Optimize dockerfiles for local rebuilds #20238
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
potiuk
requested review from
ashb,
jedcunningham,
kaxil and
mik-laj
as code owners
boring-cyborg
bot
added
area:dev-tools
area:production-image
potiuk
force-pushed
the
optimizes-dockerfile
branch
4 times, most recently
from
5c29de2 to
7a71228
Compare
Member
Author
|
This is one of the final optimizations/refactorings and cleanups of the image before I will submit it to become an official image. Some last optimizations/clarifications (cleaning up the stderr output etc. ) If you think it is to big I can attempt to split it into smaller pieces, but there are a number of changes in there that invalidate current layers of Airflow images, making the cache less effective and merging it in one go would only require image refresh once. Since the image is going to be "official" I had to make sure that all the potential "errors" are either gone or are explained. There re many requirements to fulfill to become an "official image" - and I think with that one, we are getting closer to having them all fulfilled (https://github.com/docker-library/official-images). One thing that I had to do however is to add this reassuring message that we know what we are doing by using root and not using virtualenv. I tried to solve the problem in PIP or even PEP 668 level but I failed, so I had to revert to this reassuring message:
Looking forward to reviews! |
1 task
potiuk
force-pushed
the
optimizes-dockerfile
branch
from
7a71228 to
b55b3a2
Compare
Member
Author
|
Looking forward to reviews on that one- it should be helpful in finalizing |
Member
Author
|
Anyone :) ? |
potiuk
force-pushed
the
optimizes-dockerfile
branch
from
b55b3a2 to
abcd0c8
Compare
Contributor
|
python2 is still in the DockerFile , maybe the opportunity to remove it ? |
Member
Author
It's there for a reason. Python2 + Python Virtualenv is our offer to the users who still (?) have a need to run Python2 code. It's part of the migration process we have: We have a lot of enterprise users who are (hopefully) going to move away soon from it. And since it does not cost us much, we have Python 2 added to our image and even tests in our CI that test if PythonVirtualenv work for Python2. I think removal of Python 2 from our tests/image should be done after voting that we want to drop it. |
Member
Author
|
I started PROPOSAL thread on the devlist: https://lists.apache.org/thread/rjyqw3cwsh4vgg6jycsbr1jr0slnych3 @raphaelauv . I think 2 years of EOL anniversary is a good time to put the final nail in the coffin for it. |
potiuk
force-pushed
the
optimizes-dockerfile
branch
2 times, most recently
from
36df2da to
74bd750
Compare
Member
Author
|
I updated the images to remove Python 2. I also got rid of the warning from PIP in a different way. I complicated the Base image to add airflow user there (even if it is not needed), Just to make sure there are no warnings whe I pass it to the official image verification. |
Member
Author
|
I would love some reviews - happy to split off some things (though it would be rather difficult to split). But it would be great to get this one in to (almost) end the prod image story. |
potiuk
force-pushed
the
optimizes-dockerfile
branch
2 times, most recently
from
611bf18 to
67a594c
Compare
potiuk
added a commit
to potiuk/airflow
that referenced
this pull request
Jan 18, 2022
The "buildkit" is much more modern docker build mechanism and supports
multiarchitecture builds which makes it suitable for our future ARM
support, it also has nicer UI and much more sophisticated caching
mechanisms as well as supports better multi-segment builds.
BuildKit has been promoted to official for quite a while and it is
rather stable now. Also we can now install BuildKit Plugin to docker
that add capabilities of building and managin cache using dedicated
builders (previously BuildKit cache was managed using rather
complex external tools).
This gives us an opportunity to vastly
simplify our build scripts, because it has now much more robust caching
mechanism than the old docker build (which forced us to pull images
before using them as cache).
We had a lot of complexity involved in efficient caching
but with BuildKit all that can be vastly simplified and we can
get rid of:
* keeping base python images in our registry
* keeping build segments for prod image in our registry
* keeping manifest images in our registry
* deciding when to pull or pull&build image (not needed now, we can
always build image with --cache-from and buildkit will pull cached
layers as needed
* building the image when performing pre-commit (rather than that
we simply encourage users to rebuild the image via breeze command)
* pulling the images before building
* separate 'build' cache kept in our registry (not needed any more
as buildkit allows to keep cache for all segments of multi-segmented
build in a single cache
* the nice animated tty UI of buildkit eliminates the need of manual
spinner
* and a number of other complexities.
Depends on apache#20238
potiuk
added a commit
that referenced
this pull request
Jan 18, 2022
The "buildkit" is much more modern docker build mechanism and supports
multiarchitecture builds which makes it suitable for our future ARM
support, it also has nicer UI and much more sophisticated caching
mechanisms as well as supports better multi-segment builds.
BuildKit has been promoted to official for quite a while and it is
rather stable now. Also we can now install BuildKit Plugin to docker
that add capabilities of building and managin cache using dedicated
builders (previously BuildKit cache was managed using rather
complex external tools).
This gives us an opportunity to vastly
simplify our build scripts, because it has now much more robust caching
mechanism than the old docker build (which forced us to pull images
before using them as cache).
We had a lot of complexity involved in efficient caching
but with BuildKit all that can be vastly simplified and we can
get rid of:
* keeping base python images in our registry
* keeping build segments for prod image in our registry
* keeping manifest images in our registry
* deciding when to pull or pull&build image (not needed now, we can
always build image with --cache-from and buildkit will pull cached
layers as needed
* building the image when performing pre-commit (rather than that
we simply encourage users to rebuild the image via breeze command)
* pulling the images before building
* separate 'build' cache kept in our registry (not needed any more
as buildkit allows to keep cache for all segments of multi-segmented
build in a single cache
* the nice animated tty UI of buildkit eliminates the need of manual
spinner
* and a number of other complexities.
Depends on #20238
potiuk
added
the
changelog:skip
potiuk
added a commit
that referenced
this pull request
Jan 22, 2022
There was some "junk" output generated by the scripts that are used in Airflow image building. The junk has been cleaned up so that no unnecessary warnings are generated. This change includes: * making sure that when everything is fine, there are no warnnings generated by PROD docker build proces * making sure that when CI image is build the only remaining warning is "Using root" - this warning cannot be silenced pypa/pip#10556 and instead in CI build we explain in green that this is invalid warning * the "scripted" steps of docker build have nicely blue headers that visually separate steps of building the iamge and give more information on what's going on * the current way of printing ouput will play very nicely with BUILDKIT UI where Blue color indicates progress in building Separated out from #20238 (cherry picked from commit 4d33ebf)
potiuk
added a commit
that referenced
this pull request
Jan 22, 2022
When you build dockerfiles locally for development the layer invalidation could happen earlier than you wanted - some of the variables (like COMMIT_SHA) were affecting the cache of Docker in the way that they forced either invalidation of the pre-cached packages installed or forced to recreate assets when they were not touched. Similarly when no webpack/yarn/packages/static are modified, the node asset compilation should not happen. It makes no sense to compile all the assets on docker rebuild when none of the www files changed. In case of CI build we can also separate node modules preparation and asset compilation, because node modules should remain in the image anyway for incremental changes. Fixes: #20259 This PR improves the experience of iterating over docker image building by decreasing unnecesary layer invalidations. (cherry picked from commit 4620770)
potiuk
added a commit
that referenced
this pull request
Jan 22, 2022
The "buildkit" is much more modern docker build mechanism and supports
multiarchitecture builds which makes it suitable for our future ARM
support, it also has nicer UI and much more sophisticated caching
mechanisms as well as supports better multi-segment builds.
BuildKit has been promoted to official for quite a while and it is
rather stable now. Also we can now install BuildKit Plugin to docker
that add capabilities of building and managin cache using dedicated
builders (previously BuildKit cache was managed using rather
complex external tools).
This gives us an opportunity to vastly
simplify our build scripts, because it has now much more robust caching
mechanism than the old docker build (which forced us to pull images
before using them as cache).
We had a lot of complexity involved in efficient caching
but with BuildKit all that can be vastly simplified and we can
get rid of:
* keeping base python images in our registry
* keeping build segments for prod image in our registry
* keeping manifest images in our registry
* deciding when to pull or pull&build image (not needed now, we can
always build image with --cache-from and buildkit will pull cached
layers as needed
* building the image when performing pre-commit (rather than that
we simply encourage users to rebuild the image via breeze command)
* pulling the images before building
* separate 'build' cache kept in our registry (not needed any more
as buildkit allows to keep cache for all segments of multi-segmented
build in a single cache
* the nice animated tty UI of buildkit eliminates the need of manual
spinner
* and a number of other complexities.
Depends on #20238
(cherry picked from commit ad28f69)
jedcunningham
pushed a commit
that referenced
this pull request
Jan 27, 2022
There was some "junk" output generated by the scripts that are used in Airflow image building. The junk has been cleaned up so that no unnecessary warnings are generated. This change includes: * making sure that when everything is fine, there are no warnnings generated by PROD docker build proces * making sure that when CI image is build the only remaining warning is "Using root" - this warning cannot be silenced pypa/pip#10556 and instead in CI build we explain in green that this is invalid warning * the "scripted" steps of docker build have nicely blue headers that visually separate steps of building the iamge and give more information on what's going on * the current way of printing ouput will play very nicely with BUILDKIT UI where Blue color indicates progress in building Separated out from #20238 (cherry picked from commit 4d33ebf)
jedcunningham
pushed a commit
that referenced
this pull request
Jan 27, 2022
When you build dockerfiles locally for development the layer invalidation could happen earlier than you wanted - some of the variables (like COMMIT_SHA) were affecting the cache of Docker in the way that they forced either invalidation of the pre-cached packages installed or forced to recreate assets when they were not touched. Similarly when no webpack/yarn/packages/static are modified, the node asset compilation should not happen. It makes no sense to compile all the assets on docker rebuild when none of the www files changed. In case of CI build we can also separate node modules preparation and asset compilation, because node modules should remain in the image anyway for incremental changes. Fixes: #20259 This PR improves the experience of iterating over docker image building by decreasing unnecesary layer invalidations. (cherry picked from commit 4620770)
jedcunningham
pushed a commit
that referenced
this pull request
Jan 27, 2022
The "buildkit" is much more modern docker build mechanism and supports
multiarchitecture builds which makes it suitable for our future ARM
support, it also has nicer UI and much more sophisticated caching
mechanisms as well as supports better multi-segment builds.
BuildKit has been promoted to official for quite a while and it is
rather stable now. Also we can now install BuildKit Plugin to docker
that add capabilities of building and managin cache using dedicated
builders (previously BuildKit cache was managed using rather
complex external tools).
This gives us an opportunity to vastly
simplify our build scripts, because it has now much more robust caching
mechanism than the old docker build (which forced us to pull images
before using them as cache).
We had a lot of complexity involved in efficient caching
but with BuildKit all that can be vastly simplified and we can
get rid of:
* keeping base python images in our registry
* keeping build segments for prod image in our registry
* keeping manifest images in our registry
* deciding when to pull or pull&build image (not needed now, we can
always build image with --cache-from and buildkit will pull cached
layers as needed
* building the image when performing pre-commit (rather than that
we simply encourage users to rebuild the image via breeze command)
* pulling the images before building
* separate 'build' cache kept in our registry (not needed any more
as buildkit allows to keep cache for all segments of multi-segmented
build in a single cache
* the nice animated tty UI of buildkit eliminates the need of manual
spinner
* and a number of other complexities.
Depends on #20238
(cherry picked from commit ad28f69)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is one of the last final refactorings of the image before
it is eligible to become an "official image".
When you build dockerfiles locally for development the layer
invalidation could happen earlier than you wanted - some of the
variables (like COMMIT_SHA) were affecting the cache of Docker
in the way that they forced either invalidation of the pre-cached
packages installed or forced to recreate assets when they were
not touched.
Similarly when no webpack/yarn/packages/static are modified,
the node asset compilation should not happen. It makes
no sense to compile all the assets on docker rebuild when
none of the www files changed.
In case of CI build we can also separate node modules
preparation and asset compilation, because node modules
should remain in the image anyway for incremental changes.
Fixes: #20259
This PR improves the experience of iterating over docker image
building by decreasing unnecesary layer invalidations.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.