Hacker News new | ask | show | jobs
A perfect way to Dockerize your Python application (sourcery.ai)
3 points by brendanator 2341 days ago
2 comments
itamarst 2340 days ago
1. It's not perfect if it's insecure. You really don't want to run your Docker images as root: https://pythonspeed.com/articles/root-capabilities-docker-se...

2. It's not perfect to include gcc; it's certainly OK, but it's possible to do better with multi-stage builds, as someone else commented.

3. You probably want PYTHONFAULTHANDLER=1 so segfaults gets tracebacks.

Etc..

Going from "it works" to "it's production-ready" is quite a bit of effort!

link
brendanator 2339 days ago
Thank you for all these suggestions, I've updated the article.

Your website is an excellent source of knowledge!

link
dastx 2341 days ago
If you think having something like pipenv or gcc in your image is a "perfect way" of doing things, you're sorely mistaken.

Neither of those are needed. Use multi stage docker files to avoid such unnecessary and potentially dangerous dependencies.

In addition, why do you need to disable byte code writing? You're unnecessarily disabling optimizations done by python.

link
brendanator 2339 days ago
Multi stage builds do indeed seem much better, thanks

Regarding writing bytecode - this slows down the first load of a file, in exchange for speeding up subsequent loads of a file. It has no effect on runtime speed. Given that python code is only loaded once when a Docker image is run, it is better to disable this.

link