build: Build the shipped agent with policy enabled #9563

fidencio · 2024-04-26T18:58:53Z

Now that the OPA binary is not required anymore, let's start shipping
the agent with the policy enabled by default.

The agent without policy enabled has 30MB, while it's 34MB with the
policy enabled.

This 4MB (~10%) increase is, IMHO, worth it in order to reduce the
amount of components we have to maintain and test, including the
possibility to also reduce the amount of possible rootfs / initrd
images.

Whoever wants to use the agent without policy enabled can simply do that
by building their own agent. :-)

/cc @stevenhorsman @danmihai1

Now that the OPA binary is not required anymore, let's start shipping the agent with the policy enabled by default. The agent *without* policy enabled has 30MB, while it's 34MB *with* the policy enabled. This 4MB (~10%) increase is, IMHO, worth it in order to reduce the amount of components we have to maintain and test, including the possibility to also reduce the amount of possible rootfs / initrd images. Whoever wants to use the agent without policy enabled can simply do that by building their own agent. :-) Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>

Now that the `kata-agent` is being built with policy support, let's stop building the `kata-opa-agent`, reducing the amount of things we need to test and maintain. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>

stevenhorsman

I'm happy with this and have added this PR link to the AC agenda as we told them we'd have the discussion/decision there tomorrow.

stevenhorsman

There were not complaints in the AC meeting, so it's a 👍 from me! Thanks!

danmihai1

Thanks for helping out, @fidencio !

fidencio · 2024-05-01T10:20:27Z

I'm merging this one without the CI passing, as it's removing some targets used by the CI.

katacontainersbot added the size/small Small and simple task label Apr 26, 2024

fidencio added the ok-to-test label Apr 26, 2024

fidencio added 2 commits April 28, 2024 12:52

build: tests: Remove agent-opa

d3b300f

Now that the `kata-agent` is being built with policy support, let's stop building the `kata-opa-agent`, reducing the amount of things we need to test and maintain. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>

fidencio force-pushed the topic/agent-use-policy-by-default branch from 9a2e0fb to d3b300f Compare April 28, 2024 10:53

stevenhorsman reviewed Apr 29, 2024

View reviewed changes

fidencio marked this pull request as ready for review April 30, 2024 15:18

fidencio requested a review from a team as a code owner April 30, 2024 15:18

stevenhorsman approved these changes Apr 30, 2024

View reviewed changes

danmihai1 approved these changes Apr 30, 2024

View reviewed changes

sprt approved these changes Apr 30, 2024

View reviewed changes

fidencio merged commit f04a7a5 into kata-containers:main May 1, 2024
175 of 227 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: Build the shipped agent with policy enabled #9563

build: Build the shipped agent with policy enabled #9563

fidencio commented Apr 26, 2024

stevenhorsman left a comment

stevenhorsman left a comment

danmihai1 left a comment

fidencio commented May 1, 2024

build: Build the shipped agent with policy enabled #9563

build: Build the shipped agent with policy enabled #9563

Conversation

fidencio commented Apr 26, 2024

stevenhorsman left a comment

Choose a reason for hiding this comment

stevenhorsman left a comment

Choose a reason for hiding this comment

danmihai1 left a comment

Choose a reason for hiding this comment

fidencio commented May 1, 2024