Support pulling executor images from AWS Container Repository when using a Deployment Runner Pool - Githubissues

pulumi / customer-managed-deployment-agent

Customer managed agent for https://www.pulumi.com/docs/pulumi-cloud/deployments/

Apache License 2.0

0 stars 0 forks source link

Support pulling executor images from AWS Container Repository when using a Deployment Runner Pool #16

Closed aureq closed 5 days ago

aureq commented 2 weeks ago

Hello!

Vote on this issue by adding a 👍 reaction
If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

When a customer is using their own Deployment Runner Pool, they may also want to pull the executor images from their private ECR repository. While the repository is private, if the underlying EC2 instance has the right instance profile and permissions, the docker CLI is able to pull private images correctly provided the ~/.docker/config.json contains the necessary information.

This feature is important for users and customers who do not wish to rely on public images, or operate in stricter security environment.

Affected area/feature

Pulumi Deployment
Deployment Runners

Notes

~/.docker/config.json

{"credsStore": "ecr-login"}

komalali commented 1 week ago

I think https://github.com/moby/moby/issues/39377 is the missing piece here. Seems like we would need to implement how the docker CLI handles this.

komalali commented 1 week ago

Worth mentioning that this issue spun out of https://github.com/pulumi/customer-managed-deployment-agent/issues/15

aureq commented 1 week ago

I also found this https://pkg.go.dev/github.com/docker/cli@v27.2.0+incompatible/cli/config/configfile and https://pkg.go.dev/github.com/docker/cli@v27.2.0+incompatible/cli/config

pulumi-bot commented 5 days ago

This PR has been shipped in release v1.3.0.