[FR] Specify additional packages to be installed without rebuilding the Docker image #159
Labels
enhancement
New feature or request
help wanted
The team has de-prioritized this and could use your help!
Is your feature request related to a problem? Please describe.
Brokerpaks sometimes need additional binaries installed in the environment where Terraform runs.
terraform apply
.For example, in the AWS EKS brokerpak we're writing, we may need to be able to call
kubectl
orhelm
oraws
to get specific things done. However, these binaries don't exist in thecfplatformeng/csb
Docker image.Describe the solution you'd like
It's unreasonable to ask the CSB team to make the image a kitchen-sink of tools that brokerpak authors might need. So instead I'd like to see a mechanism to specify additional packages to be installed at container start time. For example, if we could specify
-e "ADDITIONAL_PACKAGES=kubectl helm aws"
todocker run
, that would work well.Describe alternatives you've considered
Using custom images in government work comes with additional security/compliance baggage, and we try to avoid that wherever possible by using official images that get signed when they're built by Docker Hub.
To add the binaries to the Terraform environment on our own, we have to either rebuild the image or derive from it in a custom one, even though the only change is to add a single
RUN apk add --update kubectl helm aws
line.Alternatively, we could do the equivalent of
...as a startup command. This feels like cheating, though. ;)
Additional Context
Priority
Medium
Priority Context
We can build our own image as described above for now, but we'd like that to be unnecessary by the time we start getting audited for gov compliance (mid-Feb or so). Our team successfully getting to production with a compliant EKS brokerpak would set precedent for a lot more authoring of brokered services and use of Cloud Foundry/OSBAPI (in the form of cloud.gov, or agency-specific deployments of PCF) in government.
Platform
AWS in this case, though it's not relevant for the feature request.
Applicable Services
AWS EKS in this case, though it's not relevant for the feature request.
The text was updated successfully, but these errors were encountered: