docker-image-resource
docker-image-resource copied to clipboard
concourse
support public.ecr.aws
AWS has introduced public ECR registries, and when configured the url of the registry is public.ecr.aws. The same url is used for both push and pull.
docker-image-resource currently won't supply AWS credentials unless it matches the ECR regex https://github.com/concourse/docker-image-resource/blob/master/assets/out#L232
https://aws.amazon.com/about-aws/whats-new/2020/12/announcing-amazon-ecr-public-and-amazon-ecr-public-gallery/
additionally, the command to get credentials from ECR into docker have changed
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/<alias>
...
docker push public.ecr.aws/<alias>/<namespace>/<repository>
Is there any development in this? Seems like pushing public image is not working:
WARN[0000] ECR integration is experimental and untested
INFO[0002] pushing tag(s) latest
ERRO[0002] pushing image failed: pushing tag(s): POST https://********.dkr.ecr.*******.amazonaws.com/v2/********/blobs/uploads/: NAME_UNKNOWN: The repository with name '********' does not exist in the registry with id '********'
The [simplest/most-common?] use-case for public ECR instead of Docker Hub (subject to rate-limits):
...workloads running in AWS will get unlimited data bandwidth from any region when pulling publicly shared images hosted on AWS.
-AWS
If @gdamjan's sleuthing is correct, that RegEx constraint should definitely be relaxed in order for a simple pipeline (below) to work, rt? https://github.com/concourse/docker-image-resource/blob/273da71dd43b27748908897e516f016c52266fe1/assets/out#L232
simple pipeline
---
resources:
- name: node-image
type: registry-image
source:
tag: lts-gallium
repository: public.ecr.aws/docker/library/node
[...]
jobs:
- name: my-job
plan:
- task: use-node-image
image: node-image
config: [...]
