search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
23.05k stars 4.65k forks source link

Support ECR Public registry as a registry source with authentication #20055

Open rohitshubham opened 4 months ago

rohitshubham commented 4 months ago

Is your feature request related to a problem? Please describe.

We are trying to setup harbor as a pull-through cache for our organisation. One of the major issues that we have faced (and the reason we wanted to setup harbor) was that we were getting throttled by ECR public (public.ecr.aws) registry images. While harbor supports authenticated ECR pull through cache for private ECR, it doesn't seem like authenticated ECR public is being supported at the moment.

I know we can register public.ecr.aws as a docker registry without authentication and it's working well for sometime, but eventually we are getting rate limited because we are making unauthenticated requests.

(The rate of unauthenticated image pulls is 1 per second vs 10 per second for authenticated requests https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html)

So we are getting throttled even when using harbor as a pull through cache.

Describe the solution you'd like Ideally, harbor should support public ecr as an image source. There are quite a few important images being hosted on that registry such as karpenter.

Describe the main design/architecture of your solution AWS SDK for Go includes a different submodule for getting authentication tokens and the ecr-private tokens can't be used (https://github.com/aws/aws-sdk-go/tree/main/service/ecr vs https://github.com/aws/aws-sdk-go/tree/main/service/ecrpublic). Also, as opposed to the private ECR links which authenticate using Basic auth, it seems like public ecr needs bearer token.

Additional context Add any other context or screenshots about the feature request here.

github-actions[bot] commented 2 months ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] commented 4 days ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.