Docker Images

Optimized Docker images for KubeAgentic with multi-stage builds and enterprise security

🐳 KubeAgentic Docker Images

KubeAgentic provides highly optimized Docker images hosted on Docker Hub, featuring significant size reductions, enhanced security, and multi-architecture support.

📊 Image Overview

Component	Image	Size	Architecture	Base Image
Operator	`sudeshmu/kubeagentic:operator-latest`	108MB	linux/amd64, linux/arm64	Red Hat UBI Micro
Agent Runtime	`sudeshmu/kubeagentic:agent-latest`	625MB	linux/amd64, linux/arm64	Red Hat UBI Minimal

⚡ Optimization Highlights

Size Reduction

Agent Runtime: 1.85GB → 625MB (66% smaller)
Operator: ~150MB → 108MB (28% smaller)
Total Savings: ~2GB → 733MB (63% reduction)

Multi-Stage Build Architecture

# Build Stage - Full development environment
FROM registry.access.redhat.com/ubi9/python-311:latest AS builder
# ... dependency installation and compilation

# Runtime Stage - Minimal production environment
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
# ... copy only runtime artifacts

Security Features

✅ Red Hat Universal Base Images (UBI) for enterprise security
✅ Non-root execution with dedicated user accounts
✅ Minimal attack surface - only essential packages included
✅ No package managers in final runtime images
✅ Regular security updates from Red Hat

🚀 Quick Start

Pull Images

# Pull both optimized images
docker pull sudeshmu/kubeagentic:operator-latest  # 108MB
docker pull sudeshmu/kubeagentic:agent-latest     # 625MB

# Verify downloads
docker images sudeshmu/kubeagentic

Deploy to Kubernetes

# Deploy with optimized images (automatic)
kubectl apply -f https://raw.githubusercontent.com/KubeAgentic-Community/KubeAgentic/main/deploy/all.yaml

# Check running pods
kubectl get pods -n kubeagentic-system

Local Development

# Run agent locally
docker run -p 8080:8080 \
  -e OPENAI_API_KEY="sk-your-key" \
  sudeshmu/kubeagentic:agent-latest

# Test the agent
curl -X POST http://localhost:8080/chat \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello!"}'

🏷️ Available Tags

Production Tags

operator-latest: Latest stable operator release
agent-latest: Latest optimized agent runtime
agent-optimized: Explicitly tagged optimized version

Versioning Strategy

# Always use latest for production
docker pull sudeshmu/kubeagentic:operator-latest
docker pull sudeshmu/kubeagentic:agent-latest

# Version-specific tags coming soon
# docker pull sudeshmu/kubeagentic:operator-v1.0.0

🏗️ Build Details

Operator Image (108MB)

Base Image: registry.access.redhat.com/ubi9/ubi-micro:latest

FROM registry.access.redhat.com/ubi9/go-toolset:latest AS builder
# Build Go operator binary

FROM registry.access.redhat.com/ubi9/ubi-micro:latest
# Minimal runtime with only the operator binary

Contents:

Go-compiled operator binary
Minimal system libraries
Security certificates
Non-root user configuration

Agent Runtime Image (625MB)

Base Image: registry.access.redhat.com/ubi9/ubi-minimal:latest

FROM registry.access.redhat.com/ubi9/python-311:latest AS builder
# Install Python dependencies in virtual environment

FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
# Production runtime with Python + optimized dependencies

Contents:

Python 3.11 runtime
Optimized virtual environment with AI libraries
FastAPI web framework
LangChain/LangGraph frameworks
Minimal system packages

📈 Performance Comparison

Before Optimization

REPOSITORY              TAG       SIZE
kubeagentic/operator   latest    ~150MB
kubeagentic/agent      latest    1.85GB
TOTAL                            ~2GB

After Optimization

REPOSITORY              TAG                SIZE
sudeshmu/kubeagentic   operator-latest    108MB   ⬇️ 28% smaller
sudeshmu/kubeagentic   agent-latest       625MB   ⬇️ 66% smaller  
TOTAL                                     733MB   ⬇️ 63% smaller

Resource Impact

Faster deployments: 63% less data to transfer
Reduced storage: Significant cluster storage savings
Better security: Minimal attack surface with UBI base images
Lower costs: Reduced registry and bandwidth costs

🛠️ Development Usage

Building Locally

# Clone the repository
git clone https://github.com/KubeAgentic-Community/KubeAgentic.git
cd KubeAgentic

# Build operator (uses multi-stage optimization)
docker build -f Dockerfile.operator -t local/kubeagentic:operator .

# Build agent runtime (uses multi-stage optimization)  
docker build -f Dockerfile.agent -t local/kubeagentic:agent .

Testing Images

# Test operator health
docker run --rm sudeshmu/kubeagentic:operator-latest --help

# Test agent runtime
docker run --rm -p 8080:8080 \
  -e PROVIDER=openai \
  -e MODEL=gpt-3.5-turbo \
  -e OPENAI_API_KEY="sk-test" \
  sudeshmu/kubeagentic:agent-latest

CI/CD Integration

# GitHub Actions example
- name: Deploy KubeAgentic
  run: |
    docker pull sudeshmu/kubeagentic:operator-latest
    docker pull sudeshmu/kubeagentic:agent-latest
    kubectl apply -f deploy/all.yaml

🔧 Customization

Environment Variables

Operator:

- LOG_LEVEL=info          # Logging verbosity
- METRICS_ADDR=:8080      # Metrics server address  
- HEALTH_PROBE_ADDR=:8081 # Health check address
- WEBHOOK_PORT=9443       # Admission webhook port

Agent Runtime:

- PORT=8080               # HTTP server port
- LOG_LEVEL=info          # Logging verbosity
- PYTHONUNBUFFERED=1      # Python output buffering
- PROVIDER=openai         # AI provider
- MODEL=gpt-4             # AI model

Volume Mounts

# Kubernetes deployment example
spec:
  containers:
  - name: agent
    image: sudeshmu/kubeagentic:agent-latest
    volumeMounts:
    - name: config
      mountPath: /app/config
    - name: logs
      mountPath: /app/logs

📊 Registry Statistics

Docker Hub Metrics

Repository: hub.docker.com/r/sudeshmu/kubeagentic
Automated Builds: GitHub integration
Multi-Architecture: AMD64 + ARM64 support
Security Scanning: Vulnerability monitoring enabled

Image Layers

# View layer information
docker history sudeshmu/kubeagentic:operator-latest
docker history sudeshmu/kubeagentic:agent-latest

🔒 Security & Compliance

Base Image Security

Red Hat UBI: Enterprise-grade security and compliance
Regular Updates: Automated security patches
Vulnerability Scanning: Continuous security monitoring
Supply Chain Security: Signed and verified base images

Runtime Security

Non-root Execution: All containers run as unprivileged users
Read-only Filesystems: Immutable container filesystems where possible
Dropped Capabilities: Minimal Linux capabilities
Security Contexts: Proper Kubernetes security contexts

🤝 Contributing

Image Improvements

Fork the repository
Modify Dockerfile.operator or Dockerfile.agent
Test locally with docker build
Submit pull request with optimization details

Reporting Issues

Image Problems: GitHub Issues
Security Concerns: Email security@kubeagentic.com
Feature Requests: GitHub Discussions

📚 Additional Resources

📖 Documentation: kubeagentic.com
🐳 Docker Hub: hub.docker.com/r/sudeshmu/kubeagentic
💻 Source Code: github.com/KubeAgentic-Community/KubeAgentic
🧪 Local Testing: kubeagentic.com/local-testing
📝 Examples: kubeagentic.com/examples

Ready to deploy optimized AI agents on Kubernetes? Start with our Quick Start Guide or explore Examples!