build cross ---> Running in 08b43ee05e28 fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git GOFLAGS="-mod=vendor" go build -tags "json1" -o bin/appregistry-server ./cmd/appregistry-server GOFLAGS="-mod=vendor" go build -tags "json1" -o bin/configmap-server ./cmd/configmap-server GOFLAGS="-mod=vendor" go build -tags "json1" -o bin/initializer ./cmd/initializer GOFLAGS="-mod=vendor" go build -tags "json1" -o bin/registry-server ./cmd/registry-server GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-10-22T02:56:00Z'" -tags "json1" -o bin/opm ./cmd/opm GOOS=darwin CC=o64-clang CXX=o64-clang++ CGO_ENABLED=1 GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-10-22T02:56:00Z'" -tags "json1" -o "bin/darwin-amd64-opm" --ldflags "-extld=o64-clang" ./cmd/opm GOOS=windows CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOFLAGS="-mod=vendor" go build -ldflags "-X 'github.com/operator-framework/operator-registry/cmd/opm/version.gitCommit=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.opmVersion=' -X 'github.com/operator-framework/operator-registry/cmd/opm/version.buildDate=2020-10-22T02:56:00Z'" -tags "json1" -o "bin/windows-amd64-opm" --ldflags "-extld=x86_64-w64-mingw32-gcc" ./cmd/opm Removing intermediate container 08b43ee05e28 ---> b6df710a1e94 Step 10/22 : RUN CGO_ENABLED=0 go build -mod=vendor -tags netgo -ldflags "-w" ./vendor/github.com/grpc-ecosystem/grpc-health-probe/... ---> Running in 8eabf8588b47 Removing intermediate container 8eabf8588b47 ---> 56e195ddaecf Step 11/22 : FROM registry.svc.ci.openshift.org/ocp/4.6:base ---> f109cb3fdc46 Step 12/22 : COPY --from=builder /src/bin/* /tmp/bin/ ---> a74f5ff2eb45 Step 13/22 : COPY --from=builder /src/grpc-health-probe /bin/grpc_health_probe ---> 9d5ec16af0b4 Step 14/22 : RUN cp -avr /tmp/bin/. /bin/ && rm -rf /tmp/bin ---> Running in 66bc158304cb '/tmp/bin/./appregistry-server' -> '/bin/./appregistry-server' '/tmp/bin/./configmap-server' -> '/bin/./configmap-server' '/tmp/bin/./darwin-amd64-opm' -> '/bin/./darwin-amd64-opm' '/tmp/bin/./initializer' -> '/bin/./initializer' '/tmp/bin/./opm' -> '/bin/./opm' '/tmp/bin/./registry-server' -> '/bin/./registry-server' '/tmp/bin/./windows-amd64-opm' -> '/bin/./windows-amd64-opm' Removing intermediate container 66bc158304cb ---> 04403e416e81 Step 15/22 : RUN mkdir /registry ---> Running in 1615cb4b8c77 Removing intermediate container 1615cb4b8c77 ---> b87ffa39c878 Step 16/22 : RUN chgrp -R 0 /registry && chmod -R g+rwx /registry ---> Running in fb9183ec6cc5 Removing intermediate container fb9183ec6cc5 ---> aa3d1c58c500 Step 17/22 : WORKDIR /registry ---> Running in 217a65da3bc0 Removing intermediate container 217a65da3bc0 ---> 15d4194ae607 Step 18/22 : USER 1001 ---> Running in 15a45257ec7a Removing intermediate container 15a45257ec7a ---> 9701218218e2 Step 19/22 : EXPOSE 50051 ---> Running in 39435c3260df Removing intermediate container 39435c3260df ---> 5dad712c10f7 Step 20/22 : ENTRYPOINT ["/bin/registry-server"] ---> Running in eec2283b2bd0 Removing intermediate container eec2283b2bd0 ---> 3e523725b05f Step 21/22 : CMD ["--database", "/bundles.db"] ---> Running in 8929c0d000f2 Removing intermediate container 8929c0d000f2 ---> 5b3e01586165 Step 22/22 : LABEL io.k8s.display-name="OpenShift Operator Registry" io.k8s.description="This is a component of OpenShift Operator Lifecycle Manager and is the base for operator catalog API containers." maintainer="Odin Team <aos-odin>" summary="Operator Registry runs in a Kubernetes or OpenShift cluster to provide operator catalog data to Operator Lifecycle Manager." ---> Running in 94306e952cd3 Removing intermediate container 94306e952cd3 ---> 06c701aaf65a Successfully built 06c701aaf65a Successfully tagged quay.io/olmqe/builder:new1883560
Jian, Building the docker image locally may not be the best way to test this. I think the right verification steps should be to take a look at the size of the downstream images that are being produced by OpenShift CI and nightly builds.
Thanks, Kevin. Checking the openshift CI, seems like the builder is incorrect, submit a PR for it: https://github.com/operator-framework/operator-registry/pull/525 For the nightly build: 1, Check this image for 4.6(no fixed PR), its size is 453MB. [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-11-29-153115 --image-for=operator-lifecycle-manager quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482 [root@preserve-olm-env data]# docker pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482 sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482: Pulling from openshift-release-dev/ocp-v4.0-art-dev ... Status: Downloaded newer image for quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482 quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482 [root@preserve-olm-env data]# docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:52e6b2c81e32ba34d4c015480eb76864c3ad59438e58ec243f4622afb76b2482 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/openshift-release-dev/ocp-v4.0-art-dev <none> 640149bf3816 4 days ago 453MB 2, Check this image for 4.7(fixed PR merged), its size is 454M. [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-11-30-172451 --image-for=operator-lifecycle-manager quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f51f9afc958b188a65833c6297dee5f149d4c1521a01a1a54e3501d670b2afd0 [root@preserve-olm-env data]# docker pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f51f9afc958b188a65833c6297dee5f149d4c1521a01a1a54e3501d670b2afd0 ... [root@preserve-olm-env data]# docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f51f9afc958b188a65833c6297dee5f149d4c1521a01a1a54e3501d670b2afd0 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/openshift-release-dev/ocp-v4.0-art-dev <none> 32b607403dbd 4 days ago 454MB Seems like the fixed PR didn't reduce this image size, or the base image changed. Change it to ASSIGNED first.
Sorry, my mistake. I mixed operator-registry image with OLM. Please ignore comment 6. 1, Check the image with the fixed PR: https://github.com/operator-framework/operator-registry/pull/461 Its image size is 632MB. [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-013308 --commits|grep operator-registry operator-registry https://github.com/operator-framework/operator-registry 9e924740f21ee19ee9b643f8536f37d4cc820c21 [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-013308 --image-for=operator-registry quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:50bff02141f6c736b4dace020ece9a12f45f6d764bf4739c59c6063ebb5889e4 [jzhang@dhcp-140-36 ~]$ docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:50bff02141f6c736b4dace020ece9a12f45f6d764bf4739c59c6063ebb5889e4 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/openshift-release-dev/ocp-v4.0-art-dev <none> 9c065538e052 3 days ago 632MB 2, Check the image with fixed PR: https://github.com/operator-framework/operator-registry/pull/531. Its image size is 632MB. [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-222446 --commits |grep operator-registry operator-registry https://github.com/operator-framework/operator-registry 2e9bb75c2ebf38cdd1c154bc82a41554fcd97986 [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.7.0-0.nightly-2020-12-04-222446 --image-for=operator-registry quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a [jzhang@dhcp-140-36 ~]$ docker pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a: Pulling from openshift-release-dev/ocp-v4.0-art-dev ... quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a [jzhang@dhcp-140-36 ~]$ [jzhang@dhcp-140-36 ~]$ docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2dc2974340e4dd767d2936cea476a1bf37b3c145fec4dbcfceb512af4869049a REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/openshift-release-dev/ocp-v4.0-art-dev <none> 6279f00a3378 2 days ago 632MB 3, check the image in 4.6 nightly payload without any fixed PR. Its image size is 1.01GB. [root@preserve-olm-env data]# oc adm release info registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-12-06-095114 --image-for=operator-registry quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b8e4dd73262db7ab949234d1acada14f3a5c3c701aa36aa6e252e6be3d2109f4 ... [jzhang@dhcp-140-36 ~]$ docker image ls quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b8e4dd73262db7ab949234d1acada14f3a5c3c701aa36aa6e252e6be3d2109f4 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/openshift-release-dev/ocp-v4.0-art-dev <none> 1cdceba109eb 2 days ago 1.01GB LGTM, verify it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633