-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ECS, Fargate]: Support for building Docker containers #95
Comments
Privileged mode might also be less of a big deal once everything's moved over to Firecracker |
You can build docker images in AWS CodeBuild any reason not to use CodeBuild? |
Thanks, yeah, CodeBuild is an option and it would work. However, it would require quite some effort on our end. It would mean changes to our pipeline scripts and additional effort to setup things outside of Jenkins (CodeBuild project, buildspec, etc...). We were hoping to run our pipelines just the way they are in Fargate instead of EC2. Now if CodeBuild would run as a Jenkins agent, that would be awesome. |
We ended up building https://github.com/buildkite/codebuild-run-build for running commands in codebuild and streaming the output to stdout. Works nicely with CI systems and Fargate. |
Any update for any work to be done on this or put into consideration? This could be really useful for CI/CD on Fargate. Please let us know if there would be work into this proposal. Thanks! |
I also have an interest in using Fargate to run a job that produces an image of a database snapshot/dump. It's not of our code so CodeBuild doesn't seem to fit. I'll be looking at Kaniko. Still, wanted to voice that feature supporting these use cases via Fargate would be nice. |
Another issue with Fargate for CI is that, even if you manage to succeed with Kaniko, the container launch times is just too long. It takes quite a long time (about 15s to sometimes 2 minutes) until the container is provisioned, up and running and ready to build. If the provisioning can be quicker, this would be an even more better fit for CI. |
Also, there is a possibility to use Kaniko to build container images from a Dockerfile, inside a container. |
It would be fantastic for our company to have Fargate with permissions to building containers. Our platform generates code and containers dynamically, and currently we use Fargate for most of the customer source code build tasks. So this feature would be great for our architecture and for consolidation of our process (Code generation + Build images). |
+1 for this feature |
+1 for this feature as well. would be great to have |
+1 Our app is connection to the database during the build to generate some Java classes. This is must have for us! |
+1 We would like to be able to build containers using Jenkins on Fargate |
Sorry for off-topic, could someone share how he managed the solution running on ECS based on EC2? |
Here are some quick snippets of what I did that seems to work so far: in the launch template for the EC2 ECS Host CF:
For the Task of a Jenkins agent:
Under container Settings:
|
@MikeKroell but this is for EC2 launch type not fargate? |
No, this was for @fniko who was asking for something off-topic for how to use EC2 ECS as a workaround. |
+1 for this feature |
I'd also love to see a native build service which supported Cloud Native Buildpacks. |
+1 for this feature. |
FYI there was recently an AWS blog post on building container images on EKS / Fargate with Kaniko. I also wrote some guidance on building images on ECS / Fargate with Kaniko here |
And here's a corresponding blog post for building container images on ECS/Fargate using Kaniko. |
@SaloniSonpal or @ollypom thanks for both blog posts. I've never used Kaniko but my application has a lot of code written around docker-py (python library for talking to docker socket). Do you know if Kaniko has something similar or if it is run only at the command line? |
Hi @matthewchung74 I'm assuming here that you are using Kaniko is not a long running daemon, like Docker is, instead Kaniko would perform a single container image build and then stop. For each Docker Build that you wanted to run, you would bring up a single instance of Kaniko in an ECS Task, perform the build, push the image, and then the ECS Task would stop. For parallelization you could have multiple ECS Tasks running at the same time. As described in the blog post, you can trigger an ECS Task running Kaniko with the |
Thanks @ollypom, and yes, the Docker Python Client. I do have a follow up question if that's ok. I am working on a CI/CD where I would need the output of the build logs as well as running the container (locally since it needs to be a fast test) for a verification test using AWS Lambda RIE, before pushing to ECR and AWS Lambda. I see I could use cloudwatch for the logs, but then would I need to run docker anyways in order to do my verification test? |
+1 for this feature. |
+1 for this feature |
1 similar comment
+1 for this feature |
@SaloniSonpal Why was this closed? The Kaniko workaround doesn't fulfil the rquest. We bring up Jenkins slave Docker agents in Fargate using |
Actually, you can combine them together. |
Any update on this, I need to run Docker-in-Docker or maybe use the fargate host docker deamon to spin up some containers from inside of an Pod but it isn't seems to be possible as, we cannot escalate to root privileges on the Pods and neither mount the docker socket of Fargate node (if it exists) to pod. |
Any updates on this request? Running Github Actions on Self Hosted runners with EKS. Would be helpful to evaluate EKS Fargate profiles for these use cases |
Would like to use Docker-in-Docker to enable github action jobs that run inside containers. |
To get around the issue, one could also consider using Buildah Build action. |
Any updates? This is a must-have feature for a lot of organizations since 2019 at least. |
+1 |
1 similar comment
+1 |
You actually don't need Docker to build Docker containers. Install |
Using a debian image podman is nor working, similar issue with docker on a container.
|
@smartin-qb Apologies, indeed it does require namespace support, which Fargate doesn't have. |
+1 for this feature. Sadly does not work on Fargate, please please add this feature. |
+1 for this feature. any updates? or did they just close the issue and ignore the whole request? |
Kaniko is an imperfect solution to this problem. Issue #1 is that it trashes the container it's running on. This is problematic because you can't use it for future pipeline steps in a CI system without spinning up a whole new container after it's done building. Our specific case is We can't use the official kaniko base image because we're using the I understand why AWS has chosen to keep Fargate pretty locked down and inflexible, but it means it's pretty useless to us as a CI agent runner type. |
Tell us about your request
We're using Fargate for our CI builds. This works for most of our pipelines, except the ones building Docker images. Currently it's not possible to use Docker inside a Fargate container. Mainly I'd like to do
docker build
anddocker push
.Which service(s) is this request for?
This only applies to Fargate.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
We currently use ECS EC2 for pipelines building Docker images. However, we would love to use Fargate for all our pipelines (no EC2 maintenance, no autoscaling headache).
I understand that the usual ways of using Docker inside a container (mount host's socket or run container in privileged mode) probably won't be feasible (security) for Fargate. However, there are alternatives such as kaniko. It would be great to have something similar for Fargate.
Any thoughts on this?
The text was updated successfully, but these errors were encountered: