Skip to content

Add ECR authentication support to image-builder #18506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 14, 2023
Merged

Add ECR authentication support to image-builder #18506

merged 5 commits into from
Aug 14, 2023

Conversation

csweichel
Copy link
Contributor

@csweichel csweichel commented Aug 13, 2023
edited by ghost
Loading

Description

This PR adds ECR auth support to image builder. For an ECR registry to become accessible, it needs to be listed explicitly in the build request, e.g. using defaultBaseImageRegistryWhitelist.

Building images with private ECR images does not work yet, only pulling them directly.

Summary generated by Copilot

🤖 Generated by Copilot at 50edde1

This pull request adds support for additional authentication for Amazon ECR repositories in the image-builder-mk3 and image-builder-api components. This feature allows users to access private ECR repositories using IAM roles for service accounts. It also updates the configuration and installation packages to enable this feature. It modifies the auth, orchestrator, and resolve packages in the image-builder-mk3 component, and the config package in the image-builder-api component. It also changes the files components/image-builder-mk3/go.mod, components/image-builder-api/go/config/config.go, install/installer/pkg/components/image-builder-mk3/configmap.go, and install/installer/pkg/config/v1/config.go.

How to test

This change is deployed to dev-internal.
There's a test image at 422899872803.dkr.ecr.eu-central-1.amazonaws.com/private-repo-demo:latest.

  • branch with that image configured here
  • branch with a Dockerfile using that image here

Documentation

Preview status

gitpod:summary

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@csweichel csweichel requested a review from a team as a code owner August 13, 2023 20:53
@roboquat roboquat added size/XL and removed size/L labels Aug 13, 2023
@csweichel csweichel force-pushed the cw/add-ecr-auth branch 2 times, most recently from 4555b08 to f68ad77 Compare August 14, 2023 07:02
@roboquat roboquat added size/L and removed size/XL labels Aug 14, 2023
easyCZ
easyCZ reviewed Aug 14, 2023
View reviewed changes
@roboquat roboquat merged commit 59900e8 into main Aug 14, 2023
@roboquat roboquat deleted the cw/add-ecr-auth branch August 14, 2023 08:36
@mustard-mh mustard-mh mentioned this pull request Sep 15, 2023
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@easyCZ easyCZ easyCZ left review comments

@aledbf aledbf aledbf approved these changes

Assignees
No one assigned
Labels
size/L team: team-engine
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@csweichel @aledbf @easyCZ @roboquat