[aws-lambda-nodejs] running cdk in a container breaks bundling since docker is not present

[obiwabrakenobi]

❓ General Issue

The Question

We are running cdk in a jenkins pipeline which runs cdk in a docker container. Since bundling runs its own docker container it fails to start the bundling image. How can I manage that? I know that I can start containers from a running container (https://itnext.io/docker-in-docker-521958d34efd) like this. But how to pass all this to the bundling process?

Environment

• CDK CLI Version: 1.55.0
• Module Version: 1.55.0
• Node.js Version: v12.18.3
• OS: Ubuntu Server 20.x
• Language (Version): TypeScript (3.9.6)

[eladb]

I believe you simply need to setup your build environment so it can run docker (regardless of the CDK). The bundling process simply invokes docker from PATH.

You can also set the environment variable CDK_DOCKER to point to an alternative executable (like a script) if you wish to customize something in this process.

[obiwabrakenobi]

yes that is already done. It starts a container which runs cdk deploy.... Then inside this container cdk wants to start another container (when bundling) which cannot find the docker bin since it is inside the container...

spawnSync docker ENOENT

[obiwabrakenobi]

so I investigated that a little. Well its not directly attached to cdk but nevermind...

In my Dockerfile I added docker (using image node:12.16.1-alpine) to be added and mounted the volume /var/run/docker.sock:/var/run/docker.sock in the docker-componse file..Therefore the container (and cdk) is able to spwan a docker process which runs as container in the host (jenkins)

[obiwabrakenobi]

well after a few tries I don't get it running. Well the container starts but it brings several errors. It has something todo with the volumes

`
🚨 Build failed.

Error: Entry /asset-input/src/** does not exist
`

But from my perspective starting docker from docker is not a good practice. I'm not able to use any bundling container from inside a jenkins build which is running in a container too. Can anyone support on this?

[obiwabrakenobi]

@eladb do you mind to reopen the issue? I think that issue might affect everyone who is using docker to run a cdk build using a bundling image

[rrrix]

I'm having this exact same issue. Commenting to subscribe. I'll post if I figure out a workaround.

[rrrix]

This StackOverflow comment explains it perfectly (albeit unrelated to CDK itself): https://stackoverflow.com/a/55849875/2715931

Essentially, when the CDK running inside a docker container starts another docker container, the --volume / -v argument passed by the CDK is for the filesystem on the container, not the host filesystem.

However docker CLI in this context is talking to docker running on the host (not the container), so the --volume / -v path which is mounted to /asset-input is actually mounted from the HOST filesystem (not the docker container filesystem).

This obviously results in a Error: Entry /asset-input/.. does not exist error since the two paths aren't the same.

[rrrix]

@obiwabrakenobi here's the workaround!

In your Dockerfile:

# include a BUILD_PATH argument with an optional default
ARG BUILD_PATH=/data  

# Use your image
FROM node:slim  

# Copy the files from your $BUILD_PATH to the **same** directory on the container
COPY . ${BUILD_PATH}/
WORKDIR ${BUILD_PATH}
RUN cdk ... 

In your build script:

# Inherit or Set the build path to $(pwd)
export BUILD_PATH=${BUILD_PATH:-$(pwd)}  

# Make sure to use the BUILD_PATH Docker Build Argument and Environment Variable
docker build \
  --build-arg BUILD_PATH=${BUILD_PATH} \
  ... 

# Mount that same BUILD_PATH as a volume as both the source *AND* the destination.
docker run \
  -v "${BUILD_PATH}:${BUILD_PATH}" \
  ...

[obiwabrakenobi]

nice! I'll give it a try!