Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS ECR registry for BinderHub deployment #705

Open
nsriram13 opened this issue Oct 24, 2018 · 10 comments · May be fixed by #1055 or #1637
Open

AWS ECR registry for BinderHub deployment #705

nsriram13 opened this issue Oct 24, 2018 · 10 comments · May be fixed by #1055 or #1637

Comments

@nsriram13
Copy link

I am trying to use ECR as the docker image registry for a BinderHub deployment. I was looking at the different settings in the helm chart and I am not sure how they map from the GCR examples provided in the docs to ECR.

When explicitly pushing images to a registry, this is the command I use for ECR:

docker push 1234567890.dkr.ecr.region.amazonaws.com/repo:tag

How to translate this into the various components requested in the values file. Specifically the following in the values that are being set in configmap.yaml.

registry:
  enabled: true
  prefix: binderhub-local/
  host: https://gcr.io
  authHost:
  authTokenUrl: https://gcr.io/v2/token?service=gcr.io
  username: _json_key
  password:

For authentication, the nodes in our Kubernetes cluster are allowed to pull from ECR as they have IAM roles configured. Can I leave the authentication options blank here.

Really appreciate the guidance.

@quazzuk
Copy link

quazzuk commented Nov 21, 2018

I’m unable to reverse engineer the various config settings for ECR using the provided documentation.

Anyone know the answer to the above?

@betatim
Copy link
Member

betatim commented Nov 22, 2018

The BinderHub team itself doesn't have much experience with AWS as the deployment we run (mybinder.org) is on GCE. Maybe post this question to http://discourse.jupyter.org/ as well in the hopes that someone who has deployed a BinderHub on AWS (or has experience with AWS) sees it.

If there is an answer or you manage to work it out it would be great to add to the documentation so that others can find it more easily. Maybe instead of starting with a complete guide just documenting how to do this would be a way to kickstart the writing of docs on deploying BinderHub on cloud hosters that aren't GCE.

@chicocvenancio
Copy link
Contributor

I have managed to get BinderHub to successfully use ECR as a Docker Registry. There are two "core" issues and some overriding of DockerRegistry methods.

  1. We need to import boto3. (currently we can do this in a new image or in a postStart Lifecycle hook, as I have been doing for development).
  2. There is no way to override the DockerRegistry class in JupyterHub as is. ( I think we should allow for custom classes to be configured by the user).
  3. There are two Gotchas with ECR that need handling in overriden methods: passwords are valid for 12 hours and repositories need to be created before pushing the first image through repo2docker. I managed to do both by using boto3 to get the password and create the repos as needed and kubernetes to set the password in the push_secret secret to allow use by repo2docker in the build pod.

@betatim
Copy link
Member

betatim commented Aug 8, 2019

Adding a AWSDockerRegistry class and making it possible to choose from the helm chart would be a good addition. I think we could add boto3 as a dependency (or is it huuuge?), probably not worth making some conditional import thing.

It is probably also worth adding some documentation how to map from AWS instructions/lingo to what BinderHub uses.

Would be great to have support for BinderHub-on-AWS with all the bells and whistles.

@chicocvenancio
Copy link
Contributor

boto3 itself is only a 128KB wheel. Botocore is a requirement that adds some 5.6MB. With all requirements added by boto3 it should come to 6.5MB. I'll clean up my code and commit in that PR so we can discuss.

@ivan-gomes
Copy link
Contributor

We could really benefit from having ECR support added. PR #920 should satisfy it. Anything else necessary to get it rolled in @betatim?

@ivan-gomes ivan-gomes linked a pull request Feb 9, 2020 that will close this issue
@btjones-me
Copy link

Hi folks, are we still planning on resolving this one? I notice most of the work is completed, would love to see ECR integrated

@oyamin
Copy link

oyamin commented Dec 15, 2021

Any updates when ECR integration will be available?

@yuvipanda
Copy link
Collaborator

@manics does this work now, given we have a mybinder.org federation member on AWS?

@manics
Copy link
Member

manics commented Mar 1, 2024

Yes! It requires https://github.com/manics/binderhub-container-registry-helper to be deployed. This increases the deployment complexity, but avoids needing vendor specific requirements and code in BinderHub, simplifying maintenance and testing.

Though you've reminded me I need to revisit
#1637
which acts as the interface between BinderHub and binderhub-container-registry-helper
Currently the registry class is extended in the mybinder.org extra config

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
9 participants