CODEWITHSUNDEEP
amazon-web-servicesnetwork-programmingserverless-frameworkaws-fargateclair
Meghana B Srinath
Meghana B Srinath

Reputation: 105

Running multiple containers in single fargate task for clair container scanning

We are running clair and clair-db containers in the same fargate task. Below is a snippet of our task definition.

{
    "family": "clair",
    "networkMode": "awsvpc",
    "containerDefinitions": [
        {
            "name": "db",
            "image": "<REPO_URL>/clairdb:v1.0",
            "essential": true,
            "command": [
                "sh",
                "-c",
                "echo clair db runs"
            ],
            "portMappings": [
                {
                    "containerPort": 5432,
                    "hostPort": 5432,
                    "protocol": "tcp"
                }
            ],
        },
        {
            "name": "clair",
            "image": "<REPO_URL>/clair:v1.0",
            "essential": true,
            "command": [
                "sh",
                "-c",
                "echo clair runs"
            ],
            "portMappings": [
                {
                    "containerPort": 6060,
                    "hostPort": 6060,
                    "protocol": "tcp"
                }
            ],

As per the AWS fargate docs, localhost can be used to communicate between these two containers of a single task in awsvpc mode. We have given the below option in Clair config.yaml

clair:
  database:
    type: pgsql
    options:
      source: host=localhost port=5432 user=postgres password=xxxx sslmode=disable statement_timeout=60000

So as per this, clair should ideally be able to link to the clair-db container running on localhost:5432 on the same network. Clair-db container is running fine in fargate, but clair container is failing with the below logs:

{"Event":"pgsql: could not open database: dial tcp 127.0.0.1:5432: connect: connection refused","Level":"fatal","Location":"main.go:97","Time":"2021-03-23 13:26:38.737437"}

In docker terms, this is how we link these two conatainers:

docker run -p 5432:5432 -d --name db arminc/clair-db:2017-05-05
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.0-rc.0

Are we missing anything here? Any idea why connection to localhost isn't working in fargate containers for clair?

Upvotes: 2

Views: 1515

Answers (0)

Related Questions