Publish Harness containers in ECR public | Feature Requests | harness

Publish Harness containers in ECR public

complete

Historic Scallop

Currently Harness publishes to GCR but not to AWS's public ECR.

Harness should also publish the images to ECR since i'm certain most users leverage AWS for their builds and deploys. Getting rate limited on Dockerhub is a pain.

October 13, 2023

Canny AI

Merged in a post:

Consistency of Containers across Supported Registries ( ECR and GCR)

Ecru Alligator

We would like to see all Harness published images in Docker to be cross published into ECR and GCR to help with docker rate limits.

November 1, 2024

Ecru Alligator

As an example, all images under HarnessDev, but as a part of a general guideline, we'd like to see the images consistent in the other repos

Rohan Gupta

For which images Ecru Alligator, which customers are driving this request can you provide some data points?

Pranav Rastogi

marked this post as

complete

Pranav Rastogi

Historic Scallop our plans to push to GCR/ DockerHub only. Customers can pull these images and push them to their private registry/ ECR.

https://developer.harness.io/docs/platform/connectors/artifact-repositories/connect-to-harness-container-image-registry-using-docker-connector/#pull-harness-images-from-a-private-registry

Rohan Gupta

marked this post as

under review

Reviewing feedback with the respective PM owner.

Rohan Gupta

marked this post as

pending feedback

Rohan Gupta

Hi Historic Scallop can you elaborate?

Are you talking about the Harness Plugin Steps and their respective images? Or the Harness Images for CI? Or the Harness Deployment steps like AWS SAM for CD?

Historic Scallop

Rohan Gupta: The error that we hit was this one: 
Failed to pull image "harness/ci-addon:1.16.26": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/harness/ci-addon:1.16.26": failed to copy: httpReadSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/harness/ci-addon/manifests/sha256:ad8fb0c057aa8efeb4a9a046e4637ee920f122ac1e8621418b8ba6d2a21c3dad: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
A work-around we used was enabling a user account to increase the rate limit to Dockerhub calls. However, we only have a handful of projects currently in Harness. My fear is that as we work to migrate the rest of our services, and bring on new services that we will quickly overwhelm the system. 
In the Harness documents, it mentions the following options: 
https://developer.harness.io/docs/continuous-integration/use-ci/set-up-build-infrastructure/harness-ci/#i-dont-want-to-pull-images-from-a-public-registry
The first option we already did. 
The second option listed is pulling from Google GCR but it looks like GCR has changed/updated and I'm not certain how to set that up. 
The third option isn't a good option for us. 
Instead, i'm proposing that when Harness builds these connectors, they should be distributed to other public Docker registries. Specifically the AWS Public ECR which would benefit anyone building on AWS. 
To further answer your question, I'm unsure of other images that would need to be pulled in order to keep things running smoothly. However, I would imagine we'd want the same setup for all images that get pulled as a part of a build/deploy. 
Thank you.