-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ecr-assets: can't use docker build options like --ssh/--secret available when BUILDKIT is enabled #14910
Comments
@SoManyHs can you comment on why this is an ecr-assets issue? |
Seems like a useful addition, contributions are welcome. |
Lack of support for BuildKit options like
None of the modern docker args like those for BuildKit are explicitly supported via options params, and there's no mechanism for decorating any CDK-created docker commands with additional args to allow for CLI updates that haven't been coded for yet in the CDK. In the meantime, I've posted a placeholder solution for my use cases to this gist: https://gist.github.com/rob3c/8bf845918bc5270c5e22da0674081f90 It has functions Here's sample usage showing lambda code built using BuildKit new aws_lambda.Function(this, 'MyLambda', {
runtime: aws_lambda.Runtime.DOTNET_CORE_3_1,
code: assetCodeFromDockerBuildKitBuild(buildContextDir, {
buildArgs: { CONFIG: 'Release' },
secrets: { nuget_config: 'NuGetPrivateFeed.Config' },
additionalArgs: {
'--progress': 'plain',
'--ssh': 'myserver=$HOME/.ssh/myserver_rsa',
},
}),
handler: 'MyAssembly::MyNamespace.MyHandlerClass::MyHandlerMethod',
}); |
@peterwoodworth @eladb How can I achieve the same effect as "DOCKER_BUILDKIT=1 docker build --secret id=aws,src=$HOME/.aws/credentials --progress=plain" through awscdk/awsecrassets asset := awsecrassets.NewDockerImageAsset(stack, jsii.String("dockerImage"), &awsecrassets.DockerImageAssetProps{
Directory: jsii.String(path.Join(dir, "./app")),
}) I really need to pass aws/credentials when building the docker image, because I want to import another aws codecommit (golang project) as a module.
|
@hxy1991 See my message and the gist I posted a link to. There are functions that produce |
@eladb as a simple half step to adding all the new BuildKit args, would a generic |
@rob3c Would you know how to use your code with an |
Buildkit is now the default in Docker for Mac. This means pretty much any of the docker build integrations currently across cdk won't work. |
It seem currently cdk not support with ssh/secret option. |
Please work on this, this is a blocker for my team |
Partially closes #14910 and #14395 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Construct Runtime Dependencies: * [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
@hizvi could this issue be reopened? It has only been partially solved: the |
docker build options
--ssh
/--secret
can not be used withaws-ecs.AssetImage
oraws-ecr-assets.DockerImageAsset
these options are available with docker build when
DOCKER_BUILDKIT=1
is enabled.Use Case
Docker image builds may require access to private resources that require ssh keys and/or secrets. Docker BuildKit allows mounting them safely.
Proposed Solution
The docker utility in cdk already has options for build args and such. the
--ssh
and--secret
options can be implemented similarly.Other
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: