OPeNDAP ECR Maintenance tasks

[jgallagher59701]

1. Do we want to keep the ECR thing in our AWS account?
2. What should we do with the compromised Docker images?
3. Should we manage our Docker hub account in some different way going forward? If so how?
4. Should we develop a scheme for automatic tags in our Docker Hub that will remove old, unreleased images?

[ndp-opendap]

My two bits:

1. Unless it ends up playing a role in 3 or 4 I think it should go away.
2. I think delete them - they predate the time when we started recording the deployment information for NGAP PROD. And everything we've packaged for NGAP (Bamboo Application Build activity) is still, afaik, living in our NGAP ECR.
3. Yes. Maybe craft ejection rule that can be written into code and run on a clock?
4. Seems like part of 3 - do we use special tags for things to keep? Tags are just that - the same image can have many tags, but the tags are not linked. Using a "special" tag to prevent image/layer ejection can be done easily enough - but when do we make them? Not at the time of image creation I think but afterward, at some point in time we tag it as "special" and then even if we delete the original tag, the special tag will contain refs to the same layer "blobs" so they will persist? And do we have to commit to tagging images special in a certain time frame after their creation but before some time based ejection policy causes them to be removed?
   N