Do following actions to reduce the size of the generated images.
- Change `COPY` command + `chown`/`chmod` command to `COPY` command +
`--chown`/`--chmod` option.
To prevent both files before/after `chown`/`chmod` commands from being
recorded on different layers.
- Put all `tdnf` commands in a single `RUN` command and move `tdnf clean all`
command to the end.
To prevent the `tdnf` cache from being recorded on a layer, and the `tdnf`
database from being recorded on multiple layers.
- Add `--link` option to `COPY` command.
This does not contribute to image size reduction, but makes image building
more efficient.
- Move `chown /etc/pki/tls/certs` to the `Dockerfile.base`.
This does not contribute to image size reduction, but is used in
conjunction with `COPY --link` to make image building more efficient.
The target images and their sizes are as follows. (The sizes are the value
when built locally)
- harbor-core : 185MB -> 118MB
- harbor-db : 285MB -> 263MB
- harbor-exporter : 108MB -> 79.1MB
- harbor-jobservice : 159MB -> 105MB
- harbor-registryctl : 160MB -> 104MB
- redis-photon : 179MB -> 170 MB
- standalone-db-migrator : 328MB -> 284MB
Note that harbor-log, harbor-portal, and nginx-photon have almost no effect,
and prepare is not directly executed by the user, so they are not included.
Also, registry-photon and trivy-adapter-photon are not included, since
PR#20622 and PR#20623 include equivalent action for these two, respectively.
Signed-off-by: Mitsuru Kariya <mitsuru.kariya@nttdata.com>
The latest `photon:2.0` does not include `groupadd` and `useradd`
we need to install `shadow` package which includes these commands.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
Fixes#11606
As we DO NOT want to user to execute GC in the container, rename it and append the warning message.
Signed-off-by: wang yan <wangyan@vmware.com>
Mount the ca bunlder into registry controller, and add them into os
trust store that resolves the problem of garabe collection on ca
enabled registry.
Signed-off-by: wang yan <wangyan@vmware.com>
Make necessary change to make things work with photon 2.0 docker image.
Remove distro-sync to mitigate the build issue and add `--pull` to docker build
command to make sure the latest photon:2.0 will be pulled during build process.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
docker regsitry. This version has the API to call regsitry GC with jobservice
secret. Seprates it into a standalone container as do not want to invoke two
processes in one container.
It needs to mount the registry storage into this container in order to do GC,
and needs to copy the registry binary into it.
