Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request] ECR support - create repos in ECR API before push #504

Open
alexellis opened this issue Sep 4, 2019 · 2 comments

Comments

@alexellis
Copy link
Member

commented Sep 4, 2019

The OpenFaaS Cloud CI/CD pipeline creates Docker images in a remote registry and those image tags are dynamic. ECR doesn't support this behaviour in the same way as the Docker Hub or other registries we've used so far.

Expected Behaviour

As an AWS user, I should be able to use AWS ECR for my images

Current Behaviour

ECR won't work because an API call is required to create each image name, before it's pushed.

The Open Source Docker registry and the Docker Hub does not require this, but ECR is consistent with Quay.io and potentially other registries like sonatype Nexus.

Possible Solution

The repo needs to be created before the build is carried out, which would mean adding code to buildshiprun around this line:

https://github.com/openfaas/openfaas-cloud/blob/master/buildshiprun/handler.go#L86

An initial working prototype may alter buildshiprun directly, but a more polished solution may deploy yet another OFC function, or exist in a separate generic library and be vendored in.

An AWS IAM role will be required.

@mhausenblas (AWS) was very helpful 🙏 and provided me with the following resources that I think help solve the problem:

Once added the code will need to accept a new access key ID and secret access key for the ECR API, this will also have to be inputted via ofc-bootstrap

Context

Customers on AWS tend to want to use ECR

If you want this, or want to help build it please comment 👇

@alexellis alexellis changed the title [Feature request] ECR support [Feature request] ECR support - create repos in ECR API before push Sep 4, 2019
@alexellis

This comment has been minimized.

Copy link
Member Author

commented Sep 4, 2019

Here's the bad news.. the push token has to be renewed every 12 hours https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-basics.html

@burtonr

This comment has been minimized.

Copy link
Member

commented Sep 4, 2019

FluxCD have created a registry package that manages the auth and handles the token refresh: https://github.com/fluxcd/flux/tree/master/registry

courtesy of @stefanprodan 💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.