using docker-lambda for local function development about docker-lambda HOT 11 CLOSED

So the Dockerfiles/scripts for the various images are as follows:

• lambci/lambda
• lambci/lambda:build
• lambci/lambda-base:build
• lambci/lambda-base

from docker-lambda.

The thing about the :build images is they include a lot more installed software and have much looser permissions (like root access) – so really not suitable for running tests, otherwise you'll start to think that more software is available when it isn't.

Ideally you should run your builds on the :build image and then your tests on the normal image.

from docker-lambda.

For example, creating a home directory like /home/sbx_user1051 just won't work on Lambda

from docker-lambda.

oh I see what I was missing now, the lambda-base image is just the filesystem you got from lambda, while lambda-base:build adds the extra packages on top. Ok, so all I was advocating is a sort of hybrid image to use for local development. I agree that testing before deployment should be done on the normal image, and then a build from the CI server or local machine should be done with :build, I only added the home directory for that user so that nodemon would work. I don't plan on actually using nodemon in a lambda function, but having this hybrid image would make it so that this kind of flow works and doesn't require the dev to have node/npm and aws cli installed while still emulating lambda somewhat and compiling native modules against the correct environment.

This worked on my local environment, but you can see it's mostly just a copy of of lambci/lambda using the :build base image instead

FROM lambci/lambda-base:build

ENV LAMBDA_TASK_ROOT=/var/task \
    LAMBDA_RUNTIME_DIR=/var/runtime \
    LANG=en_US.UTF-8

ADD awslambda-mock.js /var/runtime/node_modules/awslambda/build/Release/awslambda.js

# Not sure why permissions don't work just by modifying the owner
RUN rm -rf /tmp && mkdir /tmp && chown -R sbx_user1051:495 /tmp && chmod 700 /tmp

WORKDIR /var/task

ADD package.json .
RUN npm install

USER sbx_user1051

ENTRYPOINT ["/usr/local/lib64/node-v4.3.x/bin/node", "--max-old-space-size=1229", "--max-semi-space-size=76", "--max-executable-size=153", "--expose-gc", \
  "/var/runtime/node_modules/awslambda/index.js"]

what do you think about this?

from docker-lambda.

Well it's still based on lambci/lambda-base:build – which has a whole bunch more software/libraries than lambda-base (ie, Lambda itself). So it still seems like you could get comfortable thinking you've got more available to you than you actually do.

Still not sure why you don't build / npm install using the build image, and then execute using the run images?

Like, just run these two sequentially:

docker run -v "$PWD":/var/task lambci/lambda:build npm install
docker run -v "$PWD":/var/task lambci/lambda index.myHandler '{"some": "event"}'

from docker-lambda.

Those work as well, but the idea is to have a biolerplate lambda repo where all the dependencies are inside the container (including node / nodemon). This repos dockerfile would inherit from this theoretical hybrid image and then a dev can just docker-compose up and the lambda function executes as code changes are made and you also have a container to do builds on. The caveat of having extra software in the testing environment doesn't seem like a big issue to me but I think I understand how to get what I want now, I just wanted to avoid forking if this held any value to your efforts.

from docker-lambda.

ok - well it kinda defeats the purpose of isolation - but totally up to you 👍 If you're not running any native modules then you're unlikely to see any difference, so no probs.

Gonna close this cause I don't think there's anything actionable here

from docker-lambda.

Oh, the only other thing I'll say is that the build (and lambda-base:build) images have docker on them – so you can always run docker in docker if you like – then you could still do everything from the one Dockerfile and have the advantages of isolation

from docker-lambda.

I've never messed with Docker in Docker so that should be fun! thanks for your responses, it's much appreciated.

from docker-lambda.

Cool – just as a quickstart, run the outer container with docker run -v /var/run/docker.sock:/var/run/docker.sock ... – then you should be able to run docker in the inner container (by sharing the socket, it will use the same docker daemon that the outer docker is running under)

from docker-lambda.

There are solutions like https://github.com/jpetazzo/dind – but they're a lot hairier, and typically overkill, compared with just sharing the port with the container so that it can use the same daemon

from docker-lambda.