-
Notifications
You must be signed in to change notification settings - Fork 23
/
Dockerfile
94 lines (70 loc) · 2.76 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Gordo base image
FROM python:3.10-slim-bookworm as builder
# Copy source code
COPY . /code
# Copy .git to deduce version number
COPY .git /code/
RUN apt-get update && apt-get install -y \
git \
&& rm -rf /var/lib/apt/lists/*
# Fix CVE-2024-6345
RUN pip install setuptools==70.0.0
WORKDIR /code
RUN rm -rf /code/dist \
&& python setup.py sdist \
&& mv /code/dist/$(ls /code/dist | head -1) /code/dist/gordo-packed.tar.gz
# Extract a few big dependencies which docker will cache even when other dependencies change
RUN cat /code/requirements/full_requirements.txt | grep tensorflow== > /code/prereq.txt \
&& cat /code/requirements/full_requirements.txt | grep pyarrow== >> /code/prereq.txt \
&& cat /code/requirements/full_requirements.txt | grep scipy== >> /code/prereq.txt
FROM python:3.10-slim-bookworm
# Nonroot user for running CMD
RUN groupadd -g 999 gordo && \
useradd -r -u 999 -g gordo gordo
ENV HOME "/home/gordo"
ENV PATH "${HOME}/.local/bin:${PATH}"
RUN apt-get update && apt-get install -y \
curl \
jq \
&& rm -rf /var/lib/apt/lists/*
# Fix CVE-2024-6345
RUN pip install setuptools==70.0.0
# Install requirements separately for improved docker caching
COPY --from=builder /code/prereq.txt .
RUN pip install --no-deps -r prereq.txt --no-cache-dir
COPY requirements/full_requirements.txt .
RUN pip install -r full_requirements.txt --no-cache-dir
# Install gordo, packaged from earlier 'python setup.py sdist'
COPY --from=builder /code/dist/gordo-packed.tar.gz .
RUN pip install gordo-packed.tar.gz[full]
# Install GordoDeploy dependencies
ARG HTTPS_PROXY
ARG KUBECTL_VERSION="v1.31.1"
#donwload & install kubectl
RUN curl -fsSL -o /usr/local/bin/kubectl https://dl.k8s.io/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl &&\
chmod +x /usr/local/bin/kubectl
# Copy scripts
COPY ./functions.sh ${HOME}/functions.sh
COPY ./run_workflow_and_argo.sh ${HOME}/run_workflow_and_argo.sh
# Baking in example configs for running tests, as docker.client.containers.run
# bind doesn't seem to work correctly for non-root users
# volumes={repo_dir: {"bind": "/home/gordo", "mode": "ro"}},
COPY ./examples ${HOME}/examples
COPY ./resources ${HOME}/resources
# Install ModelBuilder dependencies
ADD build.sh ${HOME}/build.sh
# build.sh (build the model) as executable default command
RUN cp ${HOME}/build.sh /usr/bin/build \
&& chmod a+x /usr/bin/build
# Run things from gordo's home to have write access when needed
WORKDIR ${HOME}
#download & install argo
ENV ARGO_VERSIONS="[{\"number\":3,\"version\":\"3.5.11\"}]"
COPY scripts/download_argo.py ./download_argo.py
RUN python3 ./download_argo.py -o /usr/local/bin
# Cleanup
RUN dpkg -r curl && rm ./download_argo.py
# Make gordo own all in its home
RUN chown -R gordo:gordo ${HOME}
# Switch user
USER 999