Home > Back-end >  docker image multistage build: How to create a docker image copying only python packages
docker image multistage build: How to create a docker image copying only python packages

Time:02-06

I am trying to create a python based image with some packages installed. But i want the image layer not to show anything about the packages I installed.

I am trying to use the multistage build

eg:

FROM python:3.9-slim-buster as builder
RUN pip install django # (I dont want this command to be seen when checking the docker image layers, So thats why using multistage build)

FROM python:3.9-slim-buster
# Here i want to copy all the site packages
COPY --from=builder /usr/local/lib/python3.9/site-packages /usr/local/lib/python3.9/site-packages

Now build image

docker build -t python_3.9-slim-buster_custom:latest .

and later check the image layers

dive python_3.9-slim-buster_custom:latest

this will not show the RUN pip install django line

Will this be a good way to achieve what i want (hide all the pip install commands)

CodePudding user response:

It depends on what you are installing, if this will be sufficient or not. Some python libraries add binaries to your system on which they rely.

FROM python:3.9-alpine as builder
# install stuff


FROM python:3.9-alpine

# this is for sure required
COPY --from=builder /usr/local/lib/python3.9/site-packages /usr/local/lib/python3.9/site-packages

# this depends on what you are installing
COPY --from=builder /usr/local/bin /usr/local/bin

CodePudding user response:

The usual approach I see for this is to use a virtual environment in an earlier build stage, then copy the entire virtual environment into the final image. Remember that virtual environments are very specific to a single Python build and installation path.

If your application has its own setup.cfg or setup.py file, then a minimal version of this could look like:

FROM python:3.9-slim-buster as builder

# If you need build-only tools, like build-essential for Python C
# extensions, install them first
# RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install ...

WORKDIR /src

# Create and "activate" the virtual environment
RUN python3 -m venv /app
ENV PATH=/app/bin:$PATH

# Install the application as normal
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
RUN pip install .

FROM python:3.9-slim-buster as builder

# If you need runtime libraries, like a database client C library,
# install them first
# RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install ...

# Copy the entire virtual environment over
COPY --from=builder /app /app
ENV PATH=/app/bin:$PATH

# Run an entry_points script from the setup.cfg as the main command
CMD ["my_app"]

Note that this has only minimal protection against a curious user seeing what's in the image. The docker history or docker inspect output will show the /app container directory, you can docker run --rm the-image pip list to see the package dependencies, and the application and library source will be present in a human-readable form.

Page link:https//www.codepudding.com/Backend/290269.html

Prev:Which port of localhost can I select in order to create a docker container?
Next:Docker multistage build doesn't pass arguments to second stage
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding