Optimize container build time #579

aiven-anton · 2023-04-09T15:23:00Z

About this change - What it does

Use cache mounts for pip and apt, heavily reducing network requests when cache is warm.
Remove git as a build-time dependency, other than switching to archive endpoints as was done in 39b4f08, this also requires either setting KARAPACE_VERSION as container build arg or building karapace/version.py independently.
Add hadolint pre-commit check for linting Dockerfile.
Move to using Python base images for builder and final stage. This allows omitting installation of some build tools. It also allows moving to a more recent Python version, no longer being bound by what's in distro repositories. Wheel availability of some of our Python dependencies prevents us from moving to 3.11 for now.
Change installation approach to construct a virtualenv in the builder step, and copying it unaltered to the final stage, with dependencies and Karapace itself installed in it. This allows having even fewer layers in the final stage, and is simpler.
Introduces a much stricter .dockerignore, ignoring files by default and explicitly including what's required. This makes sure changes in unrelated files does not evict layer cache. For example, a few files that previously erroneously evicted caches, because everything was included:
- .git/*
- .mypy_cache/*
- container/Dockerfile itself
- __pycache__/*
- .idea/*

Image size remains the same as previously (the develop tag is the new version):

$ docker image ls
REPOSITORY                           TAG               IMAGE ID       CREATED          SIZE
ghcr.io/aiven/karapace               develop           30efca01fe54   6 seconds ago    203MB
ghcr.io/aiven/karapace               latest            ef8485cb1181   3 weeks ago      203MB

References #585.

Why this way

Removing git as a build-time dependency is a simplification.
Caching optimizes, makes building images faster.
Hadolint increases quality of Dockerfile, helps with maintainability.
Pinning apt requirements to adhere to a Hadolint rules. This ensures reproducible builds.

cloudflare-workers-and-pages · 2023-05-04T09:17:25Z

Deploying with Cloudflare Pages

Latest commit:	`39ca83a`
Status:	✅ Deploy successful!
Preview URL:	https://e70aa090.karapace.pages.dev
Branch Preview URL:	https://chore-optimize-container-bui.karapace.pages.dev

View logs

- Use cache mounts for pip and apt, heavily reducing network requests when cache is warm. - Remove git as a build-time dependency, other than switching to archive endpoints as was done in 39b4f08, this also requires either setting `KARAPACE_VERSION` as container build arg or building karapace/version.py independently. - Add hadolint pre-commit check for linting Dockerfile. - Move to using Python base images for builder and final stage. This allows omitting installation of some build tools. It also allows moving to a more recent Python version, no longer being bound by what's in distro repositories. Wheel availability of some of our Python dependencies prevents us from moving to 3.11 for now. - Change installation approach to construct a virtualenv in the builder step, and copying it unaltered to the final stage, with dependencies and Karapace itself installed in it. This allows having even fewer layers in the final stage, and is simpler. - Introduces a _much_ stricter .dockerignore, ignoring files by default and explicitly including what's required. This makes sure changes in unrelated files does not evict layer cache. For example, a few files that previously erroneously evicted caches, because everything was included: - .git/* - .mypy_cache/* - container/Dockerfile itself - __pycache__/* - .idea/*

aiven-anton marked this pull request as ready for review April 9, 2023 15:23

aiven-anton requested review from a team as code owners April 9, 2023 15:23

This comment was marked as resolved.

Sign in to view

aiven-anton marked this pull request as draft April 12, 2023 07:58

aiven-anton mentioned this pull request Apr 18, 2023

Proposal: first-class support for developing on Docker #585

Open

7 tasks

aiven-anton force-pushed the chore/optimize-container-build branch from 3e29967 to 493fbd0 Compare May 4, 2023 09:17

aiven-anton force-pushed the chore/optimize-container-build branch from 493fbd0 to 0e0ce92 Compare May 4, 2023 09:20

aiven-anton marked this pull request as ready for review May 4, 2023 09:58

aiven-anton marked this pull request as draft May 4, 2023 16:28

aiven-anton force-pushed the chore/optimize-container-build branch 2 times, most recently from 793e204 to 521bfca Compare May 4, 2023 16:33

aiven-anton mentioned this pull request May 4, 2023

Simplify Dockerfile and narrow context #580

Closed

aiven-anton force-pushed the chore/optimize-container-build branch from 521bfca to 4956b2b Compare May 4, 2023 17:03

aiven-anton force-pushed the chore/optimize-container-build branch from 4956b2b to 39ca83a Compare May 4, 2023 17:22

aiven-anton marked this pull request as ready for review May 4, 2023 17:24

tvainika approved these changes May 10, 2023

View reviewed changes

tvainika merged commit 2083cf0 into main May 10, 2023

tvainika deleted the chore/optimize-container-build branch May 10, 2023 09:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Optimize container build time #579

Optimize container build time #579

aiven-anton commented Apr 9, 2023 •

edited

Loading

This comment was marked as resolved.

This comment was marked as resolved.

cloudflare-workers-and-pages bot commented May 4, 2023 •

edited

Loading

Optimize container build time #579

Optimize container build time #579

Conversation

aiven-anton commented Apr 9, 2023 • edited Loading

About this change - What it does

Why this way

This comment was marked as resolved.

This comment was marked as resolved.

cloudflare-workers-and-pages bot commented May 4, 2023 • edited Loading

Deploying with Cloudflare Pages

aiven-anton commented Apr 9, 2023 •

edited

Loading

cloudflare-workers-and-pages bot commented May 4, 2023 •

edited

Loading