Best practices for production-ready Docker packaging

An iterative packaging plan for your Python application

Itamar Turner-Trauring

Deployment/Continuous Integration and Delivery DevOps general Docker Packaging Security

See in schedule Download/View Slides

You know the basics of packaging your Python application for Docker, but do you know enough to run that image in production? Bad packaging can result in security and production problems, not to mention wasted time try to debug unreproducible errors.

And even if you figure out the best practices, there's still a huge number of details to get right, many of which interact with each other in unexpected ways. My personal list includes over 60 Docker packaging best practices, and it keeps growing. So where do you start? What should you do first?

To help you quickly package your application in a production-ready way, this talk will give you a plan to help you prioritize and iteratively implement these best practices, by starting with the highest priority best practices (security, automation), moving on the correctness and reproducibility, and finally focusing on optimization.

To make this process more concrete, along the way you'll also learn some of the techniques needed to build production-ready images:

* Running as a non-root, for increased security.
* Debugging C crashes with faulthandler.
* Faster startup with pre-compiled .pycs.
* Smaller images by disabling pip caching.
* Avoiding Alpine Linux.
* And more!

At the end of the talk you'll also get some resources to teach you even more best practices that can't be fit in a 30-minute talk.

This talk is for Python programmers who know the basics of Docker packaging, and need to run the resulting images in a production environment.

Type: Talk (30 mins); Python level: Beginner; Domain level: Intermediate

Itamar Turner-Trauring

Itamar has been using Python since 1999, and was inspired to move to a new country by his trip to EuroPython in 2002. He writes extensively on Docker packaging for Python ( and software engineering for data scientists ( In the past he spent many years as a maintainer of the Twisted framework, and nowadays is the maintainer of the Fil memory profiler ( and the Eliot logging library (