Expand description
AWS ECR URI recognition + translation to the local fakecloud OCI v2 endpoint.
Shared between ECS and Lambda container runtimes: when a task definition
or Lambda function references <account>.dkr.ecr.<region>.amazonaws.com/<repo>:<tag>,
fakecloud can’t pull from AWS — there is no AWS account. Instead we
translate the URI to 127.0.0.1:<server-port>/<repo>:<tag> and pull
from fakecloud’s own OCI v2 registry (which is just another route on
the same HTTP server). Docker treats 127.0.0.1:<port> as an insecure
registry automatically on both Linux and Docker Desktop, so no daemon
config is required.
Functions§
- is_
aws_ ecr_ uri - Detect whether
imageis an AWS private-ECR URI. Match shape:<any>.dkr.ecr.<any>.amazonaws.com/<path>[:<tag>|@sha256:<digest>]. The registry host is anchored so arbitrary-path substrings likedocker.io/user/.dkr.ecr.whatever.amazonaws.com/bardon’t get misclassified. - is_
digest_ ref - Is
imagea digest-pinned reference (repo@sha256:...)? Docker’stagsubcommand cannot target a digest ref, so the runtime must skip retagging and run the container under the local URI directly. - translate_
to_ local - If
imageis an AWS private-ECR URI, return the local-registry URI that fakecloud’s OCI v2 endpoint serves the same content at. ReturnsNonefor any other reference (public ECR, Docker Hub, etc.) — those go straight to the upstream daemon. - translate_
to_ local_ at - Like
translate_to_localbut lets the caller pick the host the rewritten URI should point at. Lambda’s Kubernetes backend needs this — inside a cluster, the in-cluster fakecloud Service hostname (not127.0.0.1) is the only address Lambda Pods can reach.