I’ve noticed that the official ai/* LLM images (ai/phi, ai/mistral, ai/meta-llama) are missing the EXPOSE 8000 instruction. It seems the sources are not publicly accessible, otherwise I would have submitted a PR to add it. Could somebody from Docker Inc. please add the missing instruction? I’d like to use these images in an an environment that requires EXPOSE to be available.
I’m not sure about the reason, but you can easily add expose when creating the container. It doesn’t have to be in the image.
https://docs.docker.com/reference/compose-file/services/#expose
Also when you add port forward rules, the container port is automatically added to the exposed ports. I know it is not a solution when you want to use your containrs behind a reverse proxy that detects the exposed ports, but the “expose” keyword should work.
If I have to guess why the EXPOSE instruction was not added to the image (Dockerfile), I would say maybe because you cannot “unexpose” a port. Similarly how you cannot remove an anonymous volume definition from an image and many people already stopped using it. EXPOSE is different of course as it refers to a port that can be expected in the final container. Unless of course someone decides to use another port when they base their image on existing images. Why they would do it, I’m not sure in this case, but that’s my guess.
You can try the expose keyword in compose or as a docker run option. In the meantime, I can try to find out where people can share their opinion about these images.
Thanks for your suggestions and help!
I require the EXPOSE instruction because I’m trying to serve an LLM for integration testing via GitLab CI services (MR for accessing GPUs in CI services is under review). GitLab CI services relies on the EXPOSE instruction to identify exposed ports and health-check the CI service. Official Docker images such as docker:dind, postgres, or mongo use the EXPOSE instruction to advertise exposed ports (I was linking to those Dockerfiles, but can’t post more than 2 links here 
). Hence, it’s only consistent when ai/* images do the same.
If you find the team that maintains the ai/* images, would you mind suggesting to open-source the packaging projects like github.com/docker-library, so the community can get involved?
It seems strange to rely on EXPOSE for ports, as multiple ports may be exposed by an image.
Reverse Proxy Traefik uses the EXPOSE to find ports, it will use the first one by default. But you can always override the port by setting explicitly the one to use in the config. I would expect the same from Gitlab CI.
It might be strange, but it’s a fact. See a shortened excerpt from the CI job log:
Waiting for services to be up and running (timeout 30 seconds)...
*** WARNING: Service runner-<REDACTED> probably didn't start properly.
Health check error:
service "runner-<REDACTED>" has no exposed ports
So the problem is that you probably didn’t define a specific healthcheck port.
So GitLab CI tries to detect the exposed ports, but it is still not required and you can set the env variable HEALTHCHECK_TCP_PORT to use a specific port.
I’m trying to learn more about these images, but I expressed myself poorly probably the first time so I try again. If I learn anything that can be shared publicly I will.
So the only public info I can share is that I passed your suggestion to Docker, but for now, if you have issues or any feedback about the images, you can share that here on the forum. I can forward it to Docker if I see it is necessary, but we have a couple of other users now who could do that. From time to time, we also see the Docker staff, so someone will answer, feel free to tag me (mention) in topics if you have problems with these images until another way is provided by the Docker team.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.