| OCI Reference | cgr.dev/chainguard/python |
- View Image in Chainguard Academy
- View Image Catalog for a full list of available tags.
- Contact Chainguard for enterprise support, SLAs, and access to older tags.*
Minimal Python image based on Wolfi.
The image is available on cgr.dev:
docker pull cgr.dev/chainguard/python:latest
The python Chainguard Image provides a minimal Python runtime suitable for workloads such as web applications, CLI utilities, interfacing with APIs, or other tasks.
We have two image variants available:
- A
python:latest-devvariant that contains thepipandapkpackage managers and thebash,ash, andshshells. - A minimal runtime variant that removes shells and package managers for additional security.
To pull the minimal runtime variant from cgr.dev:
docker pull cgr.dev/chainguard/python:latestTo pull the dev variant:
docker pull cgr.dev/chainguard/python:latest-devThe entrypoint for the python Chainguard Image is /usr/bin/python. Commands run as part of docker run or a CMD statement in a Dockerfile will be passed as arguments to python.
To access the shell in the python:latest-dev image, you'll need to include an --entrypoint option, as in the following example.
docker run -it --entrypoint /bin/bash chainguard/python:latest-devAlso note that the python image uses the nonroot user by default. To perform operations such as installing packages with apk, run the image as root.
docker run -it --user root --entrypoint /bin/bash chainguard/python:latest-devWe recommend against using the root user in a production environment.
If you require additional packages that can be installed with the pip package manager, we recommend using a multistage build. This process involves installing packages in a virtual environment using the latest-dev variant, then copying this environment over to the minimal runtime image.
The following is a minimal example of a Dockerfile that uses a multistage build to run an app.py script after installing dependencies listed in a requirements.txt file.
# syntax=docker/dockerfile:1
FROM cgr.dev/chainguard/python:latest-dev as dev
WORKDIR /app
RUN python -m venv venv
ENV PATH="/app/venv/bin":$PATH
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
FROM cgr.dev/chainguard/python:latest
WORKDIR /app
COPY app.py app.py
COPY --from=dev /app/venv /app/venv
ENV PATH="/app/venv/bin:$PATH"
ENTRYPOINT ["python", "app.py"]For a more complete example, see Getting Started with the Python Chainguard Image on Chainguard Academy.
- Getting Started with the Python Chainguard Image
- Migrating to Python Chainguard Images
- Updating a Python Microservice for Chainguard Images
- Debugging Distroless Images
- Blog Post: Securely Containerize a Python Application with Chainguard Images
- Video: How to containerize a Python application with a multi-stage build using Chainguard Images
- Learning Lab: Deploying a Flask App with Python and nginx Chainguard Images