Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ECR PrivateLink Support #1

Closed
abby-fuller opened this issue Nov 28, 2018 · 23 comments
Closed

ECR PrivateLink Support #1

abby-fuller opened this issue Nov 28, 2018 · 23 comments
Labels
ECR Amazon Elastic Container Registry

Comments

@abby-fuller
Copy link
Contributor

abby-fuller commented Nov 28, 2018

Provide customers with private endpoint access to their Amazon ECR repositories.

@abby-fuller abby-fuller added the ECR Amazon Elastic Container Registry label Nov 28, 2018
@abby-fuller abby-fuller changed the title Provide customers with private endpoint access to their Amazon ECR repositories. ECR PrivateLink Nov 28, 2018
@coultn
Copy link

coultn commented Dec 5, 2018

This should address or least mitigate the need for https://github.com/aws/amazon-ecs-agent/issues/1447.

@pauncejones pauncejones changed the title ECR PrivateLink ECR PrivateLink Support Dec 5, 2018
@copumpkin
Copy link

As well as adding an enthusiastic vote for this, I'd like to vote for endpoint policies on the PrivateLink when it comes 😄 same with #20 and #22 of course

@jtoberon
Copy link

As well as adding an enthusiastic vote for this, I'd like to vote for endpoint policies on the PrivateLink when it comes 😄 same with #20 and #22 of course

We decided to break out this feature in order to ship PrivateLink sooner: #132

@christopherhein
Copy link

🚀 https://aws.amazon.com/about-aws/whats-new/2019/01/aws-fargate--amazon-ecs--and-amazon-ecr-now-have-support-for-aws/

@abby-fuller
Copy link
Contributor Author

shipped 1/25!

@jtoberon
Copy link

jtoberon commented Jan 26, 2019

We're reopening this because we need to clarify a few details: You need to upgrade to the latest ECS agent, 1.25.1. If you rely on the ECR credentials helper, you need to upgrade, too. Fargate support is not available yet, but will be available soon.

@jtoberon jtoberon reopened this Jan 26, 2019
@copumpkin
Copy link

@jtoberon what goes wrong if you use it with Fargate? I just saw a blog post on the AWS blog about using them all together, so I'm a bit confused now.

@jtoberon
Copy link

jtoberon commented Jan 28, 2019

@copumpkin the blog refers to ECS in EC2 mode. Apologies for the confusion. Currently, if you use Fargate with ECR PrivateLink, then pulls will fail. When Fargate works for all Platform Versions, then we will close this issue.

@copumpkin
Copy link

copumpkin commented Jan 28, 2019 via email

@angusfz
Copy link

angusfz commented Jan 28, 2019

Just try to use Fargate with ECR Privatelink but task start fail with error CannotPullContainerError: inactivity time exceeded timeout

@jtoberon
Copy link

@angusfz

Just try to use Fargate with ECR Privatelink but task start fail with error CannotPullContainerError: inactivity time exceeded timeout

@angusfz Please see the information provided above: "Currently, if you use Fargate with ECR PrivateLink, then pulls will fail. When Fargate works for all Platform Versions, then we will close this issue."

@jtoberon
Copy link

jtoberon commented Feb 5, 2019

Yes, this is fully solved now.

@jtoberon jtoberon closed this as completed Feb 5, 2019
@RyPeck
Copy link

RyPeck commented Feb 6, 2019

ECR FAQs should be updated to reflect this great new feature.

Q: Can I access Amazon ECR inside a VPC?
To use Amazon ECR within a VPC, your instances must be able to communicate with the Internet. You can do this with Amazon VPC NAT Gateway.
https://aws.amazon.com/ecr/faqs/

@jtoberon
Copy link

jtoberon commented Feb 6, 2019

ECR FAQs should be updated to reflect this great new feature.

Q: Can I access Amazon ECR inside a VPC?
To use Amazon ECR within a VPC, your instances must be able to communicate with the Internet. You can do this with Amazon VPC NAT Gateway.
https://aws.amazon.com/ecr/faqs/

Nice catch. Thank you!

@angusfz
Copy link

angusfz commented Feb 11, 2019

Yes, this is fully solved now.

@jtoberon Does this mean Fargate can work with PrivateLink ?

@jtoberon
Copy link

Yes.

@ronkorving
Copy link

@jtoberon
So why does https://aws.amazon.com/about-aws/whats-new/2019/01/aws-fargate--amazon-ecs--and-amazon-ecr-now-have-support-for-aws/ mention that @gilinachum linked to say AWS Fargate support for PrivateLink will be available soon.? I'm confused :)

@Sodki
Copy link

Sodki commented Feb 12, 2019

@ronkorving At the time it was going to come soon, but now it's here.

@ronkorving
Copy link

ronkorving commented Feb 12, 2019

Awesome, thanks! :) That was very soon then :)

@frumania
Copy link

Is the ECR PrivateLink now also supported via EKS?

@christopherhein
Copy link

Is the ECR PrivateLink now also supported via EKS?

@frumania not yet, there are changes that need to be made in https://github.com/kubernetes/kubernetes see kubernetes/kubernetes#73435 which merged it into master and there is a cherrypick kubernetes/kubernetes#73755 to add it into 1.13 once that is done we can cherrypick in into earlier versions

@tabern
Copy link
Contributor

tabern commented Jun 19, 2019

@frumania with Kubernetes version 1.13, ECR PrivateLink is now supported via EKS. #30 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ECR Amazon Elastic Container Registry
Projects
None yet
Development

No branches or pull requests