Container images for AI workload are typically very large. We have seen open data hub images of size greater than 10GB. Also for images having AI model embedded, the size of the container image can be very large.

As per the CoCo security model for peer-pods approach the container images are downloaded inside the confidential environment provided by the pod VM. However, downloading such large images, sometimes lead to significantly long pod startup times resulting in failed deployments.

One of the option is to embed such large container images inside the pod VM image so that the pod startup time can be improved. This also adds another benefit. When upstream eventually adds support for integrity protected pod vm images, it will automatically apply to the embedded container images.