aws
[ECR] [request]: Force update for ECR pull through cache
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
It'd be great to be able to force ECR pull through cache to update even before the 24-hours period passes.
Which service(s) is this request for? ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
It would allow using just ECS force redeployment for deploying new :latest tag. Now you have to use specific tags and that results in creating new ECS task version for every deploy.
Are you currently working around this issue? Not using pull through cache (yet).
Might be a bit too extreme but I wouldn't mind a pull through cache that isn't a cache - just a proxy.
Proposed Usecase:
- Using EKS so ECR is pre authenticated for image pulls
- Pull through a centralised place for authentication, I can put my image pull credentials for upstreams in one place.
- Avoid having to put imagePullSecrets everywhere across my applications.
It's not a cache in the strictest sense, so I appreciate it's probably out of scope but it could be useful in some examples - especially when using :latest tags.
We have the exact same use case: We have some mutable tags and always need the latest version. So, ideally, ECR would always* check upstream if there's a newer digest for the tag.
*perhaps with a cool down of a minute or so
Big blocker for us atm.
We gave up on using ECR for anything that is not immutable. Even so, for flux, it is not useful (but not the fault of ECR), as the enumeration of new assets will not show those that were added to the upstream repo.
