Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
When configuring an ECR pull through cache for public.ecr.aws, we're forced to set a namespace prefix. For example public.ecr.aws/datadog/agent:7.46.0 might gain an ecr-public prefix and become <account_id>.dkr.ecr.us-east-1.amazonaws.com/ecr-public/datadog/agent:7.46.0.
This is a hassle because a number of tools in the docker ecosystem (like buildkit) support auto mapping of registry hosts (like public.ecr.aws to <account_id>.dkr.ecr.us-east-1.amazonaws.com), but they don't support automatically adding a prefix to the image reference.
As a result, we must change our Dockerfiles and docker-compose.ymls to use the pull through cache images explicitly. It would be super nice if we could leave them referencing public.ecr.aws/datadog/agent:7.46.0 and the mapping could happen under the hood. This would be possible if the ecr-public prefix was made optional.
This would be particularly helpful because it would leave the Dockerfile and docker-compose.yml in a shape that works for unauthenticated users on local machines.
Which service(s) is this request for?
ECR
Are you currently working around this issue?
We are changing Dockerfile and docker-compose.ymlto use the private ECR reference, but it requires users to login locally, and it prevents tools like dependabot from being able to update the files (they don't have access to our private ECR).
All I see here is the title of the Issue. That doesn't adequately describe the request to ECR, i.e. what the OP wants ECR to do. Can someone please explain what the gist of the request is or explain what the title means?
Community Note
Tell us about your request When configuring an ECR pull through cache for
public.ecr.aws
, we're forced to set a namespace prefix. For examplepublic.ecr.aws/datadog/agent:7.46.0
might gain anecr-public
prefix and become<account_id>.dkr.ecr.us-east-1.amazonaws.com/ecr-public/datadog/agent:7.46.0
.This is a hassle because a number of tools in the docker ecosystem (like buildkit) support auto mapping of registry hosts (like
public.ecr.aws
to<account_id>.dkr.ecr.us-east-1.amazonaws.com
), but they don't support automatically adding a prefix to the image reference.As a result, we must change our
Dockerfile
s anddocker-compose.yml
s to use the pull through cache images explicitly. It would be super nice if we could leave them referencingpublic.ecr.aws/datadog/agent:7.46.0
and the mapping could happen under the hood. This would be possible if theecr-public
prefix was made optional.This would be particularly helpful because it would leave the
Dockerfile
anddocker-compose.yml
in a shape that works for unauthenticated users on local machines.Which service(s) is this request for? ECR
Are you currently working around this issue? We are changing
Dockerfile
anddocker-compose.yml
to use the private ECR reference, but it requires users to login locally, and it prevents tools like dependabot from being able to update the files (they don't have access to our private ECR).