Skip to content
This repository was archived by the owner on Nov 10, 2025. It is now read-only.

Add volume hints to the Dockerfile#761

Merged
AP-Hunt merged 1 commit intomainfrom
docker-volume-hints
May 23, 2025
Merged

Add volume hints to the Dockerfile#761
AP-Hunt merged 1 commit intomainfrom
docker-volume-hints

Conversation

@AP-Hunt
Copy link
Copy Markdown
Contributor

@AP-Hunt AP-Hunt commented May 23, 2025

What problem does this pull request solve?

Trello card: https://trello.com/c/KoHvaEUA/681-aws-m112-ecs-read-only-root-filesystem-configuration

We can use VOLUME instructions in our Dockerfile to instruct the runtime to create a mount point for an external volume.

When AWS ECS sees the instruction (from the built container), it automatically attaches ephemeral storage at that location [1]. This is useful for us because we want to enable read only root filesystems, but the applications still need to be able to write to a small portion of it. We can achieve that by mounting ephemeral storage atop the paths it needs to write to.

[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bind-mounts.html#bind-mount-considerations

Things to consider when reviewing

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Do the end to end tests need updating before these changes will pass?
  • Has all relevant documentation been updated?

@AP-Hunt
Add volume hints to the Dockerfile
bce8037 
We can use VOLUME instructions in our Dockerfile to instruct the runtime to
create a mount point for an external volume.

When AWS ECS sees the instruction (from the built container), it automatically
attaches ephemeral storage at that location [1]. This is useful for us because
we want to enable read only root filesystems, but the applications still need
to be able to write to a small portion of it. We can achieve that by mounting
ephemeral storage atop the paths it needs to write to.

[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bind-mounts.html#bind-mount-considerations
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 23, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sarahseewhy
sarahseewhy approved these changes May 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@sarahseewhy sarahseewhy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you 🥇 !

@AP-Hunt AP-Hunt merged commit d70f152 into main May 23, 2025
5 checks passed
@AP-Hunt AP-Hunt deleted the docker-volume-hints branch May 23, 2025 13:24
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@sarahseewhy sarahseewhy sarahseewhy approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AP-Hunt @sarahseewhy