如何使用AWS Batch从私有仓库拉取Docker镜像?

huangapple go评论87阅读模式
英文:

How to pull Docker image from a private repository using AWS Batch?

问题

我正在使用AWS Batch,我的Docker镜像托管在私有的Nexus仓库上。我试图创建作业定义,但我找不到任何地方如何指定仓库凭据,就像我们在ECS的任务定义中所做的那样。

我尝试手动在JSON中指定它,如下所示:

{
    "command": ["aws", "s3", "ls"],
    "image": "nexus-docker-repo.xxxxx.xxx/my-image",
    "memory": 1024,
    "vcpus": 1,
    "repositoryCredentials": {
        "credentialsParameter": "ARN_OF_CREDENTIALS"
    },
    "jobRoleArn" : "ARN_OF_THE_JOB"
}

但是当我应用更改时,credentialsParameter参数被删除了。我认为它不受支持。

那么如何从私有仓库中使用AWS Batch拉取镜像?是否可能?

谢谢。

英文:

I'm using AWS Batch and my Docker image is hosted on private Nexus repo. I'm trying to create the Job Definition but i can't find anywere how to specify the Repo Credentials like we did with a Task Definition in ECS.

I tried to manually specify it in the Json like that :

{
"command": ["aws", "s3", "ls"],
"image": "nexus-docker-repo.xxxxx.xxx/my-image",
"memory": 1024,
"vcpus": 1,
"repositoryCredentials": {
"credentialsParameter": "ARN_OF_CREDENTIALS"
},
"jobRoleArn" : "ARN_OF_THE_JOB"
}

But when i apply the changes the parameter credentialsParameter was removed . I think that it's not supported.

So how to pull an image from a private repo with AWS Batch ? Is it possible ?

Thank you.

答案1

得分: 4

我在批处理作业定义中也没有看到repositoryCredentials选项。一个安全的选项可能是:

  1. 生成docker登录的config.json文件。
  2. 将该文件放在S3中。
  3. 生成一个具有对该文件访问权限的IAM角色。
  4. 创建一个计算环境,其中包括启动模板和用户数据以下载config.json文件。
  5. 使用该计算环境运行作业。
英文:

I do not see the option repositoryCredentials either in the batch job definition.

A secure option could be

  1. Generate the config.json for docker login
  2. Place that file in s3
  3. Generate an IAM role that has access to that file.
  4. Create a compute environment with a
    Launch Template and user data to download the config.json
  5. Run the jobs with that compute environment.

答案2

得分: 0

我成功地通过修改文件/etc/ecs/ecs.config来实现这一点。

如果该文件不存在,您需要创建它。

然后,我必须在该文件中添加以下两行:

ECS_ENGINE_AUTH_TYPE=docker
ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"admin","password":"admin","email":"admin@example.com"}}

然后,我必须重新启动ECS代理:

sudo systemctl restart ecs ## 适用于Amazon ECS-optimized Amazon Linux 2 AMI
或者
sudo stop ecs && sudo start ecs ## 适用于Amazon ECS-optimized Amazon Linux AMI
英文:

Ok i was able to do it by modifying the file /etc/ecs/ecs.config

If the file is not there you have to create it.

Then I had to add these 2 lines in that file :

ECS_ENGINE_AUTH_TYPE=docker
ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"admin","password":"admin","email":"admin@example.com "}}

Then i had to restart the ECS agent :

sudo systemctl restart ecs ## for the Amazon ECS-optimized Amazon Linux 2 AMI
Or
sudo stop ecs && sudo start ecs ## for For the Amazon ECS-optimized Amazon Linux AMI

huangapple
  • 本文由 发表于 2020年1月3日 20:11:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/59578419.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定