-
Notifications
You must be signed in to change notification settings - Fork 804
/
Copy pathDockerfile
116 lines (100 loc) · 3.33 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# syntax = docker/dockerfile:1.3
# VULN_SCAN_TIME=2024-09-16_05:06:48
# The build stage
# ---------------
# This stage is building Python wheels for use in later stages by using a base
# image that has more pre-requisites to do so, such as a C++ compiler.
#
# NOTE: If the image version is updated, also update it in ci/refreeze and
# singleuser-sample's Dockerfile!
#
FROM python:3.12-bookworm as build-stage
# Build wheels
#
# We set pip's cache directory and expose it across build stages via an
# ephemeral docker cache (--mount=type=cache,target=${PIP_CACHE_DIR}). We use
# the same technique for the directory /tmp/wheels.
#
COPY requirements.txt requirements.txt
ARG PIP_CACHE_DIR=/tmp/pip-cache
RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
pip wheel \
--wheel-dir=/tmp/wheels \
# pycurl 7.45.3 has wheels, but they aren't portable
# https://github.com/pycurl/pycurl/issues/834
--no-binary pycurl \
-r requirements.txt \
# Additional wheels for default-stage. Updates below should be repeated
# in default-stage.
#
py-spy
# The final stage - slim version
# ------------------------------
# This stage is built and published as quay.io/jupyterhub/k8s-hub-slim. It is meant to
# provide no non-essential packages.
#
FROM python:3.12-slim-bookworm as slim-stage
ENV DEBIAN_FRONTEND=noninteractive
ARG NB_USER=jovyan \
NB_UID=1000 \
HOME=/home/jovyan
RUN adduser \
--disabled-password \
--gecos "Default user" \
--uid ${NB_UID} \
--home ${HOME} \
--force-badname \
${NB_USER}
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends \
# requirement for pycurl
libcurl4 \
# requirement for using postgres database
libpq5 \
# requirement for using a local sqlite database
sqlite3 \
tini \
&& rm -rf /var/lib/apt/lists/*
# install wheels built in the build stage
# --no-index ensures _only_ wheels from the build stage are installed
COPY requirements.txt /tmp/requirements.txt
ARG PIP_CACHE_DIR=/tmp/pip-cache
RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
--mount=type=cache,from=build-stage,source=/tmp/wheels,target=/tmp/wheels \
pip install \
--no-index \
--find-links=/tmp/wheels/ \
-r /tmp/requirements.txt
WORKDIR /srv/jupyterhub
RUN chown ${NB_USER}:${NB_USER} /srv/jupyterhub
USER ${NB_USER}
EXPOSE 8081
ENTRYPOINT ["tini", "--"]
CMD ["jupyterhub", "--config", "/usr/local/etc/jupyterhub/jupyterhub_config.py"]
# The final stage - default version
# ---------------------------------
# We add a few non-critical packages on top of the slim version to provide some
# additional utility.
#
FROM slim-stage as default-stage
USER root
ARG PIP_CACHE_DIR=/tmp/pip-cache
RUN --mount=type=cache,target=${PIP_CACHE_DIR} \
--mount=type=cache,from=build-stage,source=/tmp/wheels,target=/tmp/wheels \
pip install \
--no-index \
--find-links=/tmp/wheels/ \
# Updates below should be repeated in build-stage.
#
# py-spy is useful for profiling performance of running hubs
py-spy
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
curl \
dnsutils \
git \
less \
vim \
&& rm -rf /var/lib/apt/lists/*
USER ${NB_USER}