microservices: Optimized Time Series Analytics Dockerfile (open-edge-platform#347)

vkb1 · web-flow · commit d251cad01f2c · 2025-06-16T18:25:12.000+05:30
Optimizes the Dockerfile for the time-series analytics service by consolidating layers, minimizing installed packages, and cleaning up caches to reduce image size and improve security.

Consolidated and streamlined package installation and cleanup steps
Switched to sparse checkout for Kapacitor Python plugin and removed unneeded files
Added non-root user setup and improved healthcheck

Signed-off-by: B, Vinod K &lt;vinod.k.b@intel.com&gt;
diff --git a/microservices/time-series-analytics/Dockerfile b/microservices/time-series-analytics/Dockerfile
@@ -4,53 +4,63 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
-# Use the Kapacitor 1.7.6 image as the base image
+# Use the Kapacitor image as the base image
 ARG KAPACITOR_VERSION
 FROM kapacitor:$KAPACITOR_VERSION
 
-# Install Python and other necessary packages
+# Install Python and necessary packages in a single layer, minimize image size
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends python3 python3-dev python3-pip python3-venv git && \
-    pip install -U pip && \
-    pip uninstall -y setuptools && \
-    apt-get clean && \
+    apt-get install -y --no-install-recommends \
+        python3 python3-pip git ca-certificates && \
+    python3 -m pip install --no-cache-dir --upgrade pip && \
+    apt-get purge -y --auto-remove && \
     rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
-RUN mkdir -p /app/kapacitor-${KAPACITOR_VERSION} && \
-    git clone --single-branch -b v${KAPACITOR_VERSION} \
-    https://github.com/influxdata/kapacitor.git /app/kapacitor-${KAPACITOR_VERSION} && \
-    mv /app/kapacitor-${KAPACITOR_VERSION}/udf/agent/py /app/kapacitor_python && \
-    rm -r kapacitor-${KAPACITOR_VERSION}
+# Clone only the required files to reduce image size
+RUN git clone --depth 1 --filter=blob:none --sparse --branch v${KAPACITOR_VERSION} \
+    https://github.com/influxdata/kapacitor.git /tmp/kapacitor && \
+    cd /tmp/kapacitor && \
+    git sparse-checkout set udf/agent/py && \
+    mv /tmp/kapacitor/udf/agent/py /app/kapacitor_python && \
+    rm -rf /tmp/kapacitor
 
 ARG TIMESERIES_UID
 ARG TIMESERIES_USER_NAME
 ARG PYTHON_VERSION
-RUN groupadd $TIMESERIES_USER_NAME -g $TIMESERIES_UID && \
-    useradd -r -u $TIMESERIES_UID -g $TIMESERIES_USER_NAME $TIMESERIES_USER_NAME
+
+# Create non-root user and group in a single layer for smaller image and better caching
+RUN groupadd --gid $TIMESERIES_UID $TIMESERIES_USER_NAME && \
+    useradd --no-log-init --system --uid $TIMESERIES_UID --gid $TIMESERIES_UID --create-home $TIMESERIES_USER_NAME
 
 COPY ./requirements.txt .
 
-RUN pip3 install -r requirements.txt
+# Install Python dependencies efficiently and clean up cache to reduce image size
+RUN pip3 install --no-cache-dir -r requirements.txt
 
-ENV PYTHONPATH $PYTHONPATH:/tmp/py_package:/app/kapacitor_python/
-ENV LD_LIBRARY_PATH $LD_LIBRARY_PATH:/app/idp/lib
+# Set environment variables in a single ENV instruction for better layer caching
+ENV PYTHONPATH="$PYTHONPATH:/tmp/py_package:/app/kapacitor_python/" \
+    LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/app/idp/lib"
 
 # Adding classifier program
-COPY ./src/classifier_startup.py /app
-COPY ./src/opcua_alerts.py /app
-COPY ./src/mr_interface.py /app
-COPY ./config.json /app
-# Add configs
+# Copy Python source files in a single layer for better caching
+COPY ./src/classifier_startup.py ./src/opcua_alerts.py ./src/mr_interface.py /app/
+
+# Copy configuration files and directories efficiently
+COPY ./config.json /app/
 COPY ./config/kapacitor*.conf /app/config/
-COPY ./tick_scripts /app/temperature_classifier/tick_scripts
-COPY ./udfs /app/temperature_classifier/udfs
+COPY ./tick_scripts /app/temperature_classifier/tick_scripts/
+COPY ./udfs /app/temperature_classifier/udfs/
 
-RUN apt-get remove --purge -y git
+# Remove git and clean up to reduce image size
+RUN apt-get purge -y --auto-remove git && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /root/.cache/pip
 
+# Switch to non-root user for security
 USER $TIMESERIES_USER_NAME
 
+# Simple healthcheck to verify container is running
 HEALTHCHECK --interval=5m CMD exit 0
 
 ENTRYPOINT ["python3", "./classifier_startup.py"]
