containers-roadmap
containers-roadmap copied to clipboard
[ECR] Make prefix optional on pull through caches
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
When configuring an ECR pull through cache for public.ecr.aws
, we're forced to set a namespace prefix. For example public.ecr.aws/datadog/agent:7.46.0
might gain an ecr-public
prefix and become <account_id>.dkr.ecr.us-east-1.amazonaws.com/ecr-public/datadog/agent:7.46.0
.
This is a hassle because a number of tools in the docker ecosystem (like buildkit) support auto mapping of registry hosts (like public.ecr.aws
to <account_id>.dkr.ecr.us-east-1.amazonaws.com
), but they don't support automatically adding a prefix to the image reference.
As a result, we must change our Dockerfile
s and docker-compose.yml
s to use the pull through cache images explicitly. It would be super nice if we could leave them referencing public.ecr.aws/datadog/agent:7.46.0
and the mapping could happen under the hood. This would be possible if the ecr-public
prefix was made optional.
This would be particularly helpful because it would leave the Dockerfile
and docker-compose.yml
in a shape that works for unauthenticated users on local machines.
Which service(s) is this request for? ECR
Are you currently working around this issue?
We are changing Dockerfile
and docker-compose.yml
to use the private ECR reference, but it requires users to login locally, and it prevents tools like dependabot from being able to update the files (they don't have access to our private ECR).