would like to know how to pull an image from an aws ecr repo while running a doker stack deploy cmd.
how do you translate the following param --with-registry-auth in the docker compose v3 file?
i’m able to create a service from the cmd line but i had no success with docker-compose v3.
eval $(aws ecr get-login --region us-east-1)
Flag --email has been deprecated, will be removed in 1.14.
ls -rlt config.json
-rw-------. 1 root root 1592 Jan 29 13:52 config.json
docker stack deploy -c test.yml QA_STATUS
We don’t parse the token in the yaml file. From my understanding of docker stack deploy the --compose-file option is to allow you to skip the step of having to create a bundle (dab) file. I could be misinterrupting what you’re asking, but it sounds like you want to bake the authentication for connecting to a private repo directly into the yaml file. To my knowledge that isn’t possible.
We are evaluating Docker for AWS as an alternative to our current deployment via EC2 Container Service. In ECS this is just automatic via Roles and Policies given to our InstanceProfile.
Initially before I tried the above workaround I attempted to add the ECR ReadOnly policy to the DockerForAWSProxy InstancePolicy from their CloudFormation. That didn’t work and I’m not entirely sure why. However I think that’s the best solution when you are using DockerForAWS + ECR.
Note there’s an issue with ERC + Docker Swarm thought. The token / password given to you when you run aws ecr get-login... is only good for 12 hours. So if Docker scheduling has to redeploy or replace, etc, etc your application after 12 hours it’ll likely fail to load.
So just keep in mind even though this works it probably not production viable. I’m going to did into seeing if there’s a way to assign the workers and manger of docker swarm access to ECR without having to provide credentials. I believe this is the way that ECS and EB work.