堆棧內存溢出
  簡體   English   中英

ECS - 容器無法從 Docker Hub 拉取公共鏡像

[英]ECS - Container cannot pull public image from Docker Hub

 原文  2022-12-22 23:00:24       amazon-web-services/ docker/ amazon-ecs/ dockerhub

問題描述

使用公共存儲庫 Docker Hub 在 ECS 集群中部署任務時,任務總是因任務容器中的此錯誤而停止:

Stopped reason
Cannotpullcontainererror: 
    pull image manifest has been retried 5 time(s): 
        failed to resolve ref docker.io/username/repo: 
            failed to do request: 
                Head "https://registry-1.docker.io/v2/username/repo/manifests/latest": 
                    dial tcp 44.205.64.79:443: i/o timeout

這是我的任務定義:

{
    "taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:...:task-definition/taskname_task:6",
    "containerDefinitions": [
        {
            "name": "containername_container",
            "image": "username/repo",
            "cpu": 0,
            "links": [],
            "portMappings": [
                {
                    "name": "containername_container-8888-tcp",
                    "containerPort": 8888,
                    "hostPort": 8888,
                    "protocol": "tcp",
                    "appProtocol": "http"
                }
            ],
            "essential": true,
            "entryPoint": [],
            "command": [],
            "environment": [],
            "environmentFiles": [],
            "mountPoints": [],
            "volumesFrom": [],
            "secrets": [],
            "dnsServers": [],
            "dnsSearchDomains": [],
            "extraHosts": [],
            "dockerSecurityOptions": [],
            "dockerLabels": {},
            "ulimits": [],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/taskname_task",
                    "awslogs-region": "ap-southeast-1",
                    "awslogs-stream-prefix": "ecs"
                },
                "secretOptions": []
            },
            "systemControls": []
        }
    ],
    "family": "taskname_task",
    "taskRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
    "executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
    "networkMode": "awsvpc",
    "revision": 6,
    "volumes": [],
    "status": "ACTIVE",
    "requiresAttributes": [
        {
            "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
        },
        {
            "name": "ecs.capability.execution-role-awslogs"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
        },
        {
            "name": "com.amazonaws.ecs.capability.task-iam-role"
        },
        {
            "name": "ecs.capability.extensible-ephemeral-storage"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
        },
        {
            "name": "ecs.capability.task-eni"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
        }
    ],
    "placementConstraints": [],
    "compatibilities": [
        "EC2",
        "FARGATE"
    ],
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "1024",
    "memory": "2048",
    "ephemeralStorage": {
        "sizeInGiB": 21
    },
    "runtimePlatform": {
        "cpuArchitecture": "X86_64",
        "operatingSystemFamily": "LINUX"
    },
    "registeredAt": "...",
    "registeredBy": "arn:aws:iam::...:root",
    "tags": [
        {
            "key": "ecs:taskDefinition:createdFrom",
            "value": "ecs-console-v2"
        },
        {
            "key": "ecs:taskDefinition:stackId",
            "value": "arn:aws:cloudformation:ap-southeast-1:...:stack/ECS-Console-V2-TaskDefinition-.../..."
        }
    ]
}

我也是 ECS 和 AWS 的新手。 我在上面的任務容器的錯誤中嘗試了請求https://registry-1.docker.io/v2/username/repo/manifests/latest並收到了這個:

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"username/repo","Action":"pull"}]}]}

是關於配置的請求 docker.io 嗎? 我做了很多研究,但沒有弄清楚任何事情。

2 個解決方案

解決方案1
 0  2022-12-23 08:00:16

您可以在Amazon ECS Tasks中使用Dockerhub圖像
Dockerhub映像的格式為[registry-url]/[namespace]/[image]:[tag] ,您不需要registry-url用於Dockerhub ,因為如果未指定,則 docker 客戶端假定為Dockerhub
或者,除了 Dockerhub 之外, ECR public上還應該有Docker官方鏡像,這樣您就可以從 ECS 任務中引用 ECR 公共存儲庫

解決方案2
 0  2022-12-23 19:53:59

經過多次嘗試,我通過將App 環境FARGATE更改為EC2並將網絡模式awsvpc 更改bridge解決了這個問題。 雖然這不是我開始使用FARGATE的意圖,但它也解決了問題。

而且我仍然不知道問題是什么,為什么以及如何引起和解決的。 幫我知道。

這是我在EC2中的任務定義:

{
    "taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:...:task-definition/taskname_task:16",
    "containerDefinitions": [
        {
            "name": "containername_container",
            "image": "username/repo",
            "cpu": 0,
            "links": [
                "aws-otel-collector"
            ],
            "portMappings": [
                {
                    "name": "containername_container-8888-tcp",
                    "containerPort": 8888,
                    "hostPort": 8888,
                    "protocol": "tcp",
                    "appProtocol": "http"
                }
            ],
            "essential": true,
            "entryPoint": [],
            "command": [],
            "environment": [],
            "environmentFiles": [],
            "mountPoints": [],
            "volumesFrom": [],
            "secrets": [],
            "dnsServers": [],
            "dnsSearchDomains": [],
            "extraHosts": [],
            "dockerSecurityOptions": [],
            "dockerLabels": {},
            "ulimits": [],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/taskname_task",
                    "awslogs-region": "ap-southeast-1",
                    "awslogs-stream-prefix": "ecs"
                },
                "secretOptions": []
            },
            "systemControls": []
        }
    ],
    "family": "taskname_task",
    "executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
    "networkMode": "bridge",
    "revision": 16,
    "volumes": [],
    "status": "ACTIVE",
    "requiresAttributes": [
        {
            "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
        },
        {
            "name": "ecs.capability.execution-role-awslogs"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
        }
    ],
    "placementConstraints": [],
    "compatibilities": [
        "EC2"
    ],
    "requiresCompatibilities": [
        "EC2"
    ],
    "cpu": "1024",
    "memory": "922",
    "runtimePlatform": {
        "cpuArchitecture": "X86_64",
        "operatingSystemFamily": "LINUX"
    },
    "registeredAt": "...",
    "registeredBy": "arn:aws:iam::...:root",
    "tags": [
        {
            "key": "ecs:taskDefinition:createdFrom",
            "value": "ecs-console-v2"
        },
        {
            "key": "ecs:taskDefinition:stackId",
            "value": "arn:aws:cloudformation:ap-southeast-1:...:stack/ECS-Console-V2-TaskDefinition-.../..."
        }
    ]
}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 ECS 服務無法從 ECR 拉取 無法從 kubernetes pod 中的注冊表問題中提取圖像 驗證 Google Compute Engine (GCE) 以從 Google Container Registry (GCR) 中提取圖像 具有相同任務但不同docker鏡像的ECS更新服務 Amazon ECS 公共服務發現 AWS websocket 容器 cdk ecs 在 Amazon Linux 2 實例上的 ECS 任務中運行時,docker 容器中的 Bash 重定向失敗 GCP AI notebooks 實際使用什么 docker 鏡像? 無法從深度學習圖像裝載 Cloud Filestore 從谷歌雲計算中提取 docker 的權限被拒絕 如何從 Docker 容器內部連接到端點?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM