Instructions for running ignite using ECR (AWS Elastic Container Registry), or really anything that is not docker.

[Khalian]

Hi

I am trying to use ECR as our OCI image repository, and I cannot get ignite working with images from ECR (the reason for this is that I cant just be using docker hub as is, since we need to put some sensitive proprietary code in there).

I tried the following

1. Ran the instructions on https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-pull-ecr-image.html. Then ran docker images and confirmed the image is locally stored.

2. Ran ignite with the image, I got an error like

" failed to resolve reference "The ECR image here which I scrubbed from this message:java": unexpected status code [manifests java]: 401 Unauthorized

which I presume means ignite cant find the repository.

Is there support for registries outside of docker hub and are there instructions I can use to use ignite with those registries? Thanks.

[Khalian]

Ok, I think I made some progress

I was looking at https://github.com/weaveworks/ignite/pull/564

And I managed to provide the ECR Image URI and import the image, so something like this

sudo /usr/local/bin/ignite image import myaccountId.dkr.ecr.us-west-2.amazonaws.com/prototype:lates --runtime=docker

And it seems the thing is now visible under sudo /usr/local/bin/ignite image import

So that works, and I should be using the docker runtime and not the containerd runtime.

I am thinking, we don't have much documentation for the container runtimes, or how to import images (the installation makes an implicit assumption that we use containerd runtime at all times).

I can write that for you guys, but where should it go ? installation instructions or somewhere else?

Also how do I permanently keep using the docker runtime, instead of having to overload the --runtime artifact?

[stealthybox]

Also how do I permanently keep using the docker runtime, instead of having to overload the --runtime artifact?

We recently added the option for a global config file which supports setting runtime among other defaults: https://ignite.readthedocs.io/en/latest/ignite-configuration/

[Khalian]

Ah awesome that helps quite a bit.

However, I think I should still invest in writing documentation on how to handle registries other than docker hub.

There seems to be this implied contract (correct me if I am wrong) that these OCI images are vended by docker hub.

Its not self evident how I should interact with these other registries. For instance I am trying to use ECR, and for ECR you have to do these very specific steps to get it to work (like for instance pull using docker pull since ignite cant authenticate with ECR for some reason, so docker pull gets the image locally and then ignite reads it from the cache).

[stealthybox]

However, I think I should still invest in writing documentation on how to handle registries other than docker hub.

Yes, thanks. This is the heart of the issue, and we haven't addressed it yet.

I presume you could use the containerd runtime, as long as containerd was properly authenticated for your ECR repo. I know this is possible via kubernetes, but I'm not knowledgeable yet on how to configure a raw containerd install.

If you would like to contribute a doc for "Image repos and container runtimes", I think that would be a great addition. You should just be able to create a new *.md file in the proper docs dir, and it will be added to the latest docs site on merge :)