Pre-installed packages
The Elastic CI Stack for AWS AMIs include pre-installed system packages and tools that your builds may depend on. When migrating to Agent Stack for Kubernetes, you need to ensure the required tools are available in your container images.
This guide covers the differences between the pre-installed packages in the Elastic CI Stack for AWS and the default Buildkite agent container image, and how to handle missing packages.
Package comparison
The Elastic CI Stack for AWS AMI includes the following packages:
| Package | Available in buildkite/agent:latest
|
Notes | |||
|---|---|---|---|---|---|
| Package | git |
Available in buildkite/agent:latest
|
Yes | Notes | Core functionality |
| Package | git-lfs |
Available in buildkite/agent:latest
|
No | Notes | Required for repositories using Git LFS |
| Package | jq |
Available in buildkite/agent:latest
|
Yes | Notes | JSON processing |
| Package | python |
Available in buildkite/agent:latest
|
Yes | Notes | Python runtime |
| Package | unzip |
Available in buildkite/agent:latest
|
Yes | Notes | Archive extraction |
| Package | wget |
Available in buildkite/agent:latest
|
Yes | Notes | File downloads |
| Package | lsof |
Available in buildkite/agent:latest
|
Yes | Notes | Process diagnostics |
| Package | docker |
Available in buildkite/agent:latest
|
Yes | Notes | Container builds |
| Package | zip |
Available in buildkite/agent:latest
|
No | Notes | Archive creation |
| Package | pigz |
Available in buildkite/agent:latest
|
No | Notes | Parallel compression |
| Package | aws-cli |
Available in buildkite/agent:latest
|
No | Notes | AWS operations |
| Package | amazon-ecr-credential-helper |
Available in buildkite/agent:latest
|
No | Notes | ECR authentication |
| Package | amazon-cloudwatch-agent |
Available in buildkite/agent:latest
|
No | Notes | AWS-specific monitoring |
| Package | amazon-ssm-agent |
Available in buildkite/agent:latest
|
No | Notes | AWS-specific management |
| Package | aws-cfn-bootstrap |
Available in buildkite/agent:latest
|
No | Notes | AWS CloudFormation |
| Package | ec2-instance-connect |
Available in buildkite/agent:latest
|
No | Notes | AWS-specific SSH |
| Package | mdadm |
Available in buildkite/agent:latest
|
No | Notes | RAID management |
| Package | nvme-cli |
Available in buildkite/agent:latest
|
No | Notes | NVMe disk management |
| Package | python-pip |
Available in buildkite/agent:latest
|
No | Notes | Python package management |
| Package | python-setuptools |
Available in buildkite/agent:latest
|
No | Notes | Python package building |
| Package | bind-utils |
Available in buildkite/agent:latest
|
No | Notes | DNS utilities (dig, nslookup) |
| Package | rsyslog |
Available in buildkite/agent:latest
|
No | Notes | System logging |
| Package | gnupg2 |
Available in buildkite/agent:latest
|
No | Notes | GPG signing and verification |
Handling missing packages
When a package your builds require is not available in the default agent image, you have three options:
- Use a Buildkite plugin that provides the functionality.
- Create a custom container image with the required packages.
- Install packages at runtime using an agent hook.
Using plugins
Plugins can provide tool functionality without modifying your container image. This approach works well for tools with existing plugin support.
For AWS CLI operations, use the aws-assume-role-with-web-identity plugin with OIDC, or provide AWS credentials to a container that includes the AWS CLI.
Browse the plugins directory for plugins that may provide the functionality you need.
Using custom container images
For packages used frequently across many pipelines, create a custom container image based on the Buildkite agent image or another base image.
Create a Dockerfile with the additional packages:
FROM buildkite/agent:latest
USER root
RUN apt-get update && apt-get install -y \
git-lfs \
zip \
pigz \
python3-pip \
dnsutils \
gnupg2 \
&& rm -rf /var/lib/apt/lists/*
USER buildkite-agent
For AWS CLI, install using pip or download the official installer:
FROM buildkite/agent:latest
USER root
RUN apt-get update && apt-get install -y \
curl \
unzip \
&& curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
&& unzip awscliv2.zip \
&& ./aws/install \
&& rm -rf awscliv2.zip aws \
&& rm -rf /var/lib/apt/lists/*
USER buildkite-agent
Build and push the image to your container registry:
docker build -t my-registry/buildkite-agent-custom:latest .
docker push my-registry/buildkite-agent-custom:latest
Use the custom image in your pipeline:
steps:
- label: "Build"
command: "make build"
agents:
queue: kubernetes
image: my-registry/buildkite-agent-custom:latest
Using agent hooks
For packages needed occasionally or for testing, install them at runtime using an agent hook. This approach adds latency to job startup but avoids maintaining custom images.
Create a pre-command hook that installs the required packages:
#!/bin/bash
set -euo pipefail
if ! command -v zip &> /dev/null; then
apt-get update && apt-get install -y zip
fi
Create a ConfigMap with the hook:
kubectl create configmap buildkite-hooks \
--from-file=pre-command=pre-command \
--namespace buildkite
Configure the controller to use the hook:
config:
agent-config:
hooks-path: /buildkite/hooks
hooksVolume:
name: buildkite-hooks
configMap:
name: buildkite-hooks
defaultMode: 493
Runtime installation limitations
Installing packages at runtime requires root access in your container and adds latency to every job. This approach works for testing but is not recommended for production workloads.
AWS-specific packages
Several packages in the Elastic CI Stack for AWS are AWS-specific and may not be needed when running on Kubernetes:
-
amazon-ssm-agent: Provides AWS Systems Manager access. Not applicable in Kubernetes. -
aws-cfn-bootstrap: Used for CloudFormation stack signaling. Not applicable in Kubernetes. -
ec2-instance-connect: Provides SSH access to EC2 instances. Usekubectl execfor pod access instead. -
amazon-cloudwatch-agent: For CloudWatch metrics and logs. Use Kubernetes-native observability tools or configure container logging to forward to CloudWatch if required. -
mdadmandnvme-cli: Low-level disk management tools. Kubernetes manages storage through PersistentVolumes.
If your builds use the AWS CLI for operations like S3 uploads or ECR authentication, include it in a custom container image or use the appropriate Buildkite plugins. See Amazon ECR authentication for ECR-specific guidance.