Rewriting our Dockerfile this way makes use of Docker’s layer caching and skips installing Python requirements if the requirements.txt file does not change.
#PYTHON MINIFY INSTALL#
Layer caching FROM python:3.7-alpine COPY requirements.txt / RUN pip install -r /requirements.txt COPY src/ /app WORKDIR /app CMD Let’s rewrite the Dockerfile to take advantage of layer caching. This is not good - it takes too much time to do iterative development.
#PYTHON MINIFY CODE#
Every time we make a change to our source code and rebuild the container, the dependencies will be re-downloaded and re-installed. Those with keen eyes and Docker experience will see an issue with the Dockerfile above. This means that some Python wheels won’t work without forcing a recompilation. It is important to note that by default Alpine uses musl instead of glibc by default. That means that our app is responsible for the additional 40.3MB. Of this, the base image is 98.7MB (at time of writing).
app WORKDIR /app RUN pip install -r requirements.txt CMD īuilding this container results in an image size of 139MB. You also get a minimal POSIX environment with which to build your application. At time of writing, the latest Alpine image (v3.10) weighs in at 5.58MB, very respectable. I have found that a pragmatic balance is using a base image such as Alpine. That very quickly becomes tedious and distracts from getting code in front of customers as fast as possible (one of our mantras). You could build all containers from scratch, but that means you have to deal with low-level OS primitives like shell, cat, find, etc. Minimalism is important but too small can be harmful as well. If you’re like me, then you’re scratching your head wondering “ this is just a simple Python web app, why is it that big?” Let’s find a way to reduce that. This container image weighs in at 958MB!! app WORKDIR /app RUN pip install -r requirements.txt CMD If you search Google you will find examples of Dockerfiles that look like: FROM python:3.7 COPY. I was recently working on a Python webserver. Having layers of security minimises the damage one attack can cause. If you have tools like gcc inside a container that is deployed to production, then an attacker with shell access can easily build tools to access other internal systems. Any more is a waste and a potential security issue.
Keeping the size down generally means it is faster to build and deploy your container.Įach container should contain the application code, language-specific dependencies, OS dependencies and that’s it. The fewer bytes you have to shunt over the network or store on disk, the better. This post was last updated September 19th, 2019.Ī best practice when creating Docker containers is keeping the image size to a minimum.