fierlion
commented
3 years ago https://github.com/aws/containers-roadmap/issues/1072 <- a similar request which originated in ecs-agent repo
Open arkadiyt opened 4 years ago
fierlion
commented
3 years ago https://github.com/aws/containers-roadmap/issues/1072 <- a similar request which originated in ecs-agent repo
Summary
I'd like to run my ECS task containers on top of gVisor. It seems that this was possible in the past on ECS using an approach like this one: https://aarongorka.com/blog/gvisor-on-ecs/
Notably the author had to disable the init system and ran the ecs-agent container through docker directly, and also had to manually set some volume binds and other settings. I tried to follow the same approach (updating to include new binds since the post was written, add the NET_ADMIN/SYS_ADMIN capabilities, etc), but in the end it still fails because ecs-agent added an explicit check for not being run directly: https://github.com/aws/amazon-ecs-agent/blob/7fb101189ae57170a2cc2976d086bec5a4146b97/agent/app/agent_unix.go#L65-L73
It would be great if amazon-ecs-init allowed specifying the runtime so I could run task containers on gVisor and let ecs-agent continue to use runc