Building Container Images¶
Python projects that declare their distro dependencies using bindep
can be built into container images without any additional duplicate
configuration. The pbrx command build-images
does this as minimally
and efficiently as possible. The aim is to produce single-process application
images that container only those things needed at runtime.
When pbrx build-images
is run in a project source directory, the result
will be a base image, named ‘{project}-base’, and then an image for each
entry in entry_points.console_scripts
with CMD
set to that console
script. For instance, in a python project “foo” that provides console scripts
called “foo-manage” and “foo-scheduler”, pbrx build-images
will result in
container images called “foo-base”, “foo-manage” and “foo-scheduler”.
pbrx build-images
uses volume mounts during the image build process instead
of copying to prevent wasted energy in getting source code into the image and
in getting artifacts out of the image. This makes it well suited for use on
laptops or in automation that has access to something that behaves like a full
computer but at the moment less well suited for use in unprivileged container
systems. Work will be undertaken to remove this limitation.
Distro Depends¶
build-images
relies on bindep and bindep.txt
to get the list of
packages to install.
build-images
uses the Builder Image pattern so that one image is used to
make wheels of the project and its dependencies, and another to install the
package. Distro packages needed to build wheels of a project or its python
depends from source should be marked with a compile
profile in
bindep.txt
. Distro packages needed at runtime should not be marked with
a profile.
build-images
uses python:alpine
as a base image. There are no plans
or intent to make that configurable since these are application images and
the guest distro only serves to provide Python and c-library depends. To mark
dependencies in bindep.txt
for images, the platform:apline
profile
can be used.
The following is an example bindep file:
gcc [compile test platform:rpm platform:apk]
libffi-devel [compile test platform:rpm]
libffi-dev [compile test platform:dpkg platform:apk]
libffi [platform:apk]
libressl-dev [compile test platform:apk]
linux-headers [compile test platform:apk]
make [compile test platform:apk]
musl-dev [compile test platform:apk]
The only library needed at runtime is libffi
. The other dependencies are
all marked compile
so will be installed into the build container but
not the final runtime container. bindep is useful not just for building
containers, so entries for libffi-dev
on debian as well as libffi-devel
on Red Hat are there. Also, this example marks some packages as needed for
test
. pbrx and bindep appropriately ignore this information.
Note
Because of the use of the python:alpine
image, it is not necessary to
list python3-dev
in platform:alpine
.
Python Dependencies¶
build-images
uses normal python mechanisms to get python dependencies.
Namely, it runs pip install .
in the mounted source directory.
In most cases this is sufficient, but there are times when a single set of
dependencies for a set of console-scripts might not be appropriate. In this
case, it is possible to add a Python extra entry for a console script to add
additional python dependencies. For instance, this section in setup.cfg
:
[extras]
zuul_base =
PyMySQL
psycopg2-binary
zuul_executor =
ara
Will cause PyMySQL
and psycopg2-binary
to be installed into the base
image (even though they are optional dependencies for a normal install) and
for ara
to be installed in the zuul-executor
image.
Note
It is important to note that underscores must be used in the extras definition in place of dashes.