Fargate 1.4.0 an update

Recently AWS released a new version of their Fargate container runtime with a flurry of changes. I decided that it is time to update my review of Fargate.

# Move to containerd

Let us start out with the most glaringly obvious change. The AWS Container Team decided that replacing dockerd with containerd is a good idea. Their argument here is basically that dockerd is to opinionated/complete for their purpose and they have need for more flexibility. They also vehemently stressed the point that this change is not breaking.

# Now with EFS

The second most important thing is that EFS is now supported out of the box. This elevates some of the incompatibilities that I mentioned in my previous post. I have not experimented with this yet so no word on performance from me.

# Improved Insights

Not strictly related with this change but still an update since I last wrote about Fargate. Some of the metrics I was so sorely lacking are now available fairly easily. Which of them can be read here (opens new window). But most of what you would want is there.

All you have to do is create a new cluster after enabling cluster insights on you account. True you can also enable it per cluster but I suggest enabling by default. Be aware though that this is not free as it uses some custom metrics in cloudwatch.

# Log Drivers

With regards to log drivers, little has changed.

Splunk, firelens, awslogs and fluentd are supported out of the box and if that works for your needs you are all set. Otherwise AWS kindly asks you to make a free contribution to their paid for service so that you can use it properly and they can make more money of of it.

I do need to write that post about AWS and open source at some point in time, don't I?

# Linux Capabilities

There was a small extension to the available Linux capabilities as you can now endow your containers with CAP_SYS_PTRACE which allows better visibility into what is actually running in your container and might come in handy for some security related use cases.

# Breaking Changes

There is one odd thing that I noticed that the release notes talked about. The AWS team decided not to advance LATEST to 1.4.0 immediately but keep it at 1.3.0 until some later point. To me that meant that they are at least not very confident that this change is truly a minor version change, so non-breaking.

After prodding around a bit I found at least 1 break in behavior. The sudo command does not work anymore but terminates with a permission error.

I have not yet dug further into this as my time has been focused elsewhere. Once I found the time I will post my results here. And yes I know containers and shells might not be the most common use case out there. It is one of mine however.

# Conclusion

All in all this release alleviated quite a few pain points and improved handling and experience. I might become an even bigger fan of Fargate.