Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BuildKite CI: Deployed buildkite agents can run jobs inside docker containers #4803

Closed
bkase opened this issue Apr 29, 2020 · 4 comments
Closed

BuildKite CI: Deployed buildkite agents can run jobs inside docker containers #4803

bkase opened this issue Apr 29, 2020 · 4 comments
Assignees
@O1ahmad
Labels
Size: M ~ 1 wk Taskforce Iterate (C)

Comments

@bkase
Copy link
Member

bkase commented Apr 29, 2020
edited
Loading

Preferably via Docker-out-of-docker (bind-mounting the docker daemon socket) on GKE. As a proof-of-concept, stick a tiny job in a pipeline that runs itself in a different docker container.

Note: There is a discussion on the official buildkite helm charts repo about a quirk of getting this to work on GKE buildkite/charts#54 -- giving a little buffer on time here just case this turns out to be especially annoying.

If necessary this is when we could bake our own buildkite agent image.

Depends on #4802

Epic: #4762
@bkase bkase mentioned this issue Apr 29, 2020
Closed
@O1ahmad
Copy link
Contributor

O1ahmad commented May 7, 2020
edited
Loading

Thinking I get the direction we're heading here:

[buildkite jobs] IN [docker containers] executed by [buildkite agents] as [kubernetes pods] running on GKE:

but yea, just some thoughts on the job execution technique:

^^^ only a single opinion here in addition to comments in the linked issue but I'd have to agree with the DinD approach (tl;dr - dind-safe image and sidecar w/ pod-host daemon graph storage mounted), mostly due to simplicity (single container add in buildkite agent pod) but its security and reliability guarantees in a kubernetes context don't hurt either 🛠️

@O1ahmad
Copy link
Contributor

O1ahmad commented May 7, 2020
edited
Loading

Not sure if we could generate an extra pod container within a helm chart deployment, etc. rendering using the dhall kubernetes/helm components rather than relying on the buildkite helm chart incorporating DinD support or even building our own Docker buildkite agent image...

@O1ahmad O1ahmad mentioned this issue May 8, 2020
Closed
@O1ahmad O1ahmad self-assigned this May 9, 2020
@O1ahmad
Copy link
Contributor

O1ahmad commented May 11, 2020

@bkase @yourbuddyconner, just an update:

  • a PR I submitted to buildkite/charts enabling DinD pod sidecar functionality was merged this morning. I've tested with a local minikube setup and seems like it should work for our purposes.
  • Buildkite jobs should be able to launch containerized jobs (processes executed in sidecar DinD container) with proper signal propagation and handling by the buildkite-agent container.

@O1ahmad
Copy link
Contributor

O1ahmad commented May 13, 2020

Resolved by: https://github.com/CodaProtocol/coda-automation/pull/377

@O1ahmad O1ahmad closed this as completed May 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@O1ahmad O1ahmad

Labels
Size: M ~ 1 wk Taskforce Iterate (C)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bkase @O1ahmad