可以将Dockerimages推到ECR

发布于 01-23 17:32 字数 1719 浏览 3 评论 0原文

我将本地码头图推到我的私人ECR时会遇到错误：我的IAM用户具有Amazonec2Containerrigistryfullaccess的权利和我的EC2。

$ aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin xx.dkr.ecr.eu-central-1.amazonaws.com
...    
Login Succeeded


$ aws ecr describe-repositories
{
    "repositories": [
        {
            "repositoryUri": "xx.dkr.ecr.eu-central-1.amazonaws.com/my_repo",
            "imageScanningConfiguration": {
                "scanOnPush": false
            },
            "encryptionConfiguration": {
                "encryptionType": "AES256"
            },
            "registryId": "xx",
            "imageTagMutability": "MUTABLE",
            "repositoryArn": "arn:aws:ecr:eu-central-1:xx:repository/my_repo",
            "repositoryName": "my_repo",
            "createdAt": 1650817284.0
        }
    ]
}

$ docker pull hello-world
$ docker tag hello-world:latest xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
$ docker images
REPOSITORY                                                    TAG       IMAGE ID       CREATED        SIZE
xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world   latest    feb5d9fea6a5   7 months ago   13.3kB
hello-world                                                   latest    feb5d9fea6a5   7 months ago   13.3kB

现在，我会在推动图像时得到错误：

$ docker push xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
The push refers to repository [xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world]
e07ee1baac5f: Retrying in 1 second
EOF

有什么建议吗？来自 https://stackoverflow.com/a/70453287/10243980 from-href =“

非常感谢

原文

I get an error on push my local Dockerimage to my private ECR:
My IAM-User has AmazonEC2ContainerRegistryFullAccess rights and my EC2 too.

$ aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin xx.dkr.ecr.eu-central-1.amazonaws.com
...    
Login Succeeded


$ aws ecr describe-repositories
{
    "repositories": [
        {
            "repositoryUri": "xx.dkr.ecr.eu-central-1.amazonaws.com/my_repo",
            "imageScanningConfiguration": {
                "scanOnPush": false
            },
            "encryptionConfiguration": {
                "encryptionType": "AES256"
            },
            "registryId": "xx",
            "imageTagMutability": "MUTABLE",
            "repositoryArn": "arn:aws:ecr:eu-central-1:xx:repository/my_repo",
            "repositoryName": "my_repo",
            "createdAt": 1650817284.0
        }
    ]
}

$ docker pull hello-world
$ docker tag hello-world:latest xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
$ docker images
REPOSITORY                                                    TAG       IMAGE ID       CREATED        SIZE
xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world   latest    feb5d9fea6a5   7 months ago   13.3kB
hello-world                                                   latest    feb5d9fea6a5   7 months ago   13.3kB

and now i get the error on push my image:

$ docker push xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
The push refers to repository [xx.dkr.ecr.eu-central-1.amazonaws.com/hello-world]
e07ee1baac5f: Retrying in 1 second
EOF

Any suggestions?
The profile-trick from https://stackoverflow.com/a/70453287/10243980 works NOT.

Many thanks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

℡Ms空城旧梦 2025-01-30 17:32:26

您需要使用名称Hello-World创建一个存储库。在推动docker a docker图像 ECR文档。

回复收藏 0 原文

世界等同你 2025-01-30 17:32:26

我的工作示例之一是

aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.eu-central-1.amazonaws.com
docker build -t dolibarr .
docker tag dolibarr:latest 123456789012.dkr.ecr.eu-central-1.amazonaws.com/dolibarr:latest
docker push 123456789012.dkr.ecr.eu-central-1.amazonaws.com/dolibarr:latest

与您的命令相比，它看起来非常相似。因此，现在，请检查您的用户是否能够推到存储库本身（ECR：CutImage）。这可能是主要问题。

找到更多帮助的一个很好的解决方案是以下将图像推向ECR，“在...秒内重试”

我正在使用的Docker Image角色的政策是以下（Terraform样式）：

{
  Action = [
    "ecr:BatchCheckLayerAvailability",
    "ecr:CompleteLayerUpload",
    "ecr:GetAuthorizationToken",
    "ecr:InitiateLayerUpload",
    "ecr:PutImage",
    "ecr:UploadLayerPart",
  ]
  Effect   = "Allow"
  Resource = "*"
}

尝试调整您的策略并删除“主要”条目。这不是必需的。

另一个可能的原因与该政策无关：
您使用一些本地代理吗？我遇到了一些用于所有公共端点的代理服务器（例如ECR，S3等）的问题。我禁用用于这些域而使用（取决于使用VPN或类似的内容）。

One of my working example is the following

aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.eu-central-1.amazonaws.com
docker build -t dolibarr .
docker tag dolibarr:latest 123456789012.dkr.ecr.eu-central-1.amazonaws.com/dolibarr:latest
docker push 123456789012.dkr.ecr.eu-central-1.amazonaws.com/dolibarr:latest

Compared to your commands, it looks very similar. So now, please check, if your user is able to push to the repository itself (ecr:PutImage). Probably this is the main issue.

A good solution to find more help is the following Pushing an image to ECR, getting "Retrying in ... seconds"

My policy for my Docker image role, I am using, is the following (terraform style):

{
  Action = [
    "ecr:BatchCheckLayerAvailability",
    "ecr:CompleteLayerUpload",
    "ecr:GetAuthorizationToken",
    "ecr:InitiateLayerUpload",
    "ecr:PutImage",
    "ecr:UploadLayerPart",
  ]
  Effect   = "Allow"
  Resource = "*"
}

Try to adjust your policy and remove the "Principal" entry. This is not necessary.

Another possible reason could has nothing to do with the policy:
Do you use some local proxy? I experienced some issues with using Proxy Servers for all public endpoints, like ECR, S3, etc. I disabled to use for those domains and it worked (depends on using VPN, or something similar).

回复收藏 0 原文

一向肩并 2025-01-30 17:32:26

我只是为此而苦苦挣扎，因此将提供我所有的步骤。注意最重要的步骤是下面的＃4-存储库的初始创建。

# 1. build your image
# docker build -t [ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG] .
docker build -t your-docker-image:latest .

# 2. tag your image with ECR repository details
# docker tag [ECR_REPOSITORY_NAME]:latest AWS_ACCOUNT_ID.dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG]
docker tag your-docker-image:latest 123456789.dkr.ecr.us-east-1.amazonaws.com/your-docker-image:latest

# 3. authenticate with ECR
# aws ecr get-login-password --region [AWS_REGION] | docker login --username AWS --password-stdin [AWS_ACCOUNT_ID].dkr.ecr.[AWS_REGION].amazonaws.com
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com

# 4.
# aws ecr create-repository --repository-name [ECR_REPOSITORY_NAME]
aws ecr create-repository --repository-name your-docker-image

# 5.
# docker push [AWS_ACCOUNT_ID].dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG]
docker push 123456789.dkr.ecr.us-east-1.amazonaws.com/your-docker-image:latest

注意：上面的步骤4是我误解/错过的重要步骤。它导致Docker等的错误错误在11秒内重试重试

I've just struggled with this one so will provide all of my steps. Note the most important step is #4 below - initial creation of the repository.

# 1. build your image
# docker build -t [ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG] .
docker build -t your-docker-image:latest .

# 2. tag your image with ECR repository details
# docker tag [ECR_REPOSITORY_NAME]:latest AWS_ACCOUNT_ID.dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG]
docker tag your-docker-image:latest 123456789.dkr.ecr.us-east-1.amazonaws.com/your-docker-image:latest

# 3. authenticate with ECR
# aws ecr get-login-password --region [AWS_REGION] | docker login --username AWS --password-stdin [AWS_ACCOUNT_ID].dkr.ecr.[AWS_REGION].amazonaws.com
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com

# 4.
# aws ecr create-repository --repository-name [ECR_REPOSITORY_NAME]
aws ecr create-repository --repository-name your-docker-image

# 5.
# docker push [AWS_ACCOUNT_ID].dkr.ecr.[AWS_REGION].amazonaws.com/[ECR_REPOSITORY_NAME]:[DOCKER_IMAGE_TAG]
docker push 123456789.dkr.ecr.us-east-1.amazonaws.com/your-docker-image:latest

Note: Step 4 above is the important step which I'd misunderstood/missed. It results in a very unclear error from docker etc Retrying in 11 seconds

回复收藏 0 原文

~没有更多了~