[英]Elastic Beanstalk Docker private registry with docker-compose
I have a Docker image from a private registry that is used for a team project.我有一个来自用于团队项目的私有注册表的 Docker 映像。
A Docker-compose.yml is git-cloned by each team member to allow for ready-to-go config of volume, env and ports for the container. Docker-compose.yml 由每个团队成员 git 克隆,以允许容器的卷、环境和端口的随时可用的配置。
version: '3'
services:
webApp:
image: my-private-registry/docker-app:latest
ports:
- 80:80
volumes:
- vendors:/var/www/app/vendor
- ./var/logs/apache2:/var/log/apache2
volumes:
vendors:
Now I wish to deploy that image/compose-file project to AWS Elastic Beanstalk, but the platform can not access the private Docker registry using the docker-compose file ( image may require docker login error)现在我希望将该图像/撰写文件项目部署到 AWS Elastic Beanstalk,但该平台无法使用 docker-compose 文件访问私有 Docker 注册表(图像可能需要 Z05B6053C41A2130AFD6登录错误)
Some info of what I've tried and noted so far :到目前为止我已经尝试和注意到的一些信息:
A] If the image is public the docker-compose file ( which I just upload using the web console so far) does work, the image is pulled, a container is created and the app runs fine. A] 如果图像是公开的,则 docker-compose 文件(到目前为止,我只是使用 web 控制台上传)确实有效,图像被提取,容器被创建并且应用程序运行良好。
However if the image is private, it can not gain access, even after following the AWS instructions here .但是,如果图像是私有的,则即使按照此处的 AWS 说明进行操作,也无法获得访问权限。
{
"AWSEBDockerrunVersion": "1",
"Authentication": {
"bucket": "my-s3-bucket",
"key": "config.json"
},
}
and by reading the eb-engine.log, I can see that the first docker-compose pull
works fine but then later on the final docker-compose up
fails - triggering the error, as if the auth were lost along the way.通过阅读 eb-engine.log,我可以看到第一个
docker-compose pull
工作正常,但后来最终docker-compose up
失败 - 触发错误,好像身份验证在此过程中丢失了。
I know the docker-compose pull works because setting wrong auth in the config.json on the S3 Bucket triggers an error.我知道 docker-compose pull有效,因为在 S3 Bucket 上的 config.json 中设置错误的身份验证会触发错误。
B] The auth and config works perfectly with a private docker image if I only use Dockerrun.aws.json
instead of the docker-compose
file. B] 如果我只使用
Dockerrun.aws.json
而不是docker-compose
文件,则身份验证和配置与私有 docker 映像完美配合。
{
"AWSEBDockerrunVersion": "1",
"Authentication": {
"bucket": "my-s3-bucket",
"key": "config.json"
},
"Ports": [
{
"ContainerPort": 80,
"HostPort": 80
}
],
"Image": {
"Name": "my-private-registry/docker-app:latest",
"Update": "true"
},
"Volumes" : [
{
"HostDirectory":"/var/app/current/var/logs/apache2",
"ContainerDirectory":"/var/log/apache2"
},
]
}
which is alright for testing purpose but forces us to depulicate any changes from docker-compose to it - since the compose file is used accross other non-AWS environnement, and will be less than ideal in the long run.这对于测试目的来说是可以的,但会迫使我们删除从 docker-compose 到它的任何更改 - 因为 compose 文件在其他非 AWS 环境中使用,并且从长远来看将不太理想。
What am I missing?我错过了什么? Is there a mismatch in the config of my env with the docker-compose?
我的环境配置是否与 docker-compose 不匹配?
Thanks谢谢
Update 1 By usins sudo watch -n 1 -d cat /root/.docker/config.json
更新 1通过使用
sudo watch -n 1 -d cat /root/.docker/config.json
I've been able to see that during the docker-compose pull
the auth are present but as soon as the CleanEbExtensions
is launched, they're gone.我已经看到在
docker-compose pull
期间存在身份验证,但是一旦启动CleanEbExtensions
,它们就消失了。
And this command is launched BEFORE dockler-compose is executed - and a docker-compose down --rmi all
is executed in-between, nullifying the pull.并且此命令在执行 docker-compose 之前启动 - 并且
docker-compose down --rmi all
在两者之间执行,使拉取无效。
How come?怎么来的?
UPDATE更新
Turns out it was an AWS Bug.原来这是一个 AWS 错误。 I've detailled step for a workaround in my answer below.
我在下面的答案中详细介绍了解决方法的步骤。
Well turns out it was a bug on AWS side .事实证明这是AWS 方面的一个错误。 I've found a very similar question
我发现了一个非常相似的问题
AWS EB docker-compose deployment from private registry access forbidden AWS EB docker-compose 部署从私有注册表访问被禁止
the current solution was to employ the deploy hooks instead to either login do docker or copy the authfile.当前的解决方案是使用部署挂钩代替登录执行 docker 或复制 authfile。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.