[英]Docker push to AWS ECR private repo failing with malformed JSON
I am trying out AWS ECR and pushing a new tag to our private repossitory.我正在试用 AWS ECR 并将新标签推送到我们的私有存储库。
it goes like this:它是这样的:
export DOCKER_REGISTRY=0123123123123.dkr.ecr.us-east-1.amazonaws.com
export TAG=0.1
docker build -t vendor/app-name .
`aws ecr get-login --region us-east-1`" # generates docker login
docker tag vendor/app-name $DOCKER_REGISTRY/vendor/app-name:$TAG
docker push $DOCKER_REGISTRY/vendor/app-name:$TAG
Login works, the tag is created and I see it with docker images
, but the push fails cryptically.登录有效,标签已创建,我看到它与
docker images
,但推送神秘地失败。
The push refers to a repository [0123123123123.dkr.ecr.us-east-1.amazonaws.com/vendor/app-name] (len: 2)
b1a1d76b9e52: Pushing [==================================================>] 32 B/32 B
Error parsing HTTP response: unexpected end of JSON input: ""
It very well might be a misconfiguration, but I can't figure out how to get more output out of it.很可能是配置错误,但我不知道如何从中获得更多 output 。 The command has no debug level options, there are no other logs and I can't intercept network traffic since it seems encrypted.
该命令没有调试级别选项,没有其他日志,而且我无法拦截网络流量,因为它似乎已加密。
Ran into the same issue.遇到了同样的问题。 For me, ensuring that the IAM user I was pushing as had the
ecr:BatchCheckLayerAvailability
permission cleared this up.对我来说,确保我推送的 IAM 用户拥有
ecr:BatchCheckLayerAvailability
权限清除了这一点。
I had originally intended to have a "push-only" policy and didn't realize this permission was required to push successfully.我原本打算采用“仅推送”策略,但没有意识到成功推送需要此权限。
Minimal policy you need:您需要的最低政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": "ecr:GetAuthorizationToken",
"Resource": "*"
},
{
"Sid": "",
"Effect": "Allow",
"Action": [
"ecr:UploadLayerPart",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:CompleteLayerUpload",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "arn:aws:ecr:<your region>:<your account id>:repository/<your repository name>"
}
]
}
In addition to @Ethan's answer: I tried to find minimal set of permissions which are needed to push a docker image to AWS registry.除了@Ethan 的回答:我试图找到将 docker 映像推送到 AWS 注册表所需的最小权限集。 As of today, the minimal set is:
截至今天,最小集合是:
{
"Sid": "PushToEcr",
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:CompleteLayerUpload",
"ecr:GetAuthorizationToken",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
],
"Resource": "*"
}
As far as I understood Resource
must be *
because some of those actions do not work otherwise.据我了解
Resource
必须是*
因为其中一些操作在其他情况下不起作用。 Improvements are welcome!欢迎改进!
If you have a virtual environment folder-mine was .venv
, try removing it.如果您有一个虚拟环境文件夹 - 我的文件夹是
.venv
,请尝试将其删除。 Build and push your image again.再次构建并推送您的图像。 That worked for me
这对我有用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.