aws_ecr_pull_through_cache
AWS ECR Pull Through Cache
This module sets up AWS ECR to serve as a pull through cache for publicly available container images used in your Kubernetes clusters.
This provides several benefits:
- Significantly improves startup time of both new nodes and new pods by pulling from localized data storage rather than the public internet
- Improves resiliency to outages of public container registries which might otherwise cripple your infrastructure
- Avoids the risk of hitting the rate limits imposed by public registries
- Reduces costs associated with NAT gateways by keeping large image transfers inside your private network
Providers
The following providers are needed by this module:
Required Inputs
The following input variables are required:
docker_hub_access_token
Description: The access token of the Docker Hub user that will be used to pull images from Docker Hub
Type: string
docker_hub_username
Description: The username of the Docker Hub user that will be used to pull images from Docker Hub
Type: string
github_access_token
Description: The access token of the GitHub user that will be used to pull images from GitHub
Type: string
github_username
Description: The username of the GitHub user that will be used to pull images from GitHub
Type: string
Optional Inputs
No optional inputs.
Outputs
No outputs.
Usage
Upstream Registry Credentials
For some of the upstream registries, you MUST provide authentication information even if you are only accessing publicly available images (AWS limitation):
- Docker Hub: Instructions
- GitHub: Instruction
Configuring Repository Template
Pull through cache image repositories are dynamically created. You can control settings for those image repositories by setting up a creation template.
Unfortunately, AWS does not currently offer an API for that (tracked here). As a result, you will currently need to set this up manually after applying this module.