Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] Specify additional packages to be installed without rebuilding the Docker image #159

Open
mogul opened this issue Dec 19, 2020 · 1 comment
Open

[FR] Specify additional packages to be installed without rebuilding the Docker image #159

mogul opened this issue Dec 19, 2020 · 1 comment
Labels
enhancement New feature or request help wanted The team has de-prioritized this and could use your help!

Comments

@mogul
Copy link
Contributor

mogul commented Dec 19, 2020
edited

Is your feature request related to a problem? Please describe.

Brokerpaks sometimes need additional binaries installed in the environment where Terraform runs.

  • Terraform code sometimes makes use of provisioners to call specialized binaries at particular points during terraform apply.
  • Some Terraform providers are basically just wrappers around CLI binaries.

For example, in the AWS EKS brokerpak we're writing, we may need to be able to call kubectl or helm or aws to get specific things done. However, these binaries don't exist in the cfplatformeng/csb Docker image.

Describe the solution you'd like

It's unreasonable to ask the CSB team to make the image a kitchen-sink of tools that brokerpak authors might need. So instead I'd like to see a mechanism to specify additional packages to be installed at container start time. For example, if we could specify -e "ADDITIONAL_PACKAGES=kubectl helm aws" to docker run, that would work well.

Describe alternatives you've considered

Using custom images in government work comes with additional security/compliance baggage, and we try to avoid that wherever possible by using official images that get signed when they're built by Docker Hub.

To add the binaries to the Terraform environment on our own, we have to either rebuild the image or derive from it in a custom one, even though the only change is to add a single RUN apk add --update kubectl helm aws line.

Alternatively, we could do the equivalent of

RUN apk update
RUN apk upgrade
RUN apk add --update kubectl helm

...as a startup command. This feels like cheating, though. ;)

Additional Context

Priority

Medium

Priority Context

We can build our own image as described above for now, but we'd like that to be unnecessary by the time we start getting audited for gov compliance (mid-Feb or so). Our team successfully getting to production with a compliant EKS brokerpak would set precedent for a lot more authoring of brokered services and use of Cloud Foundry/OSBAPI (in the form of cloud.gov, or agency-specific deployments of PCF) in government.

Platform

AWS in this case, though it's not relevant for the feature request.

Applicable Services

AWS EKS in this case, though it's not relevant for the feature request.
@mogul mogul added the enhancement New feature or request label Dec 19, 2020
@omerbensaadon omerbensaadon added the help wanted The team has de-prioritized this and could use your help! label Jan 25, 2021
@dmachard
Copy link
Contributor

Hello,

I think the better way is to rebuild the own image. In my case, I need python3 (used in local-exec provisionner), I have created the following docker file. Simple and efficient :)

FROM cfplatformeng/csb:latest

RUN true \
    && apk add python3 \
    && apk add py3-pip \
    && pip install requests\
    && true

Denis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted The team has de-prioritized this and could use your help!
Projects
Service Management Working Group
Status: Inbox
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mogul @dmachard @omerbensaadon