production ready docker packaging for python
play

Production-ready Docker packaging for Python Itamar Turner-Trauring - PowerPoint PPT Presentation

Mar 25, 2024 •49 likes •379 views

Production-ready Docker packaging for Python Itamar Turner-Trauring https://pythonspeed.com / Why Docker packaging is complicated s: Unix s: TCP/IP networking s: Python s: Linux

  1. Production-ready Docker packaging for Python Itamar Turner-Trauring https://pythonspeed.com � / ��

  2. Why Docker packaging is complicated ����s: Unix ����s: TCP/IP networking ����s: Python ����s: Linux cgroups ����s: Docker, modern Python packaging ����s: 😲😲😲 � / ��

  3. The problem: too much to cover � / ��

  4. The problem: too much to cover We only have �� minutes. � / ��

  5. The problem: too much to cover We only have �� minutes. Over �� packaging best practices. � / ��

  6. The problem: too much to cover We only have �� minutes. Over �� packaging best practices. My training class takes �.� days. � / ��

  7. Today: learn a process You have limited time at work, can get interrupted at any moment. Thus: Iterative development. Most important parts first. Each step builds on previous steps. Will give some examples best practices, and link to resources at end of talk with far more details. � / ��

  8. An iterative process �. Get something working. �. Security. �. Running in CI. �. Make images easy to identify and debug. �. Improved operational correctness. �. Reproducible builds. �. Faster builds. �. Smaller images. � / ��

  9. �. Get something working FROM python:3.8-slim-buster COPY . . RUN pip install . ENTRYPOINT ["./run-server.sh"] � / ��

  10. �. Security Before you can deploy anything publicly, it needs to be secure. So we do that next. �� / ��

  11. �. Security: Don't run as root FROM python:3.8-slim-buster RUN useradd --create-home appuser USER appuser WORKDIR /home/appuser COPY . . RUN pip install . ENTRYPOINT ["./run-server.sh"] �� / ��

  12. �. Security: Other best practices Run with reduced capabilities. Make sure to install system package updates. Organizational processes to update dependencies when security fixes come out. And more! �� / ��

  13. �. CI You don't want to manually hand-build each image. You want teammates to be able to build images. So next step: integrate image building to your build/CI system. #!/bin/bash set -euo pipefail py.test docker build -t yourimage:latest . docker push yourimage:latest �� / ��

  14. �. CI: Tag based on branch You want to build image for feature branch 123- more-cowbell automatically. You want production not to be impacted. #!/bin/bash set -euo pipefail GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD) docker build -t "yourimage:$GIT_BRANCH" . docker push "yourimage:$GIT_BRANCH" �� / ��

  15. �. CI: Other best practices Once a week, rebuild without caching ( --pull -- no-cache ) and redeploy. Run security scanners. Warm up the build cache with docker pull to get faster builds. And more! �� / ��

  16. �. Make it debuggable You've started automatically building and (probably) deploying. More likely to see errors. Lots of images all over the place. Next step: make images identifiable and easier to debug. �� / ��

  17. �. Debuggable: Tracebacks on crashes in C code If you have a bug in Python code, you get a traceback. If you have a bug in C code, you get a silent crash... ...unless you enable Python's built-in faulthandler . ENV PYTHONFAULTHANDLER=1 ENTRYPOINT ["python", "yourprogram.py"] �� / ��

  18. �. Debuggable: Other best practices Record build metadata in the image using Docker labels. Write a smoke test for the build. Pre-install useful debugging tools. �� / ��

  19. �. Improve operational correctness Running in production, so you want to prevent operational problems. Correct and fast startup. Fast shutdown. Help the runtime environment correctly detect frozen processes. �� / ��

  20. �. Operational correctness: Pre- compile bytecode Python compiles source code .pyc for faster startup. If your image doesn't have .pyc , startup will be slower. # Compile installed code: RUN python -c "import compileall; \ compileall.compile_path(maxlevels=10)" # Compile code in a directory: RUN python -m compileall yourpackage/ �� / ��

  21. �. Operational correctness: Other best practices Correct signal handling for shutdowns. Handle zombie processes with init . Health checks. And more! �� / ��

  22. �. Reproducible builds Over the course of two weeks, your major dependencies won't change dramatically. Over six months, some of them will. Over two years, most of them will. So next, you want reproducible builds so you can update in a controlled manner. �� / ��

  23. �. Reproducible builds: Choose a good base image You'll want a Linux OS which does security updates while still guaranteeing backwards compatibility, for example Ubuntu LTS, Debian Stable, or CentOS. The o�cial python images are based on Debian Stable, but give access to newer (or older) Python. python:3.8-slim-buster means "Python �.�, on Debian Buster, the smaller version". �� / ��

  24. �. Reproducible builds: More best practices Pin Python package dependencies. Set up an organizational process to update Python dependencies. Optionally, pin system package dependencies. And more! �� / ��

  25. �. Faster builds Your images are now packaged correctly , so now you can focus on optimizations. Starting point: your time is expensive, you don't want to wait for builds. �� / ��

  26. �. Faster builds: Don't use Alpine Linux Alpine Linux is a small base image—but it can't use precompiled wheels from PyPI. As a result, you need to compile everything. Example: install pandas and matplotlib . python:3.8-slim-buster : �� seconds. python:3.8-alpine : ���� seconds, ��× slower! �� / ��

  27. �. Faster builds: More best practices COPY in files only when needed Like COPY , use ARG as late as possible. Install dependencies separately from your code. �� / ��

  28. �. Smaller images Final step is to make smaller images. It's nice to be more e�cient, it can speed up test runs and production startup, but usually not the first thing to do. �� / ��

  29. �. Smaller images: Disable pip 's caching By default pip keeps copies of the downloaded package, in case you reinstall later. This wastes space, and you won't need it. RUN pip install --no-cache-dir -r requirements.txt �� / ��

  30. �. Smaller images: Other best practices Add files to .dockerignore . Avoid extra chown . Minimize system package installation. And more! �� / ��

  31. Recap �. Get something working. �. Security. �. Running in CI. �. Make images easy to identify and debug. �. Improved operational correctness. �. Reproducible builds. �. Faster builds. �. Smaller images. �� / ��

  32. Thank you! Many of these best practices are covered in detail on a free guide on my website. Get the slides, and links to the free guide and other Python on Docker resources: https://pythonspeed.com/europython����/ Email: itamar@pythonspeed.com Twitter: @itamarst �� / ��

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A talker on Docker: How containers can make your work more reproducible, accessible, and ready

A talker on Docker: How containers can make your work more reproducible, accessible, and ready

A talker on Docker: How containers can make your work more reproducible, accessible, and ready for production. Finbarr Timbers, Analyst, Darkhorse Analytics 1 Three stories. 2 One: Moving a nonlinear regression from Excel to Python. 3 One:

844 views • 63 slides
Docker meets Python A look on the Docker SDK for Python pip install docker Jan Wagner

Docker meets Python A look on the Docker SDK for Python pip install docker Jan Wagner

Docker meets Python A look on the Docker SDK for Python pip install docker Jan Wagner Data Science Consultant accantec group | Alstertor 17 | 20095 Hamburg | Tel.: +49 (40) 67 59 59 0 | Fax.: +49 (40) 67 59 59 29 | www.accantec.de |

664 views • 29 slides
Python, Docker, Kubernetes, Python, Docker, Kubernetes, and beyond? and beyond? Peter Bbics

Python, Docker, Kubernetes, Python, Docker, Kubernetes, and beyond? and beyond? Peter Bbics

Python, Docker, Kubernetes, Python, Docker, Kubernetes, and beyond? and beyond? Peter Bbics Peter Bbics | EuroPython 2018 EuroPython 2018 July 25, 2018 July 25, 2018 Based in Prague Small team of developers Developing a trading

361 views • 20 slides
Docker@OVH with Mesos/Marathon June 28th 2016 @devatoria @brouberol Devops / Python charmer

Docker@OVH with Mesos/Marathon June 28th 2016 @devatoria @brouberol Devops / Python charmer

Docker@OVH with Mesos/Marathon June 28th 2016 @devatoria @brouberol Devops / Python charmer Devops / Golang artist The Docker ecosystem Docker Engine : run containerized processes (aka: containers) Docker Compose : run multi-container

381 views • 13 slides
Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1 About Docker at OVH 2014-2015: Home-made container orchestrator, Sailabove, based on LXC 2016: Switch to Docker & Mesos/Marathon 6

487 views • 19 slides
There Should be One Obvious Way to Bring Python into Production Sebastian Neubauer

There Should be One Obvious Way to Bring Python into Production Sebastian Neubauer

There Should be One Obvious Way to Bring Python into Production Sebastian Neubauer sebastian.neubauer@blue-yonder.com @sebineubauer 1 Agenda What are we talking about and why? Delivery pipeline Dependencies Packaging What

517 views • 51 slides
Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y install docker s ystemctl start docker systemctl enable docker docker images - Launch pre-canned container: hello-world (busybox is another good

480 views • 4 slides
docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer /

docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer /

docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker run nginx 2013-14 docker run -p 3375:2375 swarm ; 2014-15

688 views • 34 slides
Python Packaging Jakub Wasielak http://koderek.edu.pl/ http://blog.pykonik.org/

Python Packaging Jakub Wasielak http://koderek.edu.pl/ http://blog.pykonik.org/

Python Packaging Jakub Wasielak http://koderek.edu.pl/ http://blog.pykonik.org/ facebook.com/startechkrk https://pl.pycon.org/2017/ What? Why? Architecture https:/ /packaging.python.org/current/ Installation Tool Recommendations pip

568 views • 46 slides
GET AHEAD OF YOUR PACKAGING SUPPLY CHAIN. MORE THAN READY 1-800-628-9195 | PACKBGR.COM #1

GET AHEAD OF YOUR PACKAGING SUPPLY CHAIN. MORE THAN READY 1-800-628-9195 | PACKBGR.COM #1

GET AHEAD OF YOUR PACKAGING SUPPLY CHAIN. MORE THAN READY 1-800-628-9195 | PACKBGR.COM #1 YOURE WORKING WITH BGR is the #1 Packaging and Shipping Supply company, headquartered in Ohio and the surrounding 4 states. PROACTIVE PARTNER

583 views • 12 slides
RPM Packaging How software delivery works and why RPM packaging is more current than ever Fabio

RPM Packaging How software delivery works and why RPM packaging is more current than ever Fabio

RPM Packaging How software delivery works and why RPM packaging is more current than ever Fabio Alessandro Locati 26 October 2016 Outline Intro Deployments RPM Processes RPM and Docker 1 Intro About me RPM user since 2001 IT

1.06k views • 88 slides
Build Production Ready Container Platform Based on Magnum and Kubernetes Bo Wang

Build Production Ready Container Platform Based on Magnum and Kubernetes Bo Wang

Build Production Ready Container Platform Based on Magnum and Kubernetes Bo Wang bo.wang@easystack.cn HouMing Wang houming.wang@easystack.cn Magnum weakness Features for production ready container platform Private docker

525 views • 23 slides
DOCKER AND PYTHON Making them play nicely and securely for Data Science and Machine Learning

DOCKER AND PYTHON Making them play nicely and securely for Data Science and Machine Learning

DOCKER AND PYTHON Making them play nicely and securely for Data Science and Machine Learning TANIA ALLARD, PHD ixek | https:/ /bit.ly/europython-ml-docker Sr. Developer Advocate @Microsoft. @ixek @trallard trallard.dev THESE SLIDES

564 views • 41 slides
An introduction to cgroups and cgroupspy tags = [python, docker, coreos',

An introduction to cgroups and cgroupspy tags = [python, docker, coreos',

An introduction to cgroups and cgroupspy tags = [python, docker, coreos', systemd'] @vpetersson About me Entrepreneur Geek VP Biz Dev @ CloudSigma Contact info Email: viktor@cloudsigma.com WWW:

513 views • 48 slides
W HO ? Pradyun Gedam @pradyunsg pradyunsg.me Member of Python Packaging Authority

W HO ? Pradyun Gedam @pradyunsg pradyunsg.me Member of Python Packaging Authority

P YTHON P ACKAGING Where we are Where were headed gg.gg/pycon-in-2019 @pradyunsg W HO ? Pradyun Gedam @pradyunsg pradyunsg.me Member of Python Packaging Authority Maintainer of pip, virtualenv, packaging and more PSF

781 views • 57 slides
Bioinformatics CS300 Crash course: Transcription and Translation Running Python in Docker or

Bioinformatics CS300 Crash course: Transcription and Translation Running Python in Docker or

Bioinformatics CS300 Crash course: Transcription and Translation Running Python in Docker or Online Fall 2019 Oliver BONHAM-CARTER Gene Expression Transcriptjon and Translatjon Transcriptjon copy a set of ingredients/instructions from a

854 views • 38 slides
Does Home Production Drive Structural Transformation? Alessio Moro, Solmaz Moslehi, Satoshi

Does Home Production Drive Structural Transformation? Alessio Moro, Solmaz Moslehi, Satoshi

Does Home Production Drive Structural Transformation? Alessio Moro, Solmaz Moslehi, Satoshi Tanaka U of Cagliari, Monash, U of Queensland Macro Workshop @ U of Tokyo, September 2015 Alessio Moro, Solmaz Moslehi, Satoshi Tanaka Does Home

764 views • 65 slides
What America Is Thinking On Energy Issues Production & Infrastructure: Missouri August

What America Is Thinking On Energy Issues Production & Infrastructure: Missouri August

What America Is Thinking On Energy Issues Production & Infrastructure: Missouri August 2014 Nielsen 1220 L Street, NW Washington, DC 20005 - 4070 www.api.org Methodology Audience: 614 Registered Voters Methodology:

350 views • 18 slides
How to Describe Towards a General Case From Measurements . . . Measurement Uncertainty Main

How to Describe Towards a General Case From Measurements . . . Measurement Uncertainty Main

How Can We Describe . . . Case of Absolute . . . Case of Relative . . . How to Describe Towards a General Case From Measurements . . . Measurement Uncertainty Main Result about f What If There Is No Bias? and Uncertainty of No-Bias Results

325 views • 21 slides
Statistics in a social context Opening remarks Maximilian Kasy May 10, 2019 Introduction

Statistics in a social context Opening remarks Maximilian Kasy May 10, 2019 Introduction

Statistics in a social context Opening remarks Maximilian Kasy May 10, 2019 Introduction Current debates across the social and life sciences: Publication bias and p-hacking, replicability and replications, pre-analysis plans and

272 views • 14 slides
Building a Caring and Inclusive Home For All with Red Cross Junior Hi! Im Henry the Helpful!

Building a Caring and Inclusive Home For All with Red Cross Junior Hi! Im Henry the Helpful!

Building a Caring and Inclusive Home For All with Red Cross Junior Hi! Im Henry the Helpful! Im Carrie the Caring! Hi! Im Bravo the Brave! We are the Red Cross Juniors! Come join us in Start Small Dream Big 2020! Our Start Small

128 views • 12 slides
Theoretical foundations Ingredients of choice theory Michel Bierlaire Introduction to choice

Theoretical foundations Ingredients of choice theory Michel Bierlaire Introduction to choice

Theoretical foundations Ingredients of choice theory Michel Bierlaire Introduction to choice models Ingredients of choice theory Choice theory Theory of behavior that is descriptive: how people behave and not how they should abstract:

485 views • 14 slides
Gains from Openness with Heterogenous Firms Phemelo Tamasiga 1 1 Bielefeld Graduate School of

Gains from Openness with Heterogenous Firms Phemelo Tamasiga 1 1 Bielefeld Graduate School of

Gains from Openness Gains from Openness with Heterogenous Firms Phemelo Tamasiga 1 1 Bielefeld Graduate School of Economics and Management, Germany June 1, 2016 Gains from Openness Overview Introduction Motivation Research Question

1.06k views • 28 slides
Almost homogeneous toric varieties Ivan Arzhantsev Moscow State University based on a joint work

Almost homogeneous toric varieties Ivan Arzhantsev Moscow State University based on a joint work

Almost homogeneous toric varieties Ivan Arzhantsev Moscow State University based on a joint work with J urgen Hausen "On embeddings of homogeneous spaces with small boundary" 1 1. Automorphisms of toric varieties M.Demazure (1970)

371 views • 14 slides

More recommend