binderhub icon indicating copy to clipboard operation
binderhub copied to clipboard
verified publisher icon jupyterhub

Support dynamic registry tokens, add wrapper for working with registry microservice

Open manics opened this issue 2 years ago • 1 comments

This is a companion for https://github.com/jupyterhub/repo2docker/pull/1245 that allows dynamic credentials t be used for pushing to a registry. This is required for e.g. ECR where the token used to login to the reigistry expires.

This also implements the non-vendor specific parts of https://github.com/jupyterhub/binderhub/issues/1623

Closes https://github.com/jupyterhub/binderhub/issues/705

You can see an example implementation of the microservice side in https://github.com/manics/binderhub-container-registry-helper This is working with AWS ECR using an IRSA role for the microservice.

It's written in Go as I wanted to learn it, but if we choose to pursue this rewriting it in Python (or Javascript, or any other language) shouldn't be too difficult.

manics avatar Feb 21 '23 00:02 manics

Anyone else have thoughts on this? @stevejpurves is interested in using it.

manics avatar Sep 19 '24 22:09 manics

@yuvipanda do you have any thoughts on this?

manics avatar Dec 21 '24 17:12 manics

This has been ready for 6 months, and it's effectively been in production (though being overriden in https://github.com/jupyterhub/mybinder.org-deploy/blob/b9439b5b15263ff703ea46c07bfd6c4584d1422c/config/curvenote.yaml#L59-L148) so merging!

manics avatar Jan 14 '25 16:01 manics

Sorry for dropping this @manics! Happy for you to have merged this!

yuvipanda avatar Jan 14 '25 17:01 yuvipanda