Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Native support for Docker operations #2325

Closed
srivathsanvc opened this issue Feb 27, 2020 · 3 comments · Fixed by #4008
Closed

Native support for Docker operations #2325

srivathsanvc opened this issue Feb 27, 2020 · 3 comments · Fixed by #4008
Assignees
@alexec
Labels
type/feature Feature request

Comments

@srivathsanvc
Copy link

Summary

Argo workflows to support docker operations natively, without requiring additional cluster privileges.

Motivation

Argo workflows is used in build and deployment situations situations to do docker operations, such as:

docker pull
docker push
docker login
docker build

At Intuit, we use Argo workflows to interact with AWS SageMaker. One of the steps in interacting with SageMaker is to push containers into ECR (via docker push).

The best way to achieve these operations is to have a docker sidecar and a privileged connection to the docker socket. This requires elevated privileges for the workflow on the cluster.

However, many organizations have managed K8s clusters, where privileged access to the docker socket is not permitted for security reasons. In these scenarios, performing the docker operations via Argo workflows is extremely difficult.

Proposal

It would be useful to have the capability for Argo workflow steps to be able to perform these docker operations without having to be executing in a privileged mode.

Message from the maintainers:

If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
@srivathsanvc srivathsanvc added the type/feature Feature request label Feb 27, 2020
@alexec
Copy link
Contributor

alexec commented Feb 28, 2020

@srivathsanvc don’t forget to add to the “backlog” milestone.

@alexec alexec added this to the Backlog milestone Feb 28, 2020
@edlee2121
Copy link
Contributor

For something like a build farm, one would want a scalable docker service.
One option is to run docker as a service/deployment, likely on the same cluster, and access it via HTTPS.
https://gist.github.com/kekru/4e6d49b4290a4eebc7b597c07eaf61f2

@alexec alexec removed this from the Backlog milestone Jun 9, 2020
@alexec
Copy link
Contributor

alexec commented Sep 11, 2020

I have solved this privileged access aspect.

@alexec alexec self-assigned this Sep 11, 2020
alexec added a commit to alexec/argo-workflows that referenced this issue Sep 11, 2020
@alexec
docs: Add buildkit example. Closes argoproj#2325
5952fef
@alexec alexec mentioned this issue Sep 11, 2020
Merged
6 tasks
alexec added a commit that referenced this issue Sep 16, 2020
@alexec
docs: Add buildkit example. Closes #2325 (#4008)
513ed9f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexec alexec

Labels
type/feature Feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: Add buildkit example. Closes #2325 alexec/argo-workflows
3 participants
@srivathsanvc @alexec @edlee2121