Member-only story
Faster Python in Docker
Get maximum performance from your containers
TL;DR: With some simple tweaks to your configuration, you can improve the execution of Python code inside Docker containers to almost native speeds:
- On an Ubuntu host, the benchmark execution time in Docker was about twice the native time; this difference could be negated by modifying the security settings of the container
- The difference was much smaller when running well-optimised code — rather than code with (unnecessary) for-loops
- On a Windows host, Python code actually ran faster inside Docker, and the container security settings did not appear to affect execution speed as much
I tested a bunch of configurations. The most benefit (in terms of execution speed) came from disabling the secure-computing profile active within the container. Of course, this has security implications that must be considered. It’d not be advisable when running untrusted code to:
Disable seccomp and set its profile to unconfined when launching the container:
--security-opt seccomp=unconfinedFor example, to run the demo container from this piece would be like:
docker run -it --security-opt seccomp=unconfined 4oh4/piIntroduction
We recently noticed some compute-heavy processing was running slower than expected inside Docker containers. Sure, some overhead from running the container is to be expected, but when it causes a noticeable slowdown, we might start to question whether the convenience is worth it.
A lot of this comes down to security. When running trusted workloads, we have the option to get better performance by disabling some of these protections.
Overview of this article
The piece is written so you can skim through quickly. Key takeaways and methods are at the top, whereas results and explanations get more detailed the further down you go:
- Benchmarking performance with the Phoronix Test Suite
- Custom Python benchmark
- Modifying the secure-computing (
seccomp) profile
