Add docker repo override feature to layer0

[sesh-kebab]

What does this pull request do? Adds a new configuration called docker-repo-override to l0-setup. This allows the user to specify a mapping of docker image prefixes. For example, the value can be set to: d.ims.io:12345.dkr.ecr.us-west-2.amazonaws.com.

One use case this allows is to allow images to be pulled from an ECR repository without specifying docker credentials.

How should this be tested?

1. Create a new l0 instance in a repository other than the carbon account (like the chunnel) with the mapping d.ims.io:<carbon_aws_account_Id>.dkr.ecr.us-west-2.amazonaws.com (Or you can re-use my instance seshichunnels)
2. Create a guestbook deploy l0 deploy create <task definition> guestbook-dpl a. Confirm the deploy correctly replaces the image prefix correctly go run main.go -o json deploy get guestbook-dpl | jq '.[0].dockerrun' -r | base64 -d | jq .
3. Create a new environment and load balancer l0 create environment demo-env && l0 loadbalancer create --port 80:80/http demo-env guestbook-lb
4. Create a service that uses the deploy and load balancer created in the previous steps l0 environment create demo-env
5. Confirm the service is up and running l0 service create --loadbalancer demo-env:guestbook-lb demo-env guestbook-svc guestbook-dpl:latest

If the above steps worked, it would've meant that instead of pulling the image via a proxy docker repo frontend (like d.ims.io), the image was pulled directly from ECR by the ecs-agent authenticating using the IAM Role permissions. The image d.ims.io/quintilesims/guestbook is also hosted on the carbon account's ECR. So the test confirms that cross-account access will also work.

Notes: An image called d.ims.io/quintilesims/guestbook:latest already exists.

You can use the below task definition for step 2:

    "AWSEBDockerrunVersion": 2,
    "requiresCompatibilities": [ "EC2" ],
    "containerDefinitions": [
        {
            "name": "guestbook",
            "image": "d.ims.io/quintiles/guestbook",
            "essential": true,
            "memory": 128,
            "portMappings": [
                {
                    "hostPort": 80,
                    "containerPort": 80
                }
            ]
        }
    ]
}

Checklist

• [x] Unit tests
• ~[ ] Smoke tests (if applicable)~
• ~[ ] System tests (if applicable)~
• [x] Documentation (if applicable)

closes #540 links https://github.com/quintilesims/d.ims.io/pull/58

[sesh-kebab]

The mapping argument is an alternative to using docker config when creating a layer0 instance. So it isn't about a necessary or unecessary step, but giving the user an option in how they want the container instances to pull the images.

[zpatrick]

They can already do that right now, correct? If they use images with the ecr tag in the deploy file?

[sesh-kebab]

If they are hosting in carbon, yes. Assuming by ecr tag you mean the ecr uri prefix e.g., 12345.dkr.ecr.us-west-2.amazonaws.com in the image.

[sesh-kebab]

closing due to inactivity and priority. might be worthwhile re-visting at some point.

[diemonster]

I think we should consider merging this provided we have some end-user documentation

[diemonster]

Old PR, closing for now.