cwaldren-ld
commented
1 year ago Hi @scott-brady , while I can't comment on any current plans or schedule, this makes sense as a useful addition. I've filed a feature request internally.
Open scott-brady opened 1 year ago
cwaldren-ld
commented
1 year ago Hi @scott-brady , while I can't comment on any current plans or schedule, this makes sense as a useful addition. I've filed a feature request internally.
scott-brady
commented
1 year ago No worries. Thanks @cwaldren-ld ! 👍
justin-masse
commented
7 months ago Bump for this - I was literally about to open this. We run everything serverless and are running the LD relay proxy in an AWS AppRunner service and without a public ECR copy available I have to upload to a private ECR which adds some security complexity with signing images/etc that I'd love to be avoided.
cwaldren-ld
commented
6 months ago Hi all, just an update to say we're working on this. I don't have a timeline.
cwaldren-ld
commented
6 months ago @scott-brady , in theory if we uploaded an image to ECR, the base image (Alpine) would still need to be pulled from Docker and you'd run into the request limits. So I'm not sure this would solve your particular problem.
We'd need to publish a different image that uses an Alpine published to ECR.
scott-brady
commented
6 months ago @cwaldren-ld Fair enough. Is that a drama for your image build process? Could this be done via a build arg? Looks like Alpine is available on ECR: https://gallery.ecr.aws/docker/library/alpine
cwaldren-ld
commented
4 months ago @scott-brady, @justin-masse , is this something that is still high on your priorities or has the situation changed?
justin-masse
commented
4 months ago @scott-brady, @justin-masse , is this something that is still high on your priorities or has the situation changed?
Not a huge deal for us since we need the container image signed. Since LD doesn't sign it we have to pull it down, self verify it, then sign it and upload it ourselves.
If you all decided to sign the image I'd buy you dinner 😀 then I could just pull and verify the sign and be done!
scott-brady
commented
4 months ago @scott-brady, @justin-masse , is this something that is still high on your priorities or has the situation changed?
Hi @cwaldren-ld . No, this is not a high priority for us.
We run the Relay Proxy as a Docker container on Amazon ECS. The container task definition is configured to pull the
launchdarkly/ld-relayimage anonymously from Docker Hub.Due to the pull limits Docker Hub applies to anonymous requests, we would prefer to use the Amazon ECR Public Gallery. This would be simpler for us to use than authenticating to Docker Hub because of the native support between ECR and ECS.
Would you consider additionally publishing
ld-relayimages to the ECR Public Gallery?