I use multi-stage build to reduce image size and benefit layer caching. In case of virtual environment, I just divide the build stage with pip dependencies and the run stage to reduce attack surface. I'm not a expert on this part but you could find some links that explain why I am using multistage :) sysdig.com/blog/dockerfile-best-pr... docker.com/blog/containerized-pyth...
In short answer, debian for building ordinary packages and distroless to reduce vulnerabilities (and docker image size in some cases). These base images are stable unlike alpine base.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi, nice post, I try it to in this way:
github.com/Courouge/fastapi-apps/b...
What to you think ?
Thanks for sharing. Looks like you've put a lot of effort in it. Well written.
I haven't tried the Dockerfile, but I'm wondering why do you need a virtual environment inside the container, and why two stages for build?
I use multi-stage build to reduce image size and benefit layer caching. In case of virtual environment, I just divide the build stage with pip dependencies and the run stage to reduce attack surface. I'm not a expert on this part but you could find some links that explain why I am using multistage :)
sysdig.com/blog/dockerfile-best-pr...
docker.com/blog/containerized-pyth...
@florian_courouge I'm interested in understanding why you decided to use a combination of a debian and distroless base images.
In short answer, debian for building ordinary packages and distroless to reduce vulnerabilities (and docker image size in some cases). These base images are stable unlike alpine base.