Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
cloudsql-proxy
Discontinued A utility for connecting securely to your Cloud SQL instances [Moved to: https://github.com/GoogleCloudPlatform/cloud-sql-proxy]
-
containers-roadmap
This is the public roadmap for AWS container services (ECS, ECR, Fargate, and EKS).
-
soci-snapshotter
A containerd snapshotter plugin which enables standard OCI images to be lazily loaded without requiring a build-time conversion step.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
So, until now, a sidecar container was just the idea of running helper containers in you Kubernetes pod that were 'helpers' for something: connection to databases or vpns, mesh networking, pulling secrets or config, debugging... But they didn't have special status, they were just regular containers in your pod.
This sometimes posed some problems because they weren't available for the full life cycle of the pod, notably on the init process. So if your init containers needed secrets, connections, networking... that was being provided via a sidecar container, you were going to have a hard time.
With this change, among other things, sidecars containers are going to be available for the whole life cycle of the pod.
There are other implications, probably, but I still haven't finished reading the KEP [0]. Check it out, and there you'll find its motivation and several interesting examples.
0: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/753-sidecar-containers
That is very annoying. I remember having spent some time with this same issue in Google App Engine as well, which also runs Cloud SQL Proxy as a sidecar container.
https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues...
Deploying Fargate with CDK has to have been the most pleasant developer experience I have ever had with any product so far.
If image caching becomes a reality with Fargate I can't imagine a need to ever use anything else
https://github.com/aws/containers-roadmap/issues/696
So I can give some behind the scenes insight on that. I don't think image caching will be a thing in the way people are explicitly asking, but we are exploring some alternative approaches to speeding up container launch that we think will actually be even more effective than what people are asking for.
First of all we want to leverage some of the learnings from AWS Lambda, in specific some of the research we've done that shows that about 75% of container images only contain 5% unique bytes (https://brooker.co.za/blog/2023/05/23/snapshot-loading.html). This makes deduplication incredibly effective, and allows the deployment of a smart cache that holds the 95% of popular recurring files and file chunks from container images, while letting the unique 5% be loaded over the network. There will be outliers of course, but if you base your image off a well used base image then it will already be in the cache. This is partially implemented. You will notice that if you use certain base images your Fargate container seems to start a bit faster. (Unfortunately we do not really publish this list or commit to what base images are in the cache at this time).
In another step along this path we are working on SOCI Snapshotter (https://github.com/awslabs/soci-snapshotter) forked off of Stargz Snapshotter. This allows a container image to have an attached index file that actually allows it to start up before all the contents are downloaded, and lazy load in remaining chunks of the image as needed. This takes advantage of another aspect of container images which is that many of them don't actually use all of the bytes in the image anyway.
Over time we want to make these two pieces (deduplication and lazy loading) completely behind the scenes so you just upload your image to Elastic Container Registry and AWS Fargate seems to magically start your image dramatically faster than you could locally if downloading the image from scratch.
Related posts
- Can I scale my dockerized Flask solution with Kubernetes?
- Fun with Avatars: Containerize the app for deployment & distribution | Part. 2
- Jenkins Agents On Kubernetes
- Kata Containers: Virtual Machines (VMs) that feel and perform like containers
- Announcing pull through cache for registry.k8s.io in Amazon Elastic Container Registry