Panfactum LogoPanfactum
Infrastructure ModulesAWSaws_ecr_pull_through_cache

AWS ECR Pull Through Cache

aws_ecr_pull_through_cache
Stable
Live
Source Code Link

This module sets up AWS ECR to serve as a pull through cache for publicly available container images used in your Kubernetes clusters.

This provides several benefits:

  • Significantly improves startup time of both new nodes and new pods by pulling from localized data storage rather than the public internet
  • Improves resiliency to outages of public container registries which might otherwise cripple your infrastructure
  • Avoids the risk of hitting the rate limits imposed by public registries
  • Reduces costs associated with NAT gateways by keeping large image transfers inside your private network

Providers

The following providers are needed by this module:

Required Inputs

The following input variables are required:

docker_hub_access_token

Description: The access token of the Docker Hub user that will be used to pull images from Docker Hub

Type: string

docker_hub_username

Description: The username of the Docker Hub user that will be used to pull images from Docker Hub

Type: string

github_access_token

Description: The access token of the GitHub user that will be used to pull images from GitHub

Type: string

github_username

Description: The username of the GitHub user that will be used to pull images from GitHub

Type: string

Optional Inputs

The following input variables are optional (have default values):

Outputs

No outputs.

Usage

Upstream Registry Credentials

For some of the upstream registries, you MUST provide authentication information even if you are only accessing publicly available images (AWS limitation):

Configuring Repository Template

Pull through cache image repositories are dynamically created. You can control settings for those image repositories by setting up a creation template.

Unfortunately, AWS does not currently offer an API for that (tracked here). As a result, you will currently need to set this up manually after applying this module.