Skip to content

ITEP-81653: Reduce cluster analytics runtime image size #592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saratpoluri merged 9 commits into from
Nov 18, 2025
Merged

ITEP-81653: Reduce cluster analytics runtime image size #592

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8f1f856
Install minimal opencv runtime deps
daddo-intel Nov 18, 2025
07a6a05
Use python:3.12-slim for cluster analytics runtime image
daddo-intel Nov 18, 2025
e379b8c
Add scenescape user ownership
daddo-intel Nov 18, 2025
4646765
Add extra space
daddo-intel Nov 18, 2025
7a08a76
Merge branch 'release-2025.2' into fix/ITEP-81653-reduce-cluster-serv…
daddo-intel Nov 18, 2025
5cc2144
FFMpeg is not needed by Mapping when using only images
saratpoluri Nov 18, 2025
ec035c0
Prevent cluster analytics service crash
saratpoluri Nov 18, 2025
b15bbee
Merge branch 'release-2025.2' into fix/ITEP-81653-reduce-cluster-serv…
saratpoluri Nov 18, 2025
9508156
Merge branch 'release-2025.2' into fix/ITEP-81653-reduce-cluster-serv…
saratpoluri Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 35 additions & 31 deletions cluster_analytics/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@
&& rm -rf scene_common \
&& rm -f /tmp/requirements-build.txt

COPY ./tools/waitforbroker /tmp/tools/waitforbroker

# -------------- Cluster Analytics Runtime Stage --------------
FROM scenescape-common-base-24-04 AS scenescape-cluster-analytics-runtime
FROM python:3.12-slim AS scenescape-cluster-analytics-runtime

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: containerImage not pinned by hash
Remediation tip: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:a75662dfec8d90bd7161c91050be2e0a9b21d284f3b7a7253d5db25f7d583fb3
Click Remediation section below for further remediation help

# Label image with description and metadata
LABEL org.opencontainers.image.description="Intel® SceneScape's Scene Cluster Analytics Service"
Expand All @@ -53,51 +55,53 @@
ARG USER_ID=1001
ARG GROUP_ID=1001
ARG CERTDOMAIN=scenescape.intel.com
ARG PYTHON_VERSION=3.12

ENV PYTHON_VERSION=${PYTHON_VERSION}
ENV WSUSER=scenescape
ENV SCENESCAPE_HOME=/home/$WSUSER/SceneScape
ENV BUILD_ENV_DIR=/tmp/venv
ENV BUILD_ENV_DIR=/opt/venv

ENV DEBIAN_FRONTEND=noninteractive
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

RUN : \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
# Install only minimal runtime system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
libgl1 \
libopencv-contrib406t64 \
libpython3.12 \
netbase \
&& rm -rf /usr/lib/x86_64-linux-gnu/libLLVM-15.so.1 \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
libglib2.0-0 \
&& rm -rf /var/lib/apt/lists/*

RUN : \
# delete ubuntu user if exists
&& userdel -f -r ubuntu || true \
# create scenescape user
&& groupadd -g ${GROUP_ID} $WSUSER \
# Create a venv (already optimized in slim images)
RUN python3 -m venv $BUILD_ENV_DIR
ENV PATH="$BUILD_ENV_DIR/bin:$PATH"

# Install core Python dependencies
RUN pip install --no-cache-dir --upgrade pip numpy opencv-python-headless==4.6.0.66

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

# Copy compiled scene_common + fast_geometry from builder
COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/python3.12/dist-packages/scene_common \
$BUILD_ENV_DIR/lib/python3.12/site-packages/scene_common

COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/python3.12/dist-packages/fast_geometry \
$BUILD_ENV_DIR/lib/python3.12/site-packages/fast_geometry
Comment on lines +75 to +83
Copy link

Copilot AI Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Python version 3.12 is hardcoded in the path. Since the base image is python:3.12-slim, consider using a variable or dynamic path to make future Python version updates easier.

Suggested change
# Install core Python dependencies
RUN pip install --no-cache-dir --upgrade pip numpy opencv-python-headless==4.6.0.66
# Copy compiled scene_common + fast_geometry from builder
COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/python3.12/dist-packages/scene_common \
$BUILD_ENV_DIR/lib/python3.12/site-packages/scene_common
COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/python3.12/dist-packages/fast_geometry \
$BUILD_ENV_DIR/lib/python3.12/site-packages/fast_geometry
# Dynamically determine Python version (major.minor)
ENV PYTHON_VERSION=$(python3 -c "import sys; print(f'{sys.version_info.major}.{sys.version_info.minor}')")
# Install core Python dependencies
RUN pip install --no-cache-dir --upgrade pip numpy opencv-python-headless==4.6.0.66
# Copy compiled scene_common + fast_geometry from builder
COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/${PYTHON_VERSION}/dist-packages/scene_common \
$BUILD_ENV_DIR/lib/${PYTHON_VERSION}/site-packages/scene_common
COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/${PYTHON_VERSION}/dist-packages/fast_geometry \
$BUILD_ENV_DIR/lib/${PYTHON_VERSION}/site-packages/fast_geometry

Copilot uses AI. Check for mistakes.
Comment on lines +82 to +83
Copy link

Copilot AI Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Python version 3.12 is hardcoded in the path. Since the base image is python:3.12-slim, consider using a variable or dynamic path to make future Python version updates easier.

Copilot uses AI. Check for mistakes.

# Add non-root user
RUN groupadd -g ${GROUP_ID} $WSUSER \
&& useradd -r -m -u ${USER_ID} -g ${GROUP_ID} -s /bin/bash $WSUSER \
&& usermod -a -G video,users $WSUSER \
&& eval WSHOME=~$WSUSER \
&& chmod a+rX "${WSHOME}"
&& usermod -a -G video,users $WSUSER

# Install only required runtime dependencies
COPY cluster_analytics/requirements-runtime.txt /tmp
RUN : \
&& pip3 install --break-system-packages --upgrade --no-cache-dir --ignore-installed -r /tmp/requirements-runtime.txt \
# Install app runtime Python deps
COPY cluster_analytics/requirements-runtime.txt /tmp/
RUN pip install --no-cache-dir -r /tmp/requirements-runtime.txt \
&& rm -rf /tmp/requirements-runtime.txt

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

# Install WebUI dependencies with hash verification
COPY cluster_analytics/tools/webui/requirements-webui.txt /tmp
RUN : \
&& pip3 install --break-system-packages --no-cache-dir -r /tmp/requirements-webui.txt \
# Install WebUI dependencies
COPY cluster_analytics/tools/webui/requirements-webui.txt /tmp/
RUN pip install --no-cache-dir -r /tmp/requirements-webui.txt \
&& rm -rf /tmp/requirements-webui.txt

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/python${PYTHON_VERSION}/dist-packages/fast_geometry /usr/local/lib/python${PYTHON_VERSION}/dist-packages/fast_geometry
COPY --chown=$WSUSER:$WSUSER --from=scenescape-common-base-24-04 /usr/local/lib/python${PYTHON_VERSION}/dist-packages/scene_common /usr/local/lib/python${PYTHON_VERSION}/dist-packages/scene_common
# Copy tools
COPY --chown=$USER_ID:$GROUP_ID --from=scenescape-common-base-24-04 /tmp/tools/waitforbroker $SCENESCAPE_HOME/tools/waitforbroker

USER $USER_ID:$GROUP_ID
HEALTHCHECK CMD true
Copy link

Copilot AI Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The healthcheck always returns success (true), making it ineffective. Replace with an actual health check that verifies the service is functioning correctly, such as checking if the application responds to requests or a specific health endpoint.

Suggested change
HEALTHCHECK CMD true
HEALTHCHECK CMD curl --fail --silent http://localhost:8000/health || exit 1

Copilot uses AI. Check for mistakes.

# Copy source code
COPY ./cluster_analytics/src /app
Expand Down
3 changes: 1 addition & 2 deletions cluster_analytics/src/cluster_analytics_tracker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -709,8 +709,7 @@ def _createTrackedCluster(self, scene_id: str, detection: Dict,
velocity_analysis=detection['velocity_analysis'],
object_ids=detection['object_ids'],
dbscan_params=detection['dbscan_params'],
detection_timestamp=timestamp,
config=self.config
detection_timestamp=timestamp
)

def getActiveClusters(self, scene_id: Optional[str] = None,
Expand Down
1 change: 0 additions & 1 deletion mapping/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
python3 \
python3-pip \
python-is-python3 \
ffmpeg \
git \
libsm6 \
libxext6 \
Expand Down
Loading