-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Codenvy and AWS ECR #444
Comments
Hi! For the onpremises enterprise version you can read about it here. On a user-basis, they can also reference those private registries using this syntax: |
Tyler thank you very much. I can see in documentation this options for private docker registries$docker.registry.auth.username= If no server is provided, Docker will default to authenticating at Docker Hub$docker.registry.auth.server=But the process of authenticating to AWS ECR is like this:
So the point is what i should paste into codenvy config in order to get access to AWS ECR. $docker.registry.auth.username=<USER_FROM_aws_get_login_COMMAND> But this is not very convinient and kills automatization. |
That is brutal. @skryzhny @skabashnyuk @riuvshin - any ideas on how an admin would handle configuring Codenvy onprem for private registries when AWS is changing the authentication TOKEN every 12 hours? @soanni - we may need you to absorb this with a cron job that reconfigures Codenvy every 6 hours. It wakes up, gets the new TOKEN, updates codenvy configuration with |
We had small discussion about this with @garagatyi . And we think that it's not ideal to reload wsmaster. We could have some kind of aws adapter that will get this token from java code and refresh it when it's needed. |
Ok - @skabashnyuk - we'll consider that for the future. In the meantime, for @soanni - we will need you to update the system once every 6-12 hours to avoid the TOKEN refresh problem. |
it seems that properties for private docker registry in documentation are outdated. vi /etc/puppet/manifests/nodes/codenvy/codenvy.pp here i'm setting up properties $docker.registry.auth.username= Then i'm doing Then i'm checking properties like this
There are no just set properties in the list. config docker_registry_auth_username= ERROR. No such property... config docker_registry_auth_username= ERROR. No such property.. |
@ddementieva - please take this as a support issue. This may be a docs issue. Please lets verify the parameters necessary for configuring access to private registry within Codenvy properties. |
@soanni: properties above should have at least empty values to appear in codenvy config command output :
Anyway, it will not help, and there is another property dedicated to set docker registry custom credentials: docker_registry_credentials. To add credentials please use following template: Please take a note that this is multiline variable separated by new line, you can add as many custom registries as you want. By default it is empty. Please take care about same prefix for each new set of credentials. Example of codenvy command to set docker_registry_credentials variable:
|
Thank you @dmytro-ndp @skabashnyuk @TylerJewell but i guess i still not able to add my AWS ECR because there is limitation to the length of password and AWS token has more characters |
I tried to add registry in CLI. There were no errors but there are no sign of our images in recepies when creating workspace and in Administration menu Docker registry is empty. However codenvy config shows me that property docker_registry_credentials is updated |
@soanni Have you tried to reference a custom workspace image at Custom Stack > Write your own stack? You can do that using the hostname and port of your registry, e.g. FROM my.registry.url:9000/image:latest (find more details on that at http://codenvy.readme.io/docs/configuration-docker#private-docker-registries) Or do you want to add a new stack so that it could appear on the Dashboard? |
After the upgrade to 4.5.1 i can't edit the recipies when i'm trying to create a new machine inside an existing workspace. I can add,delete recepies, but the field with dockerfile contents itself is not editable |
Bug confirmed. You may track it with eclipse-che/che#1967 Is your original issue with adding docker registry resolved? |
Okay, i did the way @dmytro-ndp said me to do and now when i create the workspace i can write my own Dockerfile with FROM my_registry and the image is pulling. |
@soanni - we will be supporting docker-compose syntax as a recipe input before the end of the quarter. This will orchestrate multi-machine workspaces with a network overlay. We had a demo of this at Red Hat DevNation a few weeks ago. |
Yeah, i read about it. But now i face the issue that i can't add the machine with my custom receipe due to the bug of uneditable screen. |
this bug really is a big stopper now. may be it's better to rollback to 4.4 for now? |
@soanni - if you need multi-machine launches coordinated before we provide formal support for compose syntax, I would recommend that we work with you to write some REST API scripts using curl to create workspaces + additional machines in a single transactional syntax. We want to deprecate the operations view - that is more of a debugging view than a view intended for editing machine definitions. With all of the recipe definitions and stack management going into the dashboard, where the experience will be more joyful. |
@TylerJewell thank you for the answer. I really need multi-machine launches. We have a lot of products that are using several components better be spreaded on several machines. The Operations view is fine for me and very easy to use. using REST API (even via Swagger) is much more time-consuming. |
@soanni - I think managing all of your requirements is going to be hard in GitHub. So, I propose that @bmicklea and @JamesDrummond make sure we capture all of the issues + priorities for your account, and we'll keep them well prioritized. Here are the things that we need to do:
|
@TylerJewell thank you. |
Closing as this is cross referenced and tracked with other issues. I think we have handled it pretty well. |
Hello, Codenvy team.
Can somebody tell me if there is a way to connect Codenvy and private docker registry (AWS ECR).
Is it possible due to specific authentication mechanism in AWS ECR?
Thank you in advance for help.
The text was updated successfully, but these errors were encountered: