Re: [PR] Use distroless to build the python container [beam]

Thu, 02 Nov 2023 10:41:12 -0700 


tvalentyn commented on code in PR #29001:
URL: https://github.com/apache/beam/pull/29001#discussion_r1380544285


##########
sdks/python/container/Dockerfile:
##########
@@ -82,6 +78,32 @@ RUN  \
     # Remove pip cache.
     rm -rf /root/.cache/pip
 
+FROM gcr.io/distroless/cc-debian12 as beam
+LABEL Author "Apache Beam <d...@beam.apache.org>"
+ARG TARGETOS
+ARG TARGETARCH
+
+# copy commands & libs to distroless
+COPY --from=python-base /bin /bin
+COPY --from=python-base /lib lib
+COPY --from=python-base /usr/bin/which /usr/bin/which
+COPY --from=python-base /etc/ld.so.cache /etc/ld.so.cache
+COPY --from=python-base /usr/bin/which /usr/bin/which

Review Comment:
   nit: repeating line



##########
sdks/python/container/Dockerfile:
##########
@@ -44,8 +41,7 @@ RUN  \
        libgeos-dev \
        && \
     rm -rf /var/lib/apt/lists/* && \
-
-    pip install --upgrade pip setuptools wheel && \
+    pip install --upgrade setuptools && \

Review Comment:
   nit: wheel removed accidentally?



##########
sdks/python/container/Dockerfile:
##########
@@ -82,6 +78,32 @@ RUN  \
     # Remove pip cache.
     rm -rf /root/.cache/pip
 
+FROM gcr.io/distroless/cc-debian12 as beam
+LABEL Author "Apache Beam <d...@beam.apache.org>"
+ARG TARGETOS
+ARG TARGETARCH
+
+# copy commands & libs to distroless
+COPY --from=python-base /bin /bin

Review Comment:
   for my information:
   
   1. how did we choose what content to copy from base?
   2. do distroless images have a package manager (`apt`) ?  Will users be able 
to install additional software into these images if they want? 
   
   



##########
sdks/python/container/Dockerfile:
##########
@@ -82,6 +78,32 @@ RUN  \
     # Remove pip cache.
     rm -rf /root/.cache/pip
 
+FROM gcr.io/distroless/cc-debian12 as beam
+LABEL Author "Apache Beam <d...@beam.apache.org>"
+ARG TARGETOS
+ARG TARGETARCH
+
+# copy commands & libs to distroless
+COPY --from=python-base /bin /bin
+COPY --from=python-base /lib lib
+COPY --from=python-base /usr/bin/which /usr/bin/which
+COPY --from=python-base /etc/ld.so.cache /etc/ld.so.cache
+COPY --from=python-base /usr/bin/which /usr/bin/which
+
+# copy packages to distroless
+COPY --from=python-base /usr/local/lib /usr/local/lib
+COPY --from=python-base /usr/local/gcloud /usr/local/gcloud
+COPY --from=python-base /usr/local/bin /usr/local/bin
+
+ENV PATH="/usr/local/bin:/usr/local/gcloud/google-cloud-sdk/bin:$PATH"
+
+COPY target/base_image_requirements.txt /tmp/base_image_requirements.txt

Review Comment:
   Line 100-101 shouldn't be necessary, this was necessary around line 72, in a 
different image.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@beam.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to