ECS Support

[jhaynes]

What I'd like:

An ECS Variant of Bottlerocket. ECS today uses Docker as the container runtime and packages a go agent as a container along with a package to handle running the agent container correctly.

[samuelkarp]

Hey everyone!

I wanted to let you all know what our plan is for the ECS variant. As of now, we’ll be closing this issue with the next release of Bottlerocket, which will be the first one to include AMIs for the new aws-ecs-1 variant! At this initial release, Bottlerocket will support all the following features:

• Logging drivers: awslogs, json-file, journald, none
• Volumes: Local and unencrypted/unauthenticated EFS
• Networking: bridge, host, and none
• IAM roles (both task roles and execution roles)
• Agent introspection and task metadata
• SELinux (Bottlerocket’s container_t, control_t, and super_t labels can be assigned in the task definition)
• Docker’s default seccomp profile
• Privileged mode (disabled by default)
• Troubleshooting log collector (logdog - similar to ecs-logs-collector)
• Custom attributes (set in user-data)
• Intel, AMD, and Graviton/Graviton2 instance types

I’ve created tracking issues for the features that are not currently supported in Bottlerocket. Please follow those issues and vote with reactions (:+1:) to let us know which you think we should prioritize first:

• Devices
  • GPU support
  • Inferentia support
  • Elastic Inference support
• Networking
  • awsvpc mode
  • App Mesh support
• Logging
  • FireLens support
• Volumes
  • EFS encryption and IAM authentication support

If I’ve missed anything that you’d like to see supported, please feel free to create an issue!

Thanks!
Sam

[mwarkentin]

Cool!

[samuelkarp]

The new aws-ecs-1 variant is now available! Check out the getting started guide and this blog post for more details!

[erlend-sh]

Huge congrats on the v1.0 release! I must say it was done with great stealth. Will you be making a blog post or other such announcement to speak more about what you’ve accomplished over the past year?

[chathsuom]

Are only mentioned settings in the guide supported? Would like to have other settings as well.
for e.g.
ECS_RESERVED_PORTS
ECS_CONTAINER_STOP_TIMEOUT

[samuelkarp]

@erlend-sh Check out this blog post.

@chathsuom Only the settings mentioned in the README are supported today. I've opened #1116 for the ReservedPorts setting. For the stop timeout, are you looking to increase or decrease the default? Please note that the stop timeout can be configured on a per-container basis through the stopTimeout field of the task definition.

For any other settings or features you'd like to see, please open a new issue!

[chathsuom]

@samuelkarp Thanks. Yea I think we can use task definition level stopTimeout. We used do it global level, but that's ok.
For Ports, our real requirement is to use our own custom build SSH container. I am not sure I can use Admin controller to facilitate this

[chathsuom]

Does host-containers supports private docker registries?