-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: Split CLI, Agent, Proxy, and Server binaries #73
Comments
EdgeX has proposed a smaller binaries approach, but I am unsure if what they want is compatible with what you have outlined, or is orthogonal. |
@joewxboy Do you happen to have a link to that proposal? |
That was purely verbal and informal. Let me open a conversation with James, Lenny, and team. |
Joe and Lenny asked that I contribute to the discussion regarding EdgeX usage of OpenBao:
|
\o Hi @bnevis-i, thanks for the comments :-)
I think this can be done with a Kubernetes operator (as discussed in #40) or similar, without needing to embed the agent in each container image. I've not used this myself, but if it sounds like there's general interest in it, its probably worth starting the forking process into our namespace here.
I doubt it'd help (much) with runtime memory usage. I'm thinking it would mostly help with binary size, especially if #64 is adopted to prune the number of shipped plugins. There are other tricks (with #77 in particular) that would help server image size. |
EdgeX can run on plain 'ol Docker. We don't embed the agent in each image. Rather, we populate a docker volume with startup scripts and tools, and point the entrypoint scripts of 3rd party containers at it. Anything on that volume can only be a script or a binary that depends on only the kernel ABI in order to survive glibc/musl variations across containers.
My vote would be to prioritize that "low" (let those other issues decide the direction). |
Ah, very good. Existing binaries should already be statically linked, hence the size issues and I wouldn't expect this to change any time soon.
This would likely come easily with splitting the other binaries off. Currently it is a single monolithic binary for everything. The upstream binary is around 365MB, so reducing this is rather important, IMO. |
* workflows: add bulk dep update job * remove dependabot
Syncing some commentary from matrix by me: Hmmm, splicing all the binaries up will be a little interesting without tree shaking. We'll probably need to restructure more than a few files to actually see size benefits, given that there's a few files with broad imports...
A very, very blunt:
in reduces the binary size to:
(for agent only) But this still includes all of But on second thought, perhaps we could take a top-down approach and rather than adding build tag limits in the destination packages, do the opposite and limit it in the |
Cross-posting my comment from #162: I had started down this path earlier before realizing that it will be substantial work. I think what needs to happen is, for each file in command/, the file is evaluated for needing to be in a particular binary, and adding tags to the effect of removing it from the ones that don't need it. I don't think that's sufficient though, as binary sizes will still be large... I think we've gotta evaluate the imports of the files as well, and where the import isn't necessary for all modes that requires a file, split the file, so that the import isn't present for the other modes (and thus, isn't included in the build for the other modes that don't need it). What I'm hoping to avoid is having to push build tags all the way into the other parts of Vault (past command/ into builtin/ or vault/)... If anyone is interested in helping out, happy to to have it! Feel free to use (or not use, whichever is better :D) my code in that commit. |
Some more notes: I think configuration needs to be split out from Agent/Proxy and Server; the latter includes seal wrapping which brings in But the branch has been updated if anyone wants to keep experimenting. |
Upstream has heretofore avoided splitting the binaries. IMO, there are four candidates for separation:
The latter two could be left as a single unit as they were only recently differentiated in the code base.
I believe there was mostly a reluctance to change and desire to avoid breaking users' workflows. OpenBao may or may not have changes anyways (depending on #55 and #64), so it probably warrants another discussion here about it. This could potentially serve to decrease binary sizes again (as e.g., things like Cloud SDKs are reshuffled).
Additionally, we might be able to support both modes (a fat binary and several smaller binaries).
The text was updated successfully, but these errors were encountered: