hasura / gitkube

Build and deploy docker images to Kubernetes using git push
Apache License 2.0
3.81k stars 208 forks source link

Integrate with ECR #68

Open tirumaraiselvan opened 6 years ago

tirumaraiselvan commented 6 years ago

ECR currently does not automatically create repositories on push unlike docker hub. How (where) should we handle this logic ?

tirumaraiselvan commented 6 years ago

One way is to ask (infer) the repo in remote CR and create tags instead of creating repositories i.e.

tirumarai/test:247ff5 (dockerhub) becomes

tirumarai:test-247ff5 (ecr)

shahidhk commented 6 years ago

How easy is it to create the registry? Provided the cluster has required IAM to do so?

coco98 commented 6 years ago

I don't know enough about this problem, but for now we should just have documentation that can be a manual step. I think all these problems will go away in the months to come anyway. So we should definitely not try to solve it from inside gitkube or the gitkube CLI.

-- Tanmai

On Thu, May 24, 2018 at 11:36 PM Shahidh K Muhammed < notifications@github.com> wrote:

How easy is it to create the registry? Provided the cluster has required IAM to do so?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hasura/gitkube/issues/68#issuecomment-391956423, or mute the thread https://github.com/notifications/unsubscribe-auth/AAIAWCOy0_Up8USd4R8eh6Ng02Ke3BRzks5t16ZpgaJpZM4ULe7j .

tirumaraiselvan commented 6 years ago

It is either an HTTP call or aws cli. Either way it breaks the current pattern and proves an exception (till now). If we come up with some other registry which also has the same problem then we need to think about solving the problem more generally. I guess for the time being we can make it a manual step.

nizar-m commented 6 years ago

Also the authentication to the AWS container registry lasts only for 12 hours. You have to keep renewing the docker credentials. Something like this cronjob will have to be run to keep the imagePullSecret renewed.

tirumaraiselvan commented 6 years ago

@nizar-m Yes, but that is clearly out of the scope of gitkube.

nizar-m commented 6 years ago

Docker push will fail if you use the command 'aws ecr get-login' to create the dockerPullSecrets and you end up doing it after 12 hours.