OCI Reference | cgr.dev/chainguard/python |
- View Image in Chainguard Academy
- View Image Catalog for a full list of available tags.
- Contact Chainguard for enterprise support, SLAs, and access to older tags.*
Minimal Python image based on Wolfi.
The image is available on cgr.dev
:
docker pull cgr.dev/chainguard/python:latest
The python
Chainguard Image provides a minimal Python runtime suitable for workloads such as web applications, CLI utilities, interfacing with APIs, or other tasks.
We have two image variants available:
- A
python:latest-dev
variant that contains thepip
andapk
package managers and thebash
,ash
, andsh
shells. - A minimal runtime variant that removes shells and package managers for additional security.
To pull the minimal runtime variant from cgr.dev
:
docker pull cgr.dev/chainguard/python:latest
To pull the dev variant:
docker pull cgr.dev/chainguard/python:latest-dev
The entrypoint for the python
Chainguard Image is /usr/bin/python
. Commands run as part of docker run
or a CMD
statement in a Dockerfile will be passed as arguments to python
.
To access the shell in the python:latest-dev
image, you'll need to include an --entrypoint
option, as in the following example.
docker run -it --entrypoint /bin/bash chainguard/python:latest-dev
Also note that the python
image uses the nonroot
user by default. To perform operations such as installing packages with apk
, run the image as root.
docker run -it --user root --entrypoint /bin/bash chainguard/python:latest-dev
We recommend against using the root user in a production environment.
If you require additional packages that can be installed with the pip
package manager, we recommend using a multistage build. This process involves installing packages in a virtual environment using the latest-dev
variant, then copying this environment over to the minimal runtime image.
The following is a minimal example of a Dockerfile that uses a multistage build to run an app.py
script after installing dependencies listed in a requirements.txt
file.
# syntax=docker/dockerfile:1
FROM cgr.dev/chainguard/python:latest-dev as dev
WORKDIR /app
RUN python -m venv venv
ENV PATH="/app/venv/bin":$PATH
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
FROM cgr.dev/chainguard/python:latest
WORKDIR /app
COPY app.py app.py
COPY --from=dev /app/venv /app/venv
ENV PATH="/app/venv/bin:$PATH"
ENTRYPOINT ["python", "app.py"]
For a more complete example, see Getting Started with the Python Chainguard Image on Chainguard Academy.
- Getting Started with the Python Chainguard Image
- Migrating to Python Chainguard Images
- Updating a Python Microservice for Chainguard Images
- Debugging Distroless Images
- Blog Post: Securely Containerize a Python Application with Chainguard Images
- Video: How to containerize a Python application with a multi-stage build using Chainguard Images
- Learning Lab: Deploying a Flask App with Python and nginx Chainguard Images