你是否一样厌倦了与臃肿的 Docker 镜像进行抗争?这些镜像是否会占用磁盘空间并影响部署速度?值得注意的是:顶级 DevOps 团队已经将镜像大小削减了 99%。在本指南中,我将揭开他们一直保密的技术。
臃肿的 Docker 镜像的隐性成本
从 1.2GB 到 8MB 的历程:案例研究
FROM python:3.9
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "main.py"]
多阶段构建:游戏规则改变者
多阶段构建是一种强大的技术,可以显著减少最终 Docker 镜像的大小,它使我们能够将构建时依赖项与运行时依赖项分开。
使用最小的基础镜像
根据你的用例,将完整的 python 版本替换为 slim 或 alpine 版本
FROM python:3.9-slim AS builder
单阶段 Dockerfile
# an official Python runtime as a parent image
FROM python:3.9-slim
# Install necessary build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
gcc \
&& rm -rf /var/lib/apt/lists/*# Set the working directory
WORKDIR /app# Copy the requirements file and install dependencies
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt# Copy the rest of the application code
COPY . .# Compile the model (if necessary)
RUN python compile_model.py# Run the inference script
CMD ["python", "inference.py"]
多阶段 Dockerfile
# Stage 1: Build
FROM python:3.9-slim AS builder
# Install necessary build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
gcc \
&& rm -rf /var/lib/apt/lists/*# Set the working directory
WORKDIR /app# Copy the requirements file and install dependencies
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt# Copy the application code
COPY . .# Compile the model (if necessary)
RUN python compile_model.py# Install PyInstaller
RUN pip install pyinstaller# Create a standalone executable
RUN pyinstaller --onefile inference.py
# Stage 2: Production
FROM scratch
# Set the working directory
WORKDIR /app# Copy only the necessary files from the build stage
COPY --from=builder /app/dist/inference /app/inference
COPY --from=builder /app/model /app/model# Run the inference executable
ENTRYPOINT ["/app/inference"]
层优化:每个字节都很重要
RUN apt-get update && apt-get install -y python3-pip python3-dev && \
pip3 install numpy pandas && \
apt-get clean && rm -rf /var/lib/apt/lists/*
从头开始的最小基础镜像:少即是多
# syntax=docker/dockerfile:1
FROM scratch
ADD myapp /
CMD ["/myapp"]
先进技术
Distroless 镜像
FROM gcr.io/distroless/python3-debian10
COPY --from=builder /app/dist/main /app/main
COPY --from=builder /app/model /app/model
COPY --from=builder /app/config.yml /app/config.yml
ENTRYPOINT ["/app/main"]
DOCKER_BUILDKIT=1 docker build -t myapp .
其他技术
# Exclude large datasets
data/
# Exclude virtual environment
venv/# Exclude cache, logs, and temporary files
__pycache__/
*.log
*.tmp
*.pyc
*.pyo
*.pyd
.pytest_cache
.git
.gitignore
README.md# Exclude model training checkpoints and tensorboard logs
checkpoints/
runs/
安全精简 Docker 镜像的基本安全实践
RUN adduser --disabled-password --gecos "" appuser
USER appuser
docker run -p 127.0.0.1:8080:8080 myimage
docker scan your-image:tag
结论
*本文为dbaplus社群编译整理,如需转载请取得授权并标明出处!欢迎广大技术人员投稿,投稿邮箱:editor@dbaplus.cn
如果字段的最大可能长度超过255字节,那么长度值可能…
只能说作者太用心了,优秀
感谢详解
一般干个7-8年(即30岁左右),能做到年入40w-50w;有…
230721