Downloading ECR images with nerdctl

With Docker Desktop changing their licencing many folks are in need of a replacement. Nerdctl is worthy of this, combined with Lima it provides a Docker like CLI interface.

While the CLI interface mostly remains the same, a question that might arise is “How to I pull/push images from private repositories?”

Lima provides a linux virtual environment for nerdctl to run in. By introducing a $HOME/.docker/config.json authentication can occur as normal.

By default, Lima will mount your home folder to /Users/username while maintaining its own home folder at /home/username.linux, for ease of configuration a be symbolic linked can be created between the two:

osx $ lima
lima $ ln -s /Users/username/.docker $HOME/.docker
lima $ ln -s /Users/username/.aws $HOME/.aws

Doing this will make both your docker and AWS configurations available to nerdctl.

Assuming your docker configuration already contains a credHelpers:

  "credHelpers": {
    "": "ecr-login",
    "": "ecr-login"

All thats left is to download Amazon ECR Docker Credential Helper to somewhere on your $PATH within lima:

lima $ sudo wget -O /usr/bin/docker-credential-ecr-login 
lima $ sudo chmod 755 /usr/bin/docker-credential-ecr-login

You can now nerdctl image pull <private-ecr-image>.