(ecr-deployment): new aws-ecr-deployment module #12597
Comments
jabrennem
added
feature-request
NGL321
changed the title
github-actions
bot
added
the
@aws-cdk/aws-ecr-assets
|
Repurposed this issue as "ecr-deployment". CDK assets (s3/ECR) are designed to be referenced from within CDK apps and not as a tool to publish docker images for external consumption. There are multiple places in the CDK and CDK pipelines which rely on the idea that all docker assets are published to the same repository. I can see a use case for something like "s3-deployment" for docker images (which will replicate a docker image asset to a specific ECR repository), but this is currently not something we have. Happy to accept contributions. |
|
I see. Thanks for the response. It does seem better to refocus this issue towards an "ecr-deployment" module rather than change how assets are handled. |
|
I'm not sure that I agree with that. For example - I want a standardized image to support the lambda functions my company produces. It sounds to me like there would be a separate repository then for each lambda/image. How would we reference the image repository if CDK munges the name, because we can't set it? |
eladb
changed the title
github-actions
bot
added
the
@aws-cdk/assets
eladb
changed the title
@elad Did we decide that we will try to support this approach after all, given your #2663 (comment) in #2663? |
|
@SoManyHs yes, it was a comment on the issue before it was repurposed. Edited. |
|
People on this thread, make sure to +1 so that we are able to prioritize this. |
eladb
added
effort/medium
|
@eladb @jabrennem I wrote a const image = new DockerImageAsset(this, 'CDKDockerImage', {
directory: path.join(__dirname, 'docker'),
});
new ecrDeploy.ECRDeployment(this, 'DeployDockerImage', {
src: new ecrDeploy.DockerImageName(image.imageUri),
dest: new ecrDeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/test:nginx`),
}); |
Hi, can you help approve this PR there? https://github.com/wchaws/cdk-ecr-deployment/pull/31 |
|
The CDK should not even send assets to a central repo. So it might have to do a v2 of DockerImageAsset, as right now it sends it to aws-cdk/assets, which is just icky. |
|
Actually, wouldn't this be better? const asset = new DockerImageAsset(this, 'DockerImage', {
directory: path.join(__dirname, './my-image'),
repoName: 'my-app-repo',
imageName: 'my-image:1.0.0'
});Then the ECR repo url is determined by the AWS account you're using. If repoName/imageName are given, the new functionality is used, otherwise it goes to |
|
A use case I haven't seen mentioned here is the one I'm looking into. If using CDK for a service catalogue (@aws-cdk/aws-servicecatalog-alpha) the assets need to exist separately from the stack deployed into the service catalogue. While we could just give permission to the CDK bootstrap stack for this, it would make more sense to have a separate assets stack to sit along side the stack representing the catalogue item, so that life-cycle etc could be managed expliciltly |
|
@elhedran The assets needed by the stack are a dependency of the stack deployment. In terms of software, that which changes together stays together. A core aspect of the Single Responsibility Principle is...
Since the asset is a dependency of that stack, it should be integrated with that stack, because the need for it will change with the need for the stack. I would see separating them as a software development anti-pattern. I might abstract them if there were a lot of them, but generally speaking still keep them together. |
|
@TrentonAdams - While I'd normally agree that the assets stay with the stack, when attempting to that with (https://docs.aws.amazon.com/cdk/api/v1/docs/aws-servicecatalog-readme.html) the service catalog product construct pretty much the first error you will hit is that you can't have the assets in the stack. To be exact on the error that will be encountered: I assume this is because what is published to the service catalog is just the synthesized cloud formation template, and not assets. However if you can show working code where something using the service catalog Product construct includes assets directly I'd be very happy to change my approach. Trust me, in all the stacks that are not trying to publish under service catalog, the assets are indeed integrated with the stack. |
madeline-k
added
effort/large
|
This is still a problem. cdk-ecr-deployment would solve my problem, except it's brutally slow. cdklabs/cdk-ecr-deployment#194 and I literally can't sell that developer experience to my devs. As far as I can see, re-writing the lambda in TypeScript (or python) would immediately solve this problem. And... I can't see any reason for it to be in golang. |
|
Great news! The CDK team will be picking this up and designing a package in the |
kaizencc
changed the title
Will there be an issue you can link to for feedback from the community? One additional thing I just considered, is that perhaps this new package should create an "asset" stack, named the same as the stack using it. That way, the "asset" stack is created prior to the stack in question, and then it just uses it. |
We're always happy to hear feedback. Generally, this issue is the right place to provide feedback. Were you thinking of something different? As for your suggestion, the |
|
Check out cdk-docker-image-deployment, a new library that gives you control of the tags and organization of your Docker image assets. Right now, it lives in cdklabs and will be maintained by the cdk team, but depending on its popularity we may add it to the core aws-cdk-lib library as well. We are excited to get your feedback and hear what features you would like to see added! |
|
@scanlonp First of all, thank you so much for all your effort! I just replaced my code with this library and I was surprised by the number of extra resources created by the stack. From my point of view, it is a bit intrusive to create 7 new roles with their policies in order to run CodeBuild using 4 lambdas and 1 state machine function. To be honest I was tempted to give it a try because I was trying to upload the image cleaner than cdk-ecr-deployment library. In my opinion, it would be much better if we could reuse all those resources for any image that we'd like to upload to any ECR repo (perhaps as a dependency stack, does that make sense?). Do you know if there is a way to do that? And if not, is there a way to specify which role the custom resource should use? I didn't find anything in the repo, but maybe you are working on something similar. I think it would not only help to reduce the number of resources, but also allow us to continue to divide the responsibilities between implementation and permissions. |
|
@fjinkis thanks for the suggestion! I agree that the construct does create a fair number of resources, although for good reason. The construct does not support it currently, but sharing resources is definitely desirable in the future. I opened up this feature request cdklabs/cdk-docker-image-deployment#29 if you would like to discuss further. |
|
Closing this issue as the work has been completed. Any further issues should be opened in the cdk-docker-image-deployment repo. |
|
|
I'm not sure if this issue should be closed. The proposed solution was to have an option to set your own ecr repository without relying on the cdk/assets repository... The new library still uses the cdk/asset repository, so if i want to delete any of my images I would have to manually create a lifecycle rule for each one of my services based on their tag? I can definitely do that maybe with aws-sdk but I still believe being able to bypass the cdk/assets repository would be a better way to go. |
|
@TheRealAmazonKendra cdk-docker-image-deployment does not appear to work for non-Javascript languages, and in addition has seen no sign of activity for months. |
|
This issue is linked from this page:
This adds to the confusion, because on one side it is suggesting this might be natively integrated in the aws-cdk, but on this issue it is suggesting that this is supposed to be maintained as a third-party repository (while we see it is not really maintained). |
Now we can say for years. |
|
Having to deal with broken and unmaintained unofficial libraries for deploying container images is beyond frustrating. Especially with multi-platform builds. Please consider reopening this issue. |
and others
🚀🚀🚀 The CDK team is picking up this feature request! Check below for more details!
We understand this is a highly desirable feature. Until we are able to integrate it into the CDK, we recommend considering the cdk-ecr-deployment library.
Let us know what you think! ❤️
Allow users to publish docker image assets to arbitrary ECR repositories. Similar to how s3-deployment works for S3:
I've been trying to identify if this is already supported. I am adding as a feature request. Let me know otherwise.
For this code snippet, is there a way to specify an image and tag that I want my local docker image to deploy to? I am posting the code in javascript since the example in the API reference is in JS, but my team uses python.
Use Case
I would like to use this feature to completely deploy my local image source code to ECR for me using an ECR repo that I have previously created in my CDK app or more importantly outside the app using an arn. The biggest problem is that the image cannot be completely abstracted into the assets repo because of auditing and semantic versioning.
Proposed Solution
Here is my proposed solution.
Other
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: