Open rohitshubham opened 4 months ago
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
Is your feature request related to a problem? Please describe.
We are trying to setup harbor as a pull-through cache for our organisation. One of the major issues that we have faced (and the reason we wanted to setup harbor) was that we were getting throttled by ECR public (
public.ecr.aws
) registry images. While harbor supports authenticated ECR pull through cache for private ECR, it doesn't seem like authenticated ECR public is being supported at the moment.I know we can register
public.ecr.aws
as a docker registry without authentication and it's working well for sometime, but eventually we are getting rate limited because we are making unauthenticated requests.(The rate of unauthenticated image pulls is 1 per second vs 10 per second for authenticated requests https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html)
So we are getting throttled even when using harbor as a pull through cache.
Describe the solution you'd like Ideally, harbor should support public ecr as an image source. There are quite a few important images being hosted on that registry such as karpenter.
Describe the main design/architecture of your solution AWS SDK for Go includes a different submodule for getting
authentication
tokens and the ecr-private tokens can't be used (https://github.com/aws/aws-sdk-go/tree/main/service/ecr vs https://github.com/aws/aws-sdk-go/tree/main/service/ecrpublic). Also, as opposed to the private ECR links which authenticate using Basic auth, it seems like public ecr needsbearer
token.Additional context Add any other context or screenshots about the feature request here.