Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(ecs): require task pidMode for Linux-based Fargate tasks, not host #30019

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -570,7 +570,7 @@
"Family": "awsecsintegruntimeTaskDefGraviton28E28B263",
"Memory": "1024",
"NetworkMode": "awsvpc",
"PidMode": "host",
"PidMode": "task",
"RequiresCompatibilities": [
"FARGATE"
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ const taskDefinitiongraviton2 = new ecs.FargateTaskDefinition(stack, 'TaskDefGra
},
cpu: 256,
memoryLimitMiB: 1024,
pidMode: ecs.PidMode.HOST,
pidMode: ecs.PidMode.TASK,
});

taskDefinitionwindows.addContainer('windowsservercore', {
Expand Down
4 changes: 2 additions & 2 deletions packages/aws-cdk-lib/aws-ecs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -372,12 +372,12 @@ const fargateTaskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
},
memoryLimitMiB: 512,
cpu: 256,
pidMode: ecs.PidMode.HOST,
pidMode: ecs.PidMode.TASK,
});
```

**Note:** `pidMode` is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version 1.4.0
or later (Linux). This isn't supported for Windows containers on Fargate.
or later (Linux). Only the `task` option is supported for Linux containers. `pidMode` isn't supported for Windows containers on Fargate.

To add containers to a task definition, call `addContainer()`:

Expand Down
3 changes: 2 additions & 1 deletion packages/aws-cdk-lib/aws-ecs/lib/base/task-definition.ts
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,8 @@ export interface TaskDefinitionProps extends CommonTaskDefinitionProps {
* The process namespace to use for the containers in the task.
*
* Only supported for tasks that are hosted on AWS Fargate if the tasks
* are using platform version 1.4.0 or later (Linux).
* are using platform version 1.4.0 or later (Linux). Only the TASK option
* is supported for Linux-based Fargate containers.
* Not supported in Windows containers.
*
* @default - PidMode used by the task is not specified
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,8 @@ export interface FargateTaskDefinitionProps extends CommonTaskDefinitionProps {
* The process namespace to use for the containers in the task.
*
* Only supported for tasks that are hosted on AWS Fargate if the tasks
* are using platform version 1.4.0 or later (Linux).
* are using platform version 1.4.0 or later (Linux). Only the TASK option
* is supported for Linux-based Fargate containers.
* Not supported in Windows containers.
*
* @default - PidMode used by the task is not specified
Expand Down Expand Up @@ -171,8 +172,10 @@ export class FargateTaskDefinition extends TaskDefinition implements IFargateTas
if (props.runtimePlatform?.operatingSystemFamily?.isWindows()) {
throw new Error('\'pidMode\' is not supported for Windows containers.');
}
if (!Token.isUnresolved(props.pidMode) && props.pidMode !== PidMode.HOST) {
throw new Error(`\'pidMode\' can only be set to \'${PidMode.HOST}\' for Fargate containers, got: \'${props.pidMode}\'.`);
if (!Token.isUnresolved(props.pidMode)
&& props.runtimePlatform?.operatingSystemFamily?.isLinux()
&& props.pidMode !== PidMode.TASK) {
throw new Error(`\'pidMode\' can only be set to \'${PidMode.TASK}\' for Linux Fargate containers, got: \'${props.pidMode}\'.`);
}
}

Expand Down
11 changes: 9 additions & 2 deletions packages/aws-cdk-lib/aws-ecs/lib/runtime-platform.ts
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,17 @@ export class OperatingSystemFamily {
private constructor(public readonly _operatingSystemFamily: string) { }

/**
* Returns true if the operating system family is Windows
* Indicates whether the operating system family is Windows
*/
public isWindows(): boolean {
return this._operatingSystemFamily?.toLowerCase().startsWith('windows') ? true : false;
return this._operatingSystemFamily?.toLowerCase().startsWith('windows');
}

/**
* Indicates whether the operating system family is Linux
*/
public isLinux(): boolean {
return this._operatingSystemFamily?.toLowerCase().startsWith('linux');
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -758,7 +758,7 @@ describe('fargate service', () => {
},
memoryLimitMiB: 512,
cpu: 256,
pidMode: ecs.PidMode.HOST,
pidMode: ecs.PidMode.TASK,
});

// WHEN
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ describe('fargate task definition', () => {
cpuArchitecture: ecs.CpuArchitecture.X86_64,
operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
},
pidMode: ecs.PidMode.HOST,
pidMode: ecs.PidMode.TASK,
});

taskDefinition.addVolume({
Expand All @@ -85,7 +85,7 @@ describe('fargate task definition', () => {
Family: 'myApp',
Memory: '1024',
NetworkMode: 'awsvpc',
PidMode: 'host',
PidMode: 'task',
RequiresCompatibilities: [
ecs.LaunchType.FARGATE,
],
Expand Down Expand Up @@ -172,7 +172,7 @@ describe('fargate task definition', () => {
// THEN
expect(() => {
new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', {
pidMode: ecs.PidMode.HOST,
pidMode: ecs.PidMode.TASK,
runtimePlatform: {
operatingSystemFamily: ecs.OperatingSystemFamily.WINDOWS_SERVER_2019_CORE,
cpuArchitecture: ecs.CpuArchitecture.X86_64,
Expand All @@ -183,17 +183,20 @@ describe('fargate task definition', () => {
}).toThrow(/'pidMode' is not supported for Windows containers./);
});

test('throws when pidMode is not host', () => {
test('throws when pidMode is not task', () => {
// GIVEN
const stack = new cdk.Stack();

// WHEN
// THEN
expect(() => {
new ecs.FargateTaskDefinition(stack, 'FargateTaskDef', {
pidMode: ecs.PidMode.TASK,
pidMode: ecs.PidMode.HOST,
runtimePlatform: {
operatingSystemFamily: ecs.OperatingSystemFamily.LINUX,
},
});
}).toThrow(/'pidMode' can only be set to 'host' for Fargate containers, got: 'task'./);
}).toThrow(/'pidMode' can only be set to 'task' for Linux Fargate containers, got: 'host'./);
});
});
describe('When configuredAtLaunch in the Volume', ()=> {
Expand Down
Loading