search

cloudfoundry / cloud-service-broker

OSBAPI service broker that uses Terraform to provision and bind services. Derived from https://github.com/GoogleCloudPlatform/gcp-service-broker
Apache License 2.0
81 stars 38 forks source link

[FR] Specify additional packages to be installed without rebuilding the Docker image #159

Open mogul opened 3 years ago

mogul commented 3 years ago

Is your feature request related to a problem? Please describe.

Brokerpaks sometimes need additional binaries installed in the environment where Terraform runs.

For example, in the AWS EKS brokerpak we're writing, we may need to be able to call kubectl or helm or aws to get specific things done. However, these binaries don't exist in the cfplatformeng/csb Docker image.

Describe the solution you'd like

It's unreasonable to ask the CSB team to make the image a kitchen-sink of tools that brokerpak authors might need. So instead I'd like to see a mechanism to specify additional packages to be installed at container start time. For example, if we could specify -e "ADDITIONAL_PACKAGES=kubectl helm aws" to docker run, that would work well.

Describe alternatives you've considered

Using custom images in government work comes with additional security/compliance baggage, and we try to avoid that wherever possible by using official images that get signed when they're built by Docker Hub.

To add the binaries to the Terraform environment on our own, we have to either rebuild the image or derive from it in a custom one, even though the only change is to add a single RUN apk add --update kubectl helm aws line.

Alternatively, we could do the equivalent of 

RUN apk update
RUN apk upgrade
RUN apk add --update kubectl helm

...as a startup command. This feels like cheating, though. ;)

Additional Context

Priority

Medium

Priority Context

We can build our own image as described above for now, but we'd like that to be unnecessary by the time we start getting audited for gov compliance (mid-Feb or so). Our team successfully getting to production with a compliant EKS brokerpak would set precedent for a lot more authoring of brokered services and use of Cloud Foundry/OSBAPI (in the form of cloud.gov, or agency-specific deployments of PCF) in government.

Platform

AWS in this case, though it's not relevant for the feature request.

Applicable Services

AWS EKS in this case, though it's not relevant for the feature request.

dmachard commented 3 years ago

Hello,

I think the better way is to rebuild the own image. In my case, I need python3 (used in local-exec provisionner), I have created the following docker file. Simple and efficient :)

FROM cfplatformeng/csb:latest

RUN true \
    && apk add python3 \
    && apk add py3-pip \
    && pip install requests\
    && true

Denis