Docker builds a huge image when user id is too high

[xposix]

In the company I'm working at the moment, we are using Openshift, for some reason, it restricts the user ids in the securityContext runAsUser section of the Deployment. In our case, the minimum user id allowed is 1009510001 . This means we have to create the Docker image from scratch, following the instructions in this site.

To my surprise, the final Docker image was 327GBin size:

clavam-test         latest         b3e08a0c3f2b   2 days ago      327GB

which was OK for my laptop but caused my Jenkins to fail on every build.

After A LOT of troubleshooting, we find out that useradd command was causing several hundred of GB /var/log/lastlog file.

All this issues are solved if we added --no-log-init to useradd command in the Dockerfile like this:

    useradd --no-log-init -m -g clamav -s /bin/false --home-dir /var/lib/clamav -u 1009510000 -c "Clam Antivirus" clamav && \

After this we only had to add the following to the deployment.yaml of the official helm chart:

          securityContext:
            runAsUser: 1009510001
            runAsGroup: 1009510001
            allowPrivilegeEscalation: false

[micahsnyder]

That's wild! I've also never seen such a high user id. 😆 Seems others have come to the same conclusion you have https://stackoverflow.com/questions/48671214/docker-image-size-for-different-user

Since you're patching that line in the Dockerfile anyways, I guess a change here isn't a blocker for you. But if you want to put in a PR that adds the --no-log-init option to all Debian Dockerfiles, that would be helpful. The alpine images use adduser instead of useradd. adduser doesn't have the --no-log-init option, so nothing to do there.