-
Notifications
You must be signed in to change notification settings - Fork 254
Introduce support for external EFS volumes #622
Conversation
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
How does |
@@ -6,6 +6,8 @@ go 1.15 | |||
// we need to create a new release tag for docker/distribution | |||
replace github.com/docker/distribution => github.com/docker/distribution v0.0.0-20200708230824-53e18a9d9bfe | |||
|
|||
replace github.com/awslabs/goformation/v4 => github.com/ndeloof/goformation/v4 v4.8.1-0.20200827081523-b7a7ac375adf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm... what's this ? :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
temporary workaround waiting for awslabs/goformation#300 to be fixed
// as "source security group" use an arbitrary network attached to service(s) who mounts target volume | ||
for n, vol := range project.Volumes { | ||
err := b.SDK.WithVolumeSecurityGroups(ctx, vol.Name, func(securityGroups []string) error { | ||
target := securityGroups[0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why requiring a string[] as parameter if we only use the first element ? (opened question, is it just because the AWS API returns a string[] in WithVolumeSecurityGroups
? )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes indeed, I'd like to keep sdk
as a thin wrapper on aws-go-sdk and not introduce too much logic there
this is the filesystem ID (unique). As an external volume, setting
Nope, nothing helped resolve access from the container, that's why I have to register a dedicated ingress rule to allow NFS traffic between (at least one) service's securityGroup and EFS volume (a distinct mount target per A.Z) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be demoed on Thursday ? 🎉
Quick note, volumes can have dashes in their compose file names, with ECS/Cloudformation this leads to errors (if someone else runs into this):
ValidationError: Template format error: Resource name frontendNFSMountdata-volume is non alphanumeric. |
What I did
Introduce support for EFS volumes set as extrernal volumes:
Related issue
https://github.com/docker/ecs-plugin/issues/254
https://github.com/docker/ecs-plugin/issues/220
(not mandatory) A picture of a cute animal, if possible in relation with what you did