When deploying Seqera Enterprise in kubernetes, the images come from
cr.seqera.io
. Currently, if deploying to AWS EKS, it would be great to create a pull through cache for the Seqera Platform images. This avoids making Kubernetes pull directly from Seqera's proprietary container registry every time a pod is launched. It also avoids pulling over the public internet.
You can setup an ECR repository as a pull through cache. This allows customers to setup their credentials in the AWS account once (via AWS Secrets Manager) and now all images will be cached in the local ECR repository. AWS ECR only support pull through cache:
Amazon ECR currently supports creating pull through cache rules for the following upstream registries:
  • Amazon ECR Public, Kubernetes container image registry, and Quay (doesn't require authentication)
  • Docker Hub, Microsoft Azure Container Registry, GitHub Container Registry, and GitLab Container Registry (requires authentication with AWS Secrets Manager secret)
  • Amazon ECR (requires authentication with AWS IAM role)
It would be great if Seqera could also use a recognized container registry to host their images to allow common registry integrations.