Skip to content

Investigate how to add support for AWS ECR #14914

Closed
@atduarte

Description

@atduarte

Investigate how to achieve #14891 #12104

  • build eks environment (We use the preview env with private AWS ECR)
  • setup private ECR
  • setup identity in IAM with proper roles
  • setup service account in EKS to use identity from ☝
  • run some experiments to determine a design that works. Options:
    • ...define an ECR secret that rotates every 12h (because it expires after that amount). See this for a summary and follow the link for background.
    • ...setup a service account, and use it to get a JWT with registry-facade and image-builder-mk3
    • ...setup a service account, and use it to get a JWT with blobserve

The AWS SDK will be helpful for both. To prototype sooner, it might be easier to start off by experimenting using the AWSCLI.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions