
A perfect way to Dockerize your Python application - brendanator
https://sourcery.ai/blog/python-docker/
======
itamarst
1\. It's not perfect if it's insecure. You really don't want to run your
Docker images as root: [https://pythonspeed.com/articles/root-capabilities-
docker-se...](https://pythonspeed.com/articles/root-capabilities-docker-
security/)

2\. It's not perfect to include gcc; it's certainly OK, but it's possible to
do better with multi-stage builds, as someone else commented.

3\. You probably want PYTHONFAULTHANDLER=1 so segfaults gets tracebacks.

Etc..

Going from "it works" to "it's production-ready" is quite a bit of effort!

~~~
brendanator
Thank you for all these suggestions, I've updated the article.

Your website is an excellent source of knowledge!

------
dastx
If you think having something like pipenv or gcc in your image is a "perfect
way" of doing things, you're sorely mistaken.

Neither of those are needed. Use multi stage docker files to avoid such
unnecessary and potentially dangerous dependencies.

In addition, why do you need to disable byte code writing? You're
unnecessarily disabling optimizations done by python.

~~~
brendanator
Multi stage builds do indeed seem much better, thanks

Regarding writing bytecode - this slows down the first load of a file, in
exchange for speeding up subsequent loads of a file. It has no effect on
runtime speed. Given that python code is only loaded once when a Docker image
is run, it is better to disable this.

