search

MatthiasScholz / cos

Basic Cluster Orchestration Setup
GNU Lesser General Public License v3.0
34 stars 11 forks source link

B/51 docker pull issue #52

Closed ThomasObenaus closed 5 years ago

ThomasObenaus commented 5 years ago

Changes

With this adjustment it is possible to load docker images from public docker repositories (like Docker Hub) and from the ECR of the AWS account wherein the COS is deployed.

Therefore instead of using the docker credStore option, to enable the ecr-login helper, only the credHelper option is used only for this purpose. Thus it is possible to specify to use the ecr-login helper only for the ECR of the AWS account. All other docker pull requests (i.e. to Docker Hub) are made without credentials.

This solves #51.

Tested

  1. Tested by deploying the ping-service using the image from docker hub image = "thobe/ping_service:0.0.9"
  2. Tested by deploying the ping-service using the image from the ECR of the account where the COS was deployed to (root-example): image = "<aws_account_id>.dkr.ecr.us-east-1.amazonaws.com"
MatthiasScholz commented 5 years ago

NOTE

It is very important to mention that with this changes the AWS ECR ( Docker registry ) which has to be used is now bound to the one the cluster is running in!

Usually this is not a problem, since this will be the setup in most of the cases. Furthermore I would even consider it a best practice to reduce the inter-account dependencies. BUT it reduces the flexibility.

Hence it should be mentioned in the documentation.