From bulky to lean: Achieving 95% size reduction for Python containers

Naveen S (~navhits)


9

Votes

Description:

Have you ever built a Python project and you want to publish a Docker image? After days of debugging, you get it to work. But after building your image, you're surprised to see that the image size is hundreds of Megabytes big. You're looking for ways to reduce the size. As a general practice, you try to use smaller parent images like python-alpine. Now all of a sudden, your package installation breaks due to missing libraries. Alpine, you know :P Finally, you somehow figured it all out and made it work. But still, your image is not as small as you expect it to be. What else could you do? Try reducing the layers, try multi-stage builds.

But what if you absolutely want to create smaller images for your projects? This talk will look at an experimental project to build the smallest possible images for Python projects. That too absolutely "FROM scratch". You might know what a scratch image means if you come from a Docker world. Scratch is a docker keyword, meaning that the container will have no base image. The size of the image would be 0 Bytes. We will see what it takes to run some Python code in a scratch container.

While we build scratch containers, we will evaluate their effectiveness, performance, and security against traditional containers. During this part, we will quickly review container security tools (my favorite part).

Prerequisites:

  • Basic programming
    • Docker or other container technologies
    • Familiar with building images with multiple-stages

Speaker Info:

Naveen is a developer from the heart with a passion for Information Security. He is a Senior Security Engineer at Freshworks, working with the DevSecOps team to build assistive tools for product teams to help write better/secure code, and other solutions for Application Security, SOC, Cloud Security, and GRC teams to accelerate their BAU activities. He works on streamlining and designing guardrails for a Secure Software Development Lifecycle. He's written automation and solutions in Python for four years and is now also learning the Rust language, given its similarities and compatibility with Python. Outside of work, he engages with communities in Chennai and shares his learnings and experience with them.

Section: Developer tools and automation
Type: Talks
Target Audience: Intermediate
Last Updated: