An important thing to do with process based containers or any container is to keep them slim and ensure that only what is necessary is packaged into the image.
For that reason I went with the python:3.8-alpine base image. After all was said and done the size of the resulting image was 208MB.
No GCC in that Base Image
Although I needed another python package and this package needed gcc, as shown by this error message in the build process:
running build_ext
building 'Cryptodome.Hash._MD2' extension
creating build/temp.linux-x86_64-3.8
creating build/temp.linux-x86_64-3.8/src
gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -DTHREAD_STACK_SIZE=0x100000 -fPIC -DPYCRYPTO_LITTLE_ENDIAN -DSYS_BITS=64 -DLTC_NO_ASM -Isrc/ -I/usr/local/include/python3.8 -c src/MD2.c -o build/temp.linux-x86_64-3.8/src/MD2.o
unable to execute 'gcc': No such file or directory
error: command 'gcc' failed with exit status 1
The Wasteful Solution
There is an easy way to fix this problem…use a base image that has gcc prepackaged. I used python:3.8 and it just worked.
However that came at a price, the image was now 1.12GB in size.
So I looked around and it seemed ok to just install gcc with apk.
The Ideal Solution
I reverted back to using python:3.8-alpine and installed gcc and my dependencies in one line:
RUN apk add --no-cache --virtual .build-deps gcc musl-dev \
&& pip install --no-cache-dir -r /code/requirements.txt \
&& apk del .build-deps
Now the image built correctly and the size was 301MB
The ideal solution might not even be this though, as there is the suggestion of multi-stage builds. A Docker image just to build the project and a seperate image just to run.
Batteries Included
I think it comes down to batteries included or not.
I’m also not a fan of having too many commands in your dockerfile. It feels like we are dong the job of a system administrator and each line adds risk for errors, bugs and potential security holes.
But use you descretion – horses for courses.