extra chown command pads image size and build time #55
Description
My actions before raising this issue
- Followed the troubleshooting guide
- Read/searched the docs
- Searched past issues
Expected Behaviour
The --chown flag was introduced in v17.09.0-ce allows for copying files and changing ownership in one step, this would allow for copying files with non-root permissions without any additional container layer.
Current Behaviour
There's an additional RUN chown -R app:app ../ layer in several Dockerfiles that pads the overall image size and build time, this is especially noticeable as user specified requirements.txt grows.
Possible Solution
Add the --chown=app flag to any COPY command intended for non-root user (app) files, this will reduce overall build time and container image size.
or alternative...
Create an additional build stage (e.g. FROM python:* AS production) and copy over necessary build artifacts after testing finishes. This may require significant tweaking to the Dockerfiles to make this solution possible (e.g. using a virtualenv), however it may result in a much smaller container image?
Steps to Reproduce (for bugs)
faas-cli template pull https://github.com/openfaas-incubator/python-flask-templatefaas-cli new --lang python3-http-debian hello-python- Add several requirements to the
hello-python/requirements.txt, example below
boto3
botocore
click
gensim
jmespath
joblib
nltk
numpy
pandas
python-dateutil
pytz
regex
s3transfer
scipy
simplejson
six
smart-open
tqdm
urllib3
time faas-cli build --no-cache -f hello-python.yml- Modify any file
COPYcommand intended for non-root user files to include--chown=app
diff --git a/template/python3-http-debian/Dockerfile b/template/python3-http-debian/Dockerfile
index 624fb03..6396fd3 100644
--- a/template/python3-http-debian/Dockerfile
+++ b/template/python3-http-debian/Dockerfile
@@ -19,8 +19,8 @@ ENV PATH=$PATH:/home/app/.local/bin
WORKDIR /home/app/
-COPY index.py .
-COPY requirements.txt .
+COPY --chown=app index.py .
+COPY --chown=app requirements.txt .
USER root
RUN pip install -r requirements.txt
USER app
@@ -32,8 +32,7 @@ COPY function/requirements.txt .
RUN pip install --user -r requirements.txt
USER root
-COPY function/ .
-RUN chown -R app:app ../
+COPY --chown=app function/ .
ARG TEST_COMMAND=tox
ARG TEST_ENABLED=truetime faas-cli build --no-cache -f hello-python.yml- Compare image size and build time
Context
I'm a college student working on a capstone project involving deploying open-source cloud native applications in Kubernetes and doing a comparison against vendor specific solutions.
I'm using python-flask-templates as a basis for my own custom functions and would love to contribute in any way I can.
Your Environment
- FaaS-CLI version ( Full output from:
faas-cli version):
___ _____ ____
/ _ \ _ __ ___ _ __ | ___|_ _ __ _/ ___|
| | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \
| |_| | |_) | __/ | | | _| (_| | (_| |___) |
\___/| .__/ \___|_| |_|_| \__,_|\__,_|____/
|_|
CLI:
commit: b1c09c0243f69990b6c81a17d7337f0fd23e7542
version: 0.14.2
- Docker version
docker version(e.g. Docker 17.0.05 ):
Docker version 20.10.14, build a224086
-
Are you using Docker Swarm or Kubernetes (FaaS-netes)?
Kubernetes -
Operating System and version (e.g. Linux, Windows, MacOS):
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
-
Code example or link to GitHub repo or gist to reproduce problem:
I can create a full gist if desired, but the requirements.txt provided in the "steps to reproduce" above matches my specific use case. To summarize my results, after implementing the first proposed solution produces a ~30 second decrease in build time and ~500mb decrease in image size. -
Other diagnostic information / logs from troubleshooting guide