-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: reduce python surface and image size (#1348)
- Loading branch information
1 parent
f2938bd
commit 3c07ec9
Showing
3 changed files
with
417 additions
and
378 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,51 +1,35 @@ | ||
| FROM python:bullseye | ||
| FROM python:bullseye AS build | ||
|
|
||
| # python | ||
| ENV PYTHONUNBUFFERED=1 \ | ||
| # prevents python creating .pyc files | ||
| PYTHONDONTWRITEBYTECODE=1 \ | ||
| \ | ||
| # pip | ||
| PIP_NO_CACHE_DIR=off \ | ||
| # Disable cache dir, disable upgrade message, create .venv in project dir | ||
| ARG PIP_NO_CACHE_DIR=off \ | ||
| PIP_DISABLE_PIP_VERSION_CHECK=on \ | ||
| PIP_DEFAULT_TIMEOUT=100 \ | ||
| \ | ||
| # poetry | ||
| # https://python-poetry.org/docs/configuration/#using-environment-variables | ||
| POETRY_VERSION=1.2.2 \ | ||
| # make poetry install to this location | ||
| POETRY_HOME="/opt/poetry" \ | ||
| # make poetry create the virtual environment in the project's root | ||
| # it gets named `.venv` | ||
| POETRY_VIRTUALENVS_IN_PROJECT=true \ | ||
| # do not ask any interactive question | ||
| POETRY_NO_INTERACTION=1 \ | ||
| \ | ||
| # paths | ||
| # this is where our requirements + virtual environment will live | ||
| PYSETUP_PATH="/application" \ | ||
| VENV_PATH="/application/.venv" | ||
| POETRY_VIRTUALENVS_IN_PROJECT=1 | ||
|
|
||
| # Install poetry, then dependencies | ||
| WORKDIR /app | ||
| COPY pyproject.toml poetry.lock ./ | ||
| RUN pip install poetry==1.2.2 && \ | ||
| poetry install --no-root -vvv --without dev --sync | ||
|
|
||
| # prepend poetry and venv to path | ||
| ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH" | ||
| # Deploy | ||
| FROM python:slim-bullseye AS deploy | ||
|
|
||
| # Install external packages | ||
| RUN apt update && curl -sSL https://install.python-poetry.org | python3 - | ||
| # Output to stdout/stderr, don't create .pyc files, etc. | ||
| ENV PYTHONUNBUFFERED=1 \ | ||
| PYTHONDONTWRITEBYTECODE=1 \ | ||
| PATH="/app/.venv/bin:$PATH" \ | ||
| PORT=3000 | ||
|
|
||
| # Install python dependencies | ||
| WORKDIR /application | ||
| COPY poetry.lock pyproject.toml /application/ | ||
| RUN poetry install --no-root -vvv --without dev --sync | ||
| # Packages | ||
| RUN apt update && \ | ||
| apt install -y --no-install-recommends curl libpq-dev | ||
|
|
||
| # Copy python code | ||
| COPY . /application/app | ||
| COPY start-openshift.sh /application | ||
| RUN chmod +x start-openshift.sh | ||
| # Port and health check | ||
| EXPOSE 3000 | ||
| HEALTHCHECK --interval=300s --timeout=10s CMD curl -f http://localhost/:3000 | ||
| # Dependencies, config and app | ||
| COPY --from=build /app/.venv /app/.venv | ||
| COPY logger.conf ./ | ||
| COPY ./src ./src | ||
|
|
||
| # Non-privileged user | ||
| USER app | ||
| CMD ["./start-openshift.sh"] | ||
| # Start with non-privileged user | ||
| HEALTHCHECK --interval=300s --timeout=10s CMD curl -f http://localhost:${PORT} | ||
| USER 1001 | ||
| CMD uvicorn src.main:app --host 0.0.0.0 --port ${PORT} --workers 1 --server-header --date-header --limit-concurrency 1000 --log-config ./logger.conf |
Oops, something went wrong.