Python distroless image

2,180 views
Skip to first unread message

Sreejith Sreejayan

unread,
Oct 18, 2021, 8:44:10 AM10/18/21
to Distroless Users
I have a distroless python multistage docker build, but the final distoless image has a dependence with third party application unoconv, which has a dependency with libra office, which completely interrupts the flow. Now I'm using unoconv and Open office libra to convert execl to pdf

i have tried to copy libra from stag1 docker image i hope it will not work here because of distroless image dont have a package manager any solution would be very helpful


ROM python:3.9-slim AS build-env
COPY ./ /app
WORKDIR /app
COPY ./requirements.txt .
RUN apt update && \
apt install --no-install-recommends -y build-essential gcc libssl-dev libffi-dev python-dev && \
DEBIAN_FRONTEND="noninteractive" apt-get install -y libgtk2.0-dev && \
apt-get install unoconv -y && \
apt-get install python3-uno -y && \
apt clean && rm -rf /var/lib/apt/lists/*

RUN pip install --upgrade pip && pip install pip-tools
RUN pip install --no-cache-dir -r requirements.txt



FROM gcr.io/distroless/python3:debug
COPY --from=build-env /app /app

COPY --from=build-env /usr/bin/libreoffice/ /usr/bin/
COPY --from=build-env /usr/share/libreoffice /usr/share/
COPY --from=build-env /usr/bin/unoconv /usr/bin/
COPY --from=build-env /etc/libreoffice /etc/
COPY --from=build-env /usr/local/lib/python3.9/site-packages /usr/local/lib/python3.9/site-packages
RUN sed -i 's|#!/usr/bin/env python3|#!/usr/bin/python3|' /usr/bin/unoconv

WORKDIR /app
ENV PYTHONPATH=/usr/local/lib/python3.9/site-packages
EXPOSE 5000 CMD ["app.py"]

Evan Jones

unread,
Oct 18, 2021, 10:39:01 AM10/18/21
to distrole...@googlegroups.com
This isn't super helpful, but I have managed to get multi-stage builds with complex dependencies to work by manually unpacking the required .deb archives. It is a huge pain though! Honestly, if you need to do this, it is much easier to just use a Debian base image, and use the standard apt commands to install the dependencies.

However, if you REALLY want a minimal container image, you can do it. My only open source example is an example of installing graphviz on top of a Distroless image. You will need to update the versions and find the required debs yourself though:



Hope this helps!

Evan




--
You received this message because you are subscribed to the Google Groups "Distroless Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to distroless-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/distroless-users/a62f7087-401f-4602-82a8-06053ca2c1a6n%40googlegroups.com.


--

Sreejith Sreejayan

unread,
Oct 18, 2021, 10:53:09 AM10/18/21
to distrole...@googlegroups.com

Evan Jones , Thanks for the reply. I need the minimal distroless container for security reasons . I would look into the link you shared .


You received this message because you are subscribed to a topic in the Google Groups "Distroless Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/distroless-users/1WYBzcsggk8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to distroless-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/distroless-users/CAMS00PQ-pV9%2ByqqsVtakgzV%3DLDV36ytftGq85RNcT5HcoeKi0Q%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages