search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.47k stars 1.16k forks source link

Setting --docker-network option on sam build command has no effect #3609

Open bryancornies opened 2 years ago

bryancornies commented 2 years ago

Description:

When running sam build --docker-network host I am expecting the Docker container that is under build to use the network specified by the docker-network flag.

Steps to reproduce:

  1. Create a simple SAM project w/ PackageType=Image
  2. Add a RUN SLEEP 100 to the Dockerfile to force the build process to pause so it can be inspected
  3. Run sam build --docker-network host
  4. While the Docker image is building, run docker inspect --format='{{range $k, $v := .NetworkSettings.Networks}}{{$k}}{{end}}' [container]

Observed result:

Regardless of what is passed to the --docker-network flag, the under-build Docker container always uses the bridge network.

Expected result:

I would expect the under-build Docker container to use the network specified by the --docker-network option.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

SAM CLI version: 1.36.0 OS: CentOS 7 AWS region: us-east-2 PackageType: Image

$ sam build --docker-network host --debug
2022-01-31 14:01:52,006 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2022-01-31 14:01:52,006 | Using config file: samconfig.toml, config environment: default
2022-01-31 14:01:52,006 | Expand command line arguments to:
2022-01-31 14:01:52,006 | --template_file=/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/template.yaml --docker_network=host --build_dir=.aws-sam/build --cache_dir=.aws-sam/cache 
2022-01-31 14:01:52,173 | 'build' command is called
2022-01-31 14:01:52,180 | No Parameters detected in the template
2022-01-31 14:01:52,204 | 2 stacks found in the template
2022-01-31 14:01:52,204 | No Parameters detected in the template
2022-01-31 14:01:52,251 | 2 resources found in the stack 
2022-01-31 14:01:52,251 | No Parameters detected in the template
2022-01-31 14:01:52,286 | Found Serverless function with name='TeamCityAgentAuthorizer' and ImageUri='None'
2022-01-31 14:01:52,286 | --base-dir is not presented, adjusting uri ./TeamCityAgentAuthorizer relative to /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/template.yaml
2022-01-31 14:01:52,287 | --base-dir is not presented, adjusting uri . relative to /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/template.yaml
2022-01-31 14:01:52,287 | No Parameters detected in the template
2022-01-31 14:01:52,327 | Instantiating build definitions
2022-01-31 14:01:52,338 | Unique function build definition found, adding as new (Function Build Definition: BuildDefinition(None, /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer, Image, , a9f8019e-0096-44eb-bfcc-2c4be9e5504b, {'DockerTag': 'dev', 'DockerContext': '/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/TeamCityAgentAuthorizer', 'Dockerfile': 'Dockerfile'}, {}, x86_64, []), Function: Function(name='TeamCityAgentAuthorizer', functionname='TeamCityAgentAuthorizer', runtime=None, memory=None, timeout=10, handler=None, imageuri=None, packagetype='Image', imageconfig=None, codeuri='/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer', environment=None, rolearn=None, layers=[], events={'HelloWorld': {'Type': 'Api', 'Properties': {'Path': '/hello', 'Method': 'get', 'RestApiId': 'ServerlessRestApi'}}}, metadata={'DockerTag': 'dev', 'DockerContext': '/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/TeamCityAgentAuthorizer', 'Dockerfile': 'Dockerfile'}, inlinecode=None, codesign_config_arn=None, architectures=['x86_64'], stack_path=''))
2022-01-31 14:01:52,339 | Building codeuri: /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer runtime: None metadata: {'DockerTag': 'dev', 'DockerContext': '/home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/TeamCityAgentAuthorizer', 'Dockerfile': 'Dockerfile'} architecture: x86_64 functions: ['TeamCityAgentAuthorizer']
2022-01-31 14:01:52,339 | Building to following folder /home/bryan.cornies/repos/git/bids/teamcity-agent-authorizer/.aws-sam/build/TeamCityAgentAuthorizer
2022-01-31 14:01:52,340 | Building image for TeamCityAgentAuthorizer function
2022-01-31 14:01:52,344 | Setting DockerBuildArgs: {} for TeamCityAgentAuthorizer function
wchengru commented 2 years ago

Thanks for raising the issue! sam build does not build inside a container by default. Can you please try using the --use-container option to enable building inside container? sam build --docker-network <network id> --use-container

bryancornies commented 2 years ago

I tried running sam build --docker-network host --use-container but the network still shows as bridge when the container is running. It appears to me that sam's --docker-network option doesn't get passed to the docker build --network option:

--network string Set the networking mode for the RUN instructions during build (default "default")

The specific issue I'm running into is one of the RUN commands in my Dockerfile performs a yum install from behind a proxy. The command fails because our corporate proxy is not reachable from the default bridge Docker network so I have to be able to set the network to host when building the Docker image.

alxdembo commented 1 year ago

Can confirm - there is no effect from using --docker-network host flag

mathieucoinmiles commented 9 months ago

Why was this closed, is there a solution I'm not seeing?

safejace commented 2 weeks ago

does anybody have a solution for this? i am having this issue too!!!