I had a web dashboard that I needed to authenticate using ldap. For that I wanted to go with python-ldap package.
I faced few challenges in deploying to my Docker image since it required source code build on deployment, and there are no official binaries. That meant that if I want to deploy python-ldap on a production server / container; I have to install development packages as described in the Build Prerequisites section of their documentation.
For development purposes, this would have been fine, but I preferred not to have those unnecessary packages in my deployed production container. The other option was to deploy prebuilt packages. I also preferred not to do that.
The solution was simple though. I simply built the wheel inside one stage of my docker image, then just copied this wheel file to the next stage, to install it directly using pip.
Below is my docker file.
FROM python:3.9.2 AS ldap-build
RUN apt-get update -y && \
apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev && \
python -m pip wheel --wheel-dir=/tmp python-ldap==3.3.1
FROM python:3.9.2
COPY --from=ldap-build /tmp/*.whl /tmp
RUN python -m pip install /tmp/*.whl
CMD tail -f /dev/null
While being a simple solution, I was a bit surprised I didn't find a ready made solution like this. I thought it's worth sharing for python-ldap deployments in production, and in any similar case, where you have to build python packages yourself.
I hope it helps somebody out there.
Cheers!
Top comments (5)
Hi, nice post, I try it to in this way:
github.com/Courouge/fastapi-apps/b...
What to you think ?
Thanks for sharing. Looks like you've put a lot of effort in it. Well written.
I haven't tried the Dockerfile, but I'm wondering why do you need a virtual environment inside the container, and why two stages for build?
I use multi-stage build to reduce image size and benefit layer caching. In case of virtual environment, I just divide the build stage with pip dependencies and the run stage to reduce attack surface. I'm not a expert on this part but you could find some links that explain why I am using multistage :)
sysdig.com/blog/dockerfile-best-pr...
docker.com/blog/containerized-pyth...
@florian_courouge I'm interested in understanding why you decided to use a combination of a debian and distroless base images.
In short answer, debian for building ordinary packages and distroless to reduce vulnerabilities (and docker image size in some cases). These base images are stable unlike alpine base.