-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core: push SOCI index when publishing docker image assets #26413
Comments
Thanks for submitting this feature request @tmokmss. |
Thank you @tmokmss Where would you expect the index to be built? From the local environment where CDK bundles and publishes the assets or from the lambda function? I guess the best solution might be transparently build the index when CDK bundles and publishes the container image assets but this requires the client to install the |
@pahud Personally I think building it locally is preferable, because using CFn custom resource would introduce some overhead such as triggering Lambda from CFn, pulling images from ECR, etc. It would also have several limitations like RAM or 15min duration (idk how long it usually takes to create an index though.) That said, soci-snapshotter appears to only run on Linux to build an index (I'm confirming it on this thread). Also soci commands seems to require
|
For anyone interested in this issue, I published an experimental construct to build and publish a SOCI index: deploy-time-build. You can push a SOCI index during CFn deployment by the following code: npm install deploy-time-build import { SociIndexBuild } from 'deploy-time-build;
const asset = new DockerImageAsset(this, 'Image', { directory: 'example-image' });
SociIndexBuild.fromDockerImageAsset(this, 'Index', asset); |
Hi @tmokmss does it mean the client will need to install additional tool for that? |
@pahud No, the above construct works as a custom resource on Lambda and CodeBuild, so there's no dependency on a local machine. As far as I researched, building a SOCI index locally is difficult for now. |
Describe the feature
Recently Seekable OCI (SOCI) has become supported on ECS Fargate (blog) to launch Fargate tasks faster.
It can help if CDK automatically builds and publishes a SOCI index for a docker image assets.
Use Case
To easily publishes SOCI index from CDK, and eventually increasing the speed of Fargate cold start for large container images.
Proposed Solution
NOTE: I published an experimental construct for this feature: #26413 (comment)
Run soci-snapshotter locally on cdk deploy, and publish the artifact to ecr. Whether cdk publishes SOCI index or not should be optional because sometimes it will slow down fargate startup time especially for small images (ref).
Other Information
There is already a solution to automatically build and push SOCI index when an image is pushed to ECR.
https://aws-ia.github.io/cfn-ecr-aws-soci-index-builder/
Because this solution publishes a SOCI index asynchronously, sometimes the index is not ready yet when a Fargate task launches. The CDK solution might be better in that we can easily set dependencies between assets and ECS task definition, which allows to wait an update of task definition until the corresponding SOCI index is available.
Acknowledgements
CDK version used
2.87.0
Environment details (OS name and version, etc.)
macOS
The text was updated successfully, but these errors were encountered: