AWS ECR Pull Through Cache
aws_ecr_pull_through_cache
This module sets up AWS ECR to serve as a pull through cache for publicly available container images used in your Kubernetes clusters.
This provides several benefits:
- Significantly improves startup time of both new nodes and new pods by pulling from localized data storage rather than the public internet
- Improves resiliency to outages of public container registries which might otherwise cripple your infrastructure
- Avoids the risk of hitting the rate limits imposed by public registries
- Reduces costs associated with NAT gateways by keeping large image transfers inside your private network
Providers
The following providers are needed by this module:
- aws (5.39.1)
Required Inputs
The following input variables are required:
docker_hub_access_token
Description: The access token of the Docker Hub user that will be used to pull images from Docker Hub
Type: string
docker_hub_username
Description: The username of the Docker Hub user that will be used to pull images from Docker Hub
Type: string
github_access_token
Description: The access token of the GitHub user that will be used to pull images from GitHub
Type: string
github_username
Description: The username of the GitHub user that will be used to pull images from GitHub
Type: string
Optional Inputs
The following input variables are optional (have default values):
Outputs
No outputs.
Usage
Upstream Registry Credentials
For some of the upstream registries, you MUST provide authentication information even if you are only accessing publicly available images (AWS limitation):
- Docker Hub: Instructions
- GitHub: Instruction
Configuring Repository Template
Pull through cache image repositories are dynamically created. You can control settings for those image repositories by setting up a creation template.
Unfortunately, AWS does not currently offer an API for that (tracked here). As a result, you will currently need to set this up manually after applying this module.