Open rahulbot opened 9 months ago
By tweaking a docker configuration file, I was able to make ramos.angwin:5000 an acceptable insecure image repository (tho I may have had to manually pull the image to other nodes). There may have been some grumbling about image signing.
My $0.02:
Disclaimer: I'm not a Docker purist, so I have no religion about this.
Using a real/secure repo is probably a pain (wouldn't want to check the keys into a public git repo), and since we're working in a closed/hidden cluster it doesn't seem (to me) like there is risk in using an insecure, local repo.
BUT, if all the containers using the indexer-worker (and any web-search-api) images run on one server (ie; bernstein), it may all be a moot point.
Using Github's CI could work for this case, we could have a CI to build and publish the Images to the repo of choice (Dockerhub/AWS ECR) one one of the actions such as pushing to staging/release. The authentication should be a one off process. Ref https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
We are effectively using GitHub CI to build and push news-search-index
images to DockerHub whenever a new tag is pushed to GH. So I think that process (as described above) could work well here too.
(potentially related to #200)
I think I heard this go past as a question: where do we hold our built images for deployment. We need to decide if there is a local store or we use one of the image hosting services that exist. Please comment if I misunderstood or this need more urgency.