Firecracker Python Web
Overview
Section titled “Overview”FastAPI-ready Python rootfs used by the staff-side Firecracker deployment (firecracker-ctl-net). Built as a multi-stage Docker image whose final layer (alpine 3.21 + /rootfs.ext4) ships a cp entrypoint so the in-cluster stage Job can run the image directly and copy /rootfs.ext4 onto the firecracker rootfs PVC.
This is the long-lived deploy rootfs for endpoints submitted through the dashboard IDE — week-to-month TTL VMs where paying a build-time pip install is the right tradeoff for instant boot. Quick one-shot VMs keep the smaller alpine-python rootfs plus the shared pip-cache.
What’s baked in
Section titled “What’s baked in”- Alpine 3.21 + Python 3.12
py3-pip,py3-requests,py3-httpx,py3-urllib3,py3-certifi(apk)fastapi,uvicorn,starlette,python-multipart,email-validator,websockets,anyio,sniffio,h11,click(pip, musllinux wheels)ca-certificates-bundle,ca-certificates,iproute2/etc/resolv.confwith1.1.1.1and8.8.8.8/initmounts/proc,/sys,/dev, brings uplo+eth0, thenexec /entrypoint
Three ecosystems
Section titled “Three ecosystems”| Image | Deployment | Network | DNS | requests baked | FastAPI baked |
|---|---|---|---|---|---|
alpine-python | firecracker-ctl (public quick) | none | no | no | no |
firecracker-python-net | firecracker-ctl-net (staff, short-lived) | TAP via Gluetun/WireGuard | yes | yes | no |
firecracker-python-web (this) | firecracker-ctl-net (staff, long-lived) | TAP via Gluetun/WireGuard | yes | yes | yes |
npx nx run firecracker-python-web:containernpx nx run firecracker-python-web:extractOutput: packages/docker/firecracker/python/web/dist/python-web.ext4.
Publish
Section titled “Publish”npx nx run firecracker-python-web:container:productionPushes ghcr.io/kbve/firecracker-python-web:latest and :<version>.