Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: reduce python surface and image size #1348

Merged
merged 7 commits into from
Sep 8, 2023
Merged

feat: reduce python surface and image size #1348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
77de20f
Working with python:slim-bullseye
DerekRoberts Sep 8, 2023
1d02cdb
Pare down
DerekRoberts Sep 8, 2023
59b82f3
Multistage build
DerekRoberts Sep 8, 2023
d464572
delete backend-python/start-openshit.sh
DerekRoberts Sep 8, 2023
cd0e7cd
Cleanup
DerekRoberts Sep 8, 2023
c2da058
Cleanup
DerekRoberts Sep 8, 2023
d72ca97
Cleanup
DerekRoberts Sep 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 27 additions & 43 deletions backend-python/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,51 +1,35 @@
FROM python:bullseye
FROM python:bullseye AS build

# python
ENV PYTHONUNBUFFERED=1 \
# prevents python creating .pyc files
PYTHONDONTWRITEBYTECODE=1 \
\
# pip
PIP_NO_CACHE_DIR=off \
# Disable cache dir, disable upgrade message, create .venv in project dir
ARG PIP_NO_CACHE_DIR=off \
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
\
# poetry
# https://python-poetry.org/docs/configuration/#using-environment-variables
POETRY_VERSION=1.2.2 \
# make poetry install to this location
POETRY_HOME="/opt/poetry" \
# make poetry create the virtual environment in the project's root
# it gets named `.venv`
POETRY_VIRTUALENVS_IN_PROJECT=true \
# do not ask any interactive question
POETRY_NO_INTERACTION=1 \
\
# paths
# this is where our requirements + virtual environment will live
PYSETUP_PATH="/application" \
VENV_PATH="/application/.venv"
POETRY_VIRTUALENVS_IN_PROJECT=1

# Install poetry, then dependencies
WORKDIR /app
COPY pyproject.toml poetry.lock ./
RUN pip install poetry==1.2.2 && \
poetry install --no-root -vvv --without dev --sync

# prepend poetry and venv to path
ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
# Deploy
FROM python:slim-bullseye AS deploy

# Install external packages
RUN apt update && curl -sSL https://install.python-poetry.org | python3 -
# Output to stdout/stderr, don't create .pyc files, etc.
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PATH="/app/.venv/bin:$PATH" \
PORT=3000

# Install python dependencies
WORKDIR /application
COPY poetry.lock pyproject.toml /application/
RUN poetry install --no-root -vvv --without dev --sync
# Packages
RUN apt update && \
apt install -y --no-install-recommends curl libpq-dev

# Copy python code
COPY . /application/app
COPY start-openshift.sh /application
RUN chmod +x start-openshift.sh
# Port and health check
EXPOSE 3000
HEALTHCHECK --interval=300s --timeout=10s CMD curl -f http://localhost/:3000
# Dependencies, config and app
COPY --from=build /app/.venv /app/.venv
COPY logger.conf ./
COPY ./src ./src

# Non-privileged user
USER app
CMD ["./start-openshift.sh"]
# Start with non-privileged user
HEALTHCHECK --interval=300s --timeout=10s CMD curl -f http://localhost:${PORT}
USER 1001
CMD uvicorn src.main:app --host 0.0.0.0 --port ${PORT} --workers 1 --server-header --date-header --limit-concurrency 1000 --log-config ./logger.conf
Loading