-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: Build the shipped agent with policy enabled #9563
build: Build the shipped agent with policy enabled #9563
Conversation
Now that the OPA binary is not required anymore, let's start shipping the agent with the policy enabled by default. The agent *without* policy enabled has 30MB, while it's 34MB *with* the policy enabled. This 4MB (~10%) increase is, IMHO, worth it in order to reduce the amount of components we have to maintain and test, including the possibility to also reduce the amount of possible rootfs / initrd images. Whoever wants to use the agent without policy enabled can simply do that by building their own agent. :-) Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Now that the `kata-agent` is being built with policy support, let's stop building the `kata-opa-agent`, reducing the amount of things we need to test and maintain. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
9a2e0fb
to
d3b300f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm happy with this and have added this PR link to the AC agenda as we told them we'd have the discussion/decision there tomorrow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There were not complaints in the AC meeting, so it's a 👍 from me! Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for helping out, @fidencio !
I'm merging this one without the CI passing, as it's removing some targets used by the CI. |
Now that the OPA binary is not required anymore, let's start shipping
the agent with the policy enabled by default.
The agent without policy enabled has 30MB, while it's 34MB with the
policy enabled.
This 4MB (~10%) increase is, IMHO, worth it in order to reduce the
amount of components we have to maintain and test, including the
possibility to also reduce the amount of possible rootfs / initrd
images.
Whoever wants to use the agent without policy enabled can simply do that
by building their own agent. :-)
/cc @stevenhorsman @danmihai1