aws-codebuild-docker-images icon indicating copy to clipboard operation
aws-codebuild-docker-images copied to clipboard
verified publisher icon aws

Support enabling containerd image store

Open daniel-amag opened this issue 1 year ago • 2 comments

After the update from Docker v23 to Docker v26 the default docker driver currently supports the registry cache backend but only when containerd image store is enabled. The default docker driver is a lot faster than the container driver when you need to use the --load flag.

I've tried enabling this by creating a daemon config file with

{
  "features": {
    "containerd-snapshotter": true
  }
}

and then instructing the daemon to use it upon restart but it doesn't seem to work. nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --experimental --config-file /etc/docker/daemon.json &

This will always give this error if I try to build with the registry cache backend:

ERROR: Cache export is not supported for the docker driver.
--
282 | Switch to a different driver, or turn on the containerd image store, and try again.
283 | Learn more at https://docs.docker.com/go/build-cache-backends/

daniel-amag avatar Aug 28 '24 07:08 daniel-amag

Blocked by codebuild not utilizing containerd. Large images w/ many layers simply won't work in codebuild without it and will fail either on provisioning stage due to max layers exceeded, or if you're pulling a docker image inside codebuild, will also fail with max layers exceeded.

Linking #730 and this https://github.com/aws/aws-codebuild-docker-images/issues/26#issuecomment-2354042100

BwL1289 avatar Sep 18 '24 14:09 BwL1289

If you are using cdk pipelines, your build flow will not work even if one image with the above error occurs.

BwL1289 avatar Sep 20 '24 21:09 BwL1289

You'll need to restart docker daemon after configuring docker daemon.

Example buildspec. Using latest ubuntu:7.0 in privileged build.

version: 0.2

phases:
  install:
    commands:
      - echo "Configure Docker Daemon"
      - mkdir -p /etc/docker
      - "echo '{\n  \"features\": {\n    \"containerd-snapshotter\": true\n  }\n}' > /etc/docker/daemon.json"
      - echo "Restart Docker Daemon"
      - kill $(cat /var/run/docker.pid) && rm -rf /var/run/docker.pid
      - nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 &
      - timeout 20 sh -c "until docker info; do echo .; sleep 1; done"
  build:
    commands:
      - docker info

docker info returns

 Storage Driver: overlay2
  driver-type: io.containerd.snapshotter.v1

xinyu-aws avatar Jan 30 '25 00:01 xinyu-aws

Awesome! Thanks @xinyu-aws! When I change the storage driver from overlay2 to overlayfs I'm able to get the behaviour I want which is to use ECR as a remote build cache while on the default docker driver not the container driver (so I don't have to do --load which takes ages).

docker buildx build --cache-from type=registry,ref=$IMAGE_REPO_URI:cache --cache-to mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=$IMAGE_REPO_URI:cache -t $IMAGE_REPO_NAME:latest .

daniel-amag avatar Jan 30 '25 02:01 daniel-amag