[英]ECS - Container cannot pull public image from Docker Hub
使用公共存储库 Docker Hub 在 ECS 集群中部署任务时,任务总是因任务容器中的此错误而停止:
Stopped reason
Cannotpullcontainererror:
pull image manifest has been retried 5 time(s):
failed to resolve ref docker.io/username/repo:
failed to do request:
Head "https://registry-1.docker.io/v2/username/repo/manifests/latest":
dial tcp 44.205.64.79:443: i/o timeout
这是我的任务定义:
{
"taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:...:task-definition/taskname_task:6",
"containerDefinitions": [
{
"name": "containername_container",
"image": "username/repo",
"cpu": 0,
"links": [],
"portMappings": [
{
"name": "containername_container-8888-tcp",
"containerPort": 8888,
"hostPort": 8888,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/taskname_task",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "taskname_task",
"taskRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 6,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.extensible-ephemeral-storage"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "2048",
"ephemeralStorage": {
"sizeInGiB": 21
},
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "...",
"registeredBy": "arn:aws:iam::...:root",
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
},
{
"key": "ecs:taskDefinition:stackId",
"value": "arn:aws:cloudformation:ap-southeast-1:...:stack/ECS-Console-V2-TaskDefinition-.../..."
}
]
}
我也是 ECS 和 AWS 的新手。 我在上面的任务容器的错误中尝试了请求https://registry-1.docker.io/v2/username/repo/manifests/latest
并收到了这个:
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"username/repo","Action":"pull"}]}]}
是关于配置的请求 docker.io 吗? 我做了很多研究,但没有弄清楚任何事情。
您可以在Amazon ECS Tasks
中使用Dockerhub
图像
Dockerhub
映像的格式为[registry-url]/[namespace]/[image]:[tag]
,您不需要registry-url
用于Dockerhub
,因为如果未指定,则 docker 客户端假定为Dockerhub
或者,除了 Dockerhub 之外, ECR public上还应该有Docker
官方镜像,这样您就可以从 ECS 任务中引用 ECR 公共存储库
经过多次尝试,我通过将App 环境从FARGATE更改为EC2并将网络模式从awsvpc 更改为bridge解决了这个问题。 虽然这不是我开始使用FARGATE的意图,但它也解决了问题。
而且我仍然不知道问题是什么,为什么以及如何引起和解决的。 帮我知道。
这是我在EC2中的任务定义:
{
"taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:...:task-definition/taskname_task:16",
"containerDefinitions": [
{
"name": "containername_container",
"image": "username/repo",
"cpu": 0,
"links": [
"aws-otel-collector"
],
"portMappings": [
{
"name": "containername_container-8888-tcp",
"containerPort": 8888,
"hostPort": 8888,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/taskname_task",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "taskname_task",
"executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"networkMode": "bridge",
"revision": 16,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2"
],
"requiresCompatibilities": [
"EC2"
],
"cpu": "1024",
"memory": "922",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "...",
"registeredBy": "arn:aws:iam::...:root",
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
},
{
"key": "ecs:taskDefinition:stackId",
"value": "arn:aws:cloudformation:ap-southeast-1:...:stack/ECS-Console-V2-TaskDefinition-.../..."
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.