Introducing ‘ECR Anywhere’: A New Tool for Simplifying Multi-Cloud Deployments
Eliminate the complexity of native registries for secure, seamless multi-cloud deployments.
ECR Anywhere for Cross-Cloud Container Flexibility
From vendor lock-in and security overhead to reduced agility, multi-cloud deployments present some sizeable hurdles. With a new cross-cloud solution, ECR Anywhere, developers can now eliminate the complexity of native registries, allowing for secure, seamless multi-cloud deployment of Docker images on any Kubernetes cluster.
Managing containerized applications across multiple cloud environments is notoriously tricky. Within their native platforms, container registries like AWS ECR, Google Cloud Container Registry, and Azure Container Registry integrate well, but external compatibility? Not so easy.
Each registry requires additional setup, configuration, and authentication when accessed from a different cloud, creating unnecessary vendor lock-in and hindering deployment flexibility.
That’s where ECR Anywhere comes in.
Designed by the CentML team, ECR provides a streamlined approach for securely hosting Docker images across cloud environments, keeping ECR at the heart of your Kubernetes deployments.
Access ECR Anywhere on GitHub →
Why We Built ECR Anywhere for Multi-Cloud Deployment
For the CentML Platform, which optimizes AI workflows and enables affordable deployment, supporting any Kubernetes cluster is essential.
At CentML, our team primarily relied on AWS ECR to host private Docker images. As we expanded into cross-cloud deployments, we needed a solution that would allow us to easily use ECR on any Kubernetes cluster, regardless of the cloud provider.
However, managing ECR credentials was challenging. They refresh every six hours to improve security, but this also complicates off-AWS deployments.
So, we created ECR Anywhere to simplify cross-cloud container hosting while preserving the security and convenience of ECR, no matter where your Kubernetes clusters reside.
Setting Up ECR Anywhere for Multi-Cloud Deployment
Using ECR Anywhere is straightforward:
Create IAM Role and Policy
First, set up credentials that can assume a role with the required permissions. For a specific repository, substitute * with the ARN of your repository, or add more statements for multiple repositories.
Json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "*"
}
]
}
Configure Your Environment
With AWS credentials in place, use Helm to deploy ECR Anywhere or generate a Kubernetes manifest. We recommend setting up long-lived credentials using AWS OIDC and Spiffe for secure, scalable access. Reference AWS SDK Environment Variables to configure these.
Yaml pod: container: env: - name: AWS_ACCESS_KEY_ID value: "EXAMPLE" - name: AWS_SECRET_ACCESS_KEY value: "EXAMPLE" - name: AWS_ROLE_ARN value: "ARN of role with ECR permissions" - name: AWS_REGION value: "us-east-1"
Deploy Using Helm
Deploy ECR Anywhere with Helm:
bash helm repo add ecr-anywhere https://centml.github.io/ecr-anywhere helm repo update helm install ecr-anywhere ecr-anywhere/ecr-anywhere -f values.yaml
Test Your Multi-Cloud Deployment
Once deployed, create a namespace with the label ecr-anywhere.centml.ai/namespace: “enabled”, followed by a secret with the label ecr-anywhere.centml.ai/managed: “true”. The secret’s content will be automatically managed by the mutating webhook.
Simplify Cross-Cloud Container Management with ECR Anywhere
ECR Anywhere makes it easier than ever to run applications across multiple cloud environments without compromising security or flexibility.
By reducing the friction of credential management, ECR helps you get more from Kubernetes and Docker in a multi-cloud world.
As always, we’d love to hear all about your deployments!
Here’s to AI for all 🦾
Looking for superior, affordable AI deployment? Try the CentML Platform and get $10 in free credits (worth 4 million tokens on Llama 3.1 405B).
Share this
