Open scott-brady opened 1 year ago
Hi @scott-brady , while I can't comment on any current plans or schedule, this makes sense as a useful addition. I've filed a feature request internally.
No worries. Thanks @cwaldren-ld ! 👍
Bump for this - I was literally about to open this. We run everything serverless and are running the LD relay proxy in an AWS AppRunner service and without a public ECR copy available I have to upload to a private ECR which adds some security complexity with signing images/etc that I'd love to be avoided.
Hi all, just an update to say we're working on this. I don't have a timeline.
@scott-brady , in theory if we uploaded an image to ECR, the base image (Alpine) would still need to be pulled from Docker and you'd run into the request limits. So I'm not sure this would solve your particular problem.
We'd need to publish a different image that uses an Alpine published to ECR.
@cwaldren-ld Fair enough. Is that a drama for your image build process? Could this be done via a build arg? Looks like Alpine is available on ECR: https://gallery.ecr.aws/docker/library/alpine
@scott-brady, @justin-masse , is this something that is still high on your priorities or has the situation changed?
@scott-brady, @justin-masse , is this something that is still high on your priorities or has the situation changed?
Not a huge deal for us since we need the container image signed. Since LD doesn't sign it we have to pull it down, self verify it, then sign it and upload it ourselves.
If you all decided to sign the image I'd buy you dinner 😀 then I could just pull and verify the sign and be done!
@scott-brady, @justin-masse , is this something that is still high on your priorities or has the situation changed?
Hi @cwaldren-ld . No, this is not a high priority for us.
We run the Relay Proxy as a Docker container on Amazon ECS. The container task definition is configured to pull the
launchdarkly/ld-relay
image anonymously from Docker Hub.Due to the pull limits Docker Hub applies to anonymous requests, we would prefer to use the Amazon ECR Public Gallery. This would be simpler for us to use than authenticating to Docker Hub because of the native support between ECR and ECS.
Would you consider additionally publishing
ld-relay
images to the ECR Public Gallery?