The platform has a predefined, default, tenant-wide Docker Registry service (docker-registry
)
that uses a pre-deployed, local, on-cluster Docker Registry. This on-cluster Docker Registry is supported
only for playground deployments: images are lost if the pod is restarted.
The default and the off-cluster Docker-registry services have default CPU and memory limits.
You can modify the
When deploying multiple systems to the same container registry, you can use different URLs, for example xyz.my-ecr.amazon.com/some-unique-name
.
This is recommended to avoid overriding the existing container images.
To define a Custom User Docker Registry:
my-ecr-address.ecr.com/my-igz-system-runtime
for the Custom User Docker Registrymy-ecr-address.ecr.com/my-igz-system
for the System Docker RegistryWhen creating an Elastic Container Registry
ecm.com
as the URL and leave the username and password blank. (EC2 instances are attached with roles allowing it to work with the ECR.)AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
have read/write access to ECR.
(This does not apply when running the Docker Registry on an EC2 instance with an attached role to push images to ECR.)The access keys or the EC2 IAM policy must have these permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:CreateRepository",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:GetDownloadUrlForLayer",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
],
"Resource": "*"
}
]
}
See more details in EKS and AWS Vanilla Kubernetes.