I read some articles about using a virtual environment in Docker. Their argument are that the purpose of virtualization in Docker is to introduce isolation and limit conflicts with system packages etc.
However, aren’t Docker and Python-based images (e.g., python:*) already doing the same thing?
Can someone eli5 this whole thing?
I can think of only two reasons to have a venv inside a container:
If you’re running third-party services inside a container, pinned to different Python versions.
If you do local development without docker and scripts that have to activate the venv from inside the script. If you move the scripts inside the container, now you don’t have a venv. But then it’s easy to just check an environment variable and skip, if inside Docker.
For most applications, it seems like an unnecessary extra step.
If you do multi stage builds (example here) it is slightly easier to use venvs.
If you use the global environment you need to hardcode the path to global packages. This path can change when base images are upgraded.
How is forcing your script to be Docker-aware simpler than just always creating a venv?
One Docker env variable and one line of code. Not a heavy lift, really. And next time I shell into the container I don’t need to remind everyone to activate the venv.
Creating a venv in Docker just for the hell of it is like creating a symlink to something that never changes or moves.
How can you be sure it’s one line of code? What if there are several codepaths, and venvs are activated in different places? And in any case, even if there is only one conditional needed, that is still one branch more than necessary to test.
Your symlink example does not make sense. There is someting that is changing. In fact, it may even be the opposite: if you need to use file A in s container, and file B otherwise, it may make perfect sense to symlink the correct file to C, so thst your code does not need to care about it.