Bump min/default docker API version to 1.24

Author: sparrc

agent/app/agent.go

@@ -1098,25 +1098,25 @@ func (agent *ecsAgent) startACSSession(
 }
 
 // validateRequiredVersion validates docker version.
-// Minimum docker version supported is 1.9.0, maps to api version 1.21
-// see https://docs.docker.com/develop/sdk/#api-version-matrix
+// Minimum docker version supported is 1.12.0, maps to api version 1.24
+// see https://docs.docker.com/engine/release-notes/prior-releases/. Docker API
+// versions prior to 1.24 are deprecated as of Jan 2024. See
+// https://docs.docker.com/engine/api/#deprecated-api-versions
 func (agent *ecsAgent) verifyRequiredDockerVersion() (int, bool) {
 	supportedVersions := agent.dockerClient.SupportedVersions()
 	if len(supportedVersions) == 0 {
 		seelog.Critical("Could not get supported docker versions.")
 		return exitcodes.ExitError, false
 	}
 
-	// if api version 1.21 is supported, it means docker version is at least 1.9.0
 	for _, version := range supportedVersions {
-		if version == dockerclient.Version_1_21 {
+		if version == dockerclient.MinDockerAPIVersion {
 			return -1, true
 		}
 	}
 
-	// api 1.21 is not supported, docker version is older than 1.9.0
 	seelog.Criticalf("Required minimum docker API verion %s is not supported",
-		dockerclient.Version_1_21)
+		dockerclient.MinDockerAPIVersion)
 	return exitcodes.ExitTerminal, false
 }
 

agent/app/agent_capability.go

@@ -206,9 +206,13 @@ func (agent *ecsAgent) capabilities() ([]*ecs.Attribute, error) {
 	}
 
 	supportedVersions := make(map[dockerclient.DockerVersion]bool)
-	// Determine API versions to report as supported. Supported versions are also used for capability-enablement, except
-	// logging drivers.
-	for _, version := range agent.dockerClient.SupportedVersions() {
+	// Determine API versions to report as supported via com.amazonaws.ecs.capability.docker-remote-api.X.XX capabilities
+	// We advertise all known versions here rather than "supported" versions. The reason for this is that ECS backend
+	// adds required capabilities to some features at the minimum supported version. If this is less than our Minimum
+	// supported version (currently 1.24), then the capability will not match.
+	// In other words, here we advertise supporting docker api versions that this agent may not actually support, for the
+	// sake of task definition required attributes.
+	for _, version := range dockerclient.GetKnownAPIVersions() {
 		capabilities = appendNameOnlyAttribute(capabilities, capabilityPrefix+"docker-remote-api."+string(version))
 		supportedVersions[version] = true
 	}
@@ -311,12 +315,12 @@ func (agent *ecsAgent) capabilities() ([]*ecs.Attribute, error) {
 
 func (agent *ecsAgent) appendDockerDependentCapabilities(capabilities []*ecs.Attribute,
 	supportedVersions map[dockerclient.DockerVersion]bool) []*ecs.Attribute {
-	if _, ok := supportedVersions[dockerclient.Version_1_19]; ok {
+	if _, ok := supportedVersions[dockerclient.MinDockerAPIVersion]; ok {
 		capabilities = appendNameOnlyAttribute(capabilities, capabilityPrefix+"ecr-auth")
 		capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+"execution-role-ecr-pull")
 	}
 
-	if _, ok := supportedVersions[dockerclient.Version_1_24]; ok && !agent.cfg.DisableDockerHealthCheck.Enabled() {
+	if _, ok := supportedVersions[dockerclient.MinDockerAPIVersion]; ok && !agent.cfg.DisableDockerHealthCheck.Enabled() {
 		// Docker health check was added in API 1.24
 		capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+"container-health-check")
 	}
@@ -361,7 +365,7 @@ func (agent *ecsAgent) appendTaskIamRoleCapabilities(capabilities []*ecs.Attribu
 		// The "task-iam-role" capability is supported for docker v1.7.x onwards
 		// Refer https://github.com/docker/docker/blob/master/docs/reference/api/docker_remote_api.md
 		// to lookup the table of docker supportedVersions to API supportedVersions
-		if _, ok := supportedVersions[dockerclient.Version_1_19]; ok {
+		if _, ok := supportedVersions[dockerclient.MinDockerAPIVersion]; ok {
 			capabilities = appendNameOnlyAttribute(capabilities, capabilityPrefix+capabilityTaskIAMRole)
 		} else {
 			seelog.Warn("Task IAM Role not enabled due to unsuppported Docker version")
@@ -370,7 +374,7 @@ func (agent *ecsAgent) appendTaskIamRoleCapabilities(capabilities []*ecs.Attribu
 
 	if agent.cfg.TaskIAMRoleEnabledForNetworkHost {
 		// The "task-iam-role-network-host" capability is supported for docker v1.7.x onwards
-		if _, ok := supportedVersions[dockerclient.Version_1_19]; ok {
+		if _, ok := supportedVersions[dockerclient.MinDockerAPIVersion]; ok {
 			capabilities = appendNameOnlyAttribute(capabilities, capabilityPrefix+capabilityTaskIAMRoleNetHost)
 		} else {
 			seelog.Warn("Task IAM Role for Host Network not enabled due to unsuppported Docker version")
@@ -381,7 +385,7 @@ func (agent *ecsAgent) appendTaskIamRoleCapabilities(capabilities []*ecs.Attribu
 
 func (agent *ecsAgent) appendTaskCPUMemLimitCapabilities(capabilities []*ecs.Attribute, supportedVersions map[dockerclient.DockerVersion]bool) ([]*ecs.Attribute, error) {
 	if agent.cfg.TaskCPUMemLimit.Enabled() {
-		if _, ok := supportedVersions[dockerclient.Version_1_22]; ok {
+		if _, ok := supportedVersions[dockerclient.MinDockerAPIVersion]; ok {
 			capabilities = appendNameOnlyAttribute(capabilities, attributePrefix+capabilityTaskCPUMemLimit)
 		} else if agent.cfg.TaskCPUMemLimit.Value == config.ExplicitlyEnabled {
 			// explicitly enabled -- return an error because we cannot fulfil an explicit request