I read some articles about using a virtual environment in Docker. Their argument are that the purpose of virtualization in Docker is to introduce isolation and limit conflicts with system packages etc.

However, aren’t Docker and Python-based images (e.g., python:*) already doing the same thing?

Can someone eli5 this whole thing?

  • fubarx
    link
    fedilink
    arrow-up
    3
    ·
    5 months ago

    I can think of only two reasons to have a venv inside a container:

    • If you’re running third-party services inside a container, pinned to different Python versions.

    • If you do local development without docker and scripts that have to activate the venv from inside the script. If you move the scripts inside the container, now you don’t have a venv. But then it’s easy to just check an environment variable and skip, if inside Docker.

    For most applications, it seems like an unnecessary extra step.

    • uthredii@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      If you do multi stage builds (example here) it is slightly easier to use venvs.

      If you use the global environment you need to hardcode the path to global packages. This path can change when base images are upgraded.

    • sweng@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      But then it’s easy to just check an environment variable and skip, if inside Docker.

      How is forcing your script to be Docker-aware simpler than just always creating a venv?

      • fubarx
        link
        fedilink
        arrow-up
        3
        ·
        5 months ago

        One Docker env variable and one line of code. Not a heavy lift, really. And next time I shell into the container I don’t need to remind everyone to activate the venv.

        Creating a venv in Docker just for the hell of it is like creating a symlink to something that never changes or moves.

        • sweng@programming.dev
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          5 months ago

          How can you be sure it’s one line of code? What if there are several codepaths, and venvs are activated in different places? And in any case, even if there is only one conditional needed, that is still one branch more than necessary to test.

          Your symlink example does not make sense. There is someting that is changing. In fact, it may even be the opposite: if you need to use file A in s container, and file B otherwise, it may make perfect sense to symlink the correct file to C, so thst your code does not need to care about it.