By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Selectively Exposing ECS Fargate Volumes Between Containers

0

Questions:

  1. What is the best way to selectively expose volumes between containers of the same ECS Fargate task? My intention is to access data from another container, but don't need access to all of its volumes.
  2. Can the secondary container mount path be changed when using volumesFrom? It appears that all of the volumes from the source container automatically mount to their same path in the secondary container.

Intended Scenario:
We would like our Nginx container to have readonly access to our PHP containers application root - which I imagine is a pretty common use case.

The PHP container mounts the following volumes with full read/write access:

  • /app/web (Exposed via the Docker VOLUME directive)
  • /app/web/sites/default/files (EFS Access Point Volume mounted to this directory)

The Nginx container needs readonly access to the full /app/web directory. However, when importing the PHP container volumes using volumesFrom with readOnly set to true, the /app/web/sites/default/files directory is not mounted (likely because the directory /app/web is a readonly mount). Additionally, adding /app/web/sites/default as a separate mountPoint (using the same EFS Access Point and attempting to point the mountPoint to the containerPath of /app/web/sites/default/files), doesn't appear to work - again, I assume this might be an issue with the /app/web volume being mounted as readonly.

I have also attempted to mount the /app/web/sites/default/files EFS Access Point to a directory (/app/public_files) outside of the /app/web volume mount, and having an entrypoint script create a symlink from /app/web/sites/default/files to /app/public_files; however, if the /app/web volume is mounted as readonly, then of course the symlink cannot be created.

My only other solution is to not mount the volumesFrom as readonly, but that wouldn't prevent nginx from writing to those directories.

Thanks in advance for your help.

Edited by: soleson on Jul 1, 2021 4:22 PM

Edited by: soleson on Jul 2, 2021 8:22 AM

  • Edited to better clarify the issue, also changed the title as it was not really that relevant to the context of the question.
Topics
ServerlessContainers
Tags
AWS Fargate
Language
English
soleson
asked 3 years ago1471 views
2 Answers
0

I'm still looking for a bit of an assit here as I've spent a couple days researching this topic.

Either of the following solutions would resolve my issue if they are possible:

  1. How do you mount a single EFS Volume Mount from one container into another container within the same Fargate task.
  2. Is it possible to overwrite a mount created via volumesFrom by specifying a separate mount with the same containerPath?
soleson
answered 3 years ago
0

So I had a complete misunderstaning of how the bind mounts had to be set up in order to selectively mount directories inside other containers of the same Fargate task. I've since resolved this issue by:

  1. Adding the volumes decalared in the Dockerfile with VOLUME to the container, using the containerPath as specified in the Dockerfile and the same sourceVolume as defined in the volumes property of the task definition.
  2. Then we mounted the volume via a mountPoint on the desired container by specifying the containerPath and using the same sourceVolume.
  3. We were then able to specify that the mountPoint should be readOnly.

Hopefully, this helps someone else running into a similar issue.

soleson
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content