Open jmreicha opened 5 years ago
Thank you for request. There are currently no plans for Docker image installation yet. Why are you looking at running the agent in a container rather than on the host?
For me, it's just easier to deal with containers on systems that don't have a package manager.
It's not something we are working on, but we'll keep this issue open to track the request for future.
EKS worker nodes doesn't provide ssm agent by default . It would be nice if we can get an official image so that we can run as a daemonset on nodes. https://github.com/awslabs/amazon-eks-ami/issues/127
I'm really surprised that a docker image isn't a priority for SSM Agent. As we move to immutable infrastructure, we plan on simply spinning up containers to execute admin tasks in private subnets. For instance, we might have a container that executes a database migration on an RDS instance in the private subnet. Ideally, we could spin up the container and use SSM agent to access the container while we execute the various commands that we need.
It seems like AWS is providing as many managed/containerized services as possible, so a question like "Why are you looking at running the agent in a container rather than on the host?" is a surprising one to hear -- many of AWS' services only have a container
A docker build for ssm agent would immediately provide value to us and obviate the need to manage ec2 instances -- we could operate entirely on Fargate/ECS, which would make backend infrastructure management incredibly simple
@ajhool The docker file (if you were to build from source) will look like this (see code below).
Some quick things to note:
FROM golang:1.11.13-alpine3.10 as build
WORKDIR /workspace/src/github.com/aws/
RUN apk -Uv add --no-cache bash git make \
&& git clone --depth 1 https://github.com/aws/amazon-ssm-agent.git \
&& cd amazon-ssm-agent \
&& gofmt -w ./agent/agentlogstocloudwatch/cloudwatchlogspublisher/cloudwatchlogs_publisher_test.go \
&& gofmt -w ./agent/rip/riputil.go \
&& gofmt -w ./agent/s3util/riputil.go \
&& gofmt -w ./agent/session/datachannel/datachannel.go \
&& go get golang.org/x/tools/cmd/goimports \
&& goimports -w ./agent/crypto/mocks/IBlockCipher.go \
&& goimports -w ./agent/health/mocks/IHealthCheck.go \
&& goimports -w ./agent/hibernation/mocks/IHibernate.go \
&& goimports -w ./agent/plugins/configurepackage/birdwatcher/facade/mocks/BirdwatcherFacade.go \
&& goimports -w ./agent/s3util/riputil.go \
&& goimports -w ./agent/session/communicator/mocks/IWebSocketChannel.go \
&& goimports -w ./agent/session/controlchannel/mocks/IControlChannel.go \
&& goimports -w ./agent/session/datachannel/mocks/IDataChannel.go \
&& goimports -w ./agent/session/plugins/sessionplugin/mocks/ISessionPlugin.go \
&& goimports -w ./agent/session/service/mocks/service.go \
&& make build
@BrianMaldo your docker file doesn't seem to be working anymore. I got the following error:
Run 'go vet'
# runtime/cgo
exec: "gcc": executable file not found in $PATH
make: *** [makefile:39: checkstyle] Error 2
I added gcc to the apk add command and then got the following error:
Run 'go vet'
# runtime/cgo
_cgo_export.c:3:10: fatal error: stdlib.h: No such file or directory
#include <stdlib.h>
^~~~~~~~~~
compilation terminated.
make: *** [makefile:39: checkstyle] Error 2
I'm also of the mindset we need SSM Agent in Docker. I'd like to use it as a Bastion to access VPC internals, not necessarily the deployed applications Docker.
I see the initial use-case is for "pet" EC2 Instances instead of cattle containers or instances. However, bastions are still needed and they fall into the "pet" category. Having a pet dockerized bastion in Fargate is the dream.
Here's a working Dockerfile
https://gist.github.com/ipmb/a8213fb459c27178f88dda7149c35be2
Nice ! Any official helm chart for this so we can run on each EKS clusters?
On Tue, Mar 31, 2020 at 12:47 PM Peter Baumgartner notifications@github.com wrote:
Here's a working Dockerfile https://gist.github.com/ipmb/a8213fb459c27178f88dda7149c35be2
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/aws/amazon-ssm-agent/issues/135#issuecomment-606744456, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADVDHUKU2XHTHS2POZXXHGTRKINA3ANCNFSM4GBXGCHQ .
-- Thanks & Regards surya (510-574-6780)
Any update on a docker image for this?
Any update?
I'm looking at running this on CoreOS which doesn't provide a package manager. Are there any plans for a Docker image installation?