Reputation: 2031
Fetching Concourse Docker resources from ECR
I'm trying to use a Docker resource that is stored in an AWS EC2 Container service repository (ECR). Config looks like:
- name: my-docker-resource
type: docker-image
source:
repository: account-id.dkr.ecr.eu-west-1.amazonaws.com/my-repo
tag: d196e5688d
aws_access_key_id: ((docker-aws-access-key-id))
aws_secrey_access_key: ((docker-aws-secret-access-key))
When I run a pipeline that does get on this resource, I see "no versions available".
I tried to verify that the credentials I'm using is allowed to access the repo:
$(aws ecr get-login --no-include-email --profile concourse)
You must specify a region. You can also configure your region by running "aws configure".
So question 1: How do I tell the resource which region to use? Does it guess from the repo URL? Providing the region seems to indicate credentials have enough privileges:
$(aws ecr get-login --no-include-email --profile concourse --region eu-west-1)
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
I then try to pull the repo. Works on my machine (tm). Pipeline still says "no versions available".
I read somewhere that custom repos need to explicitly state the port, so I also tried account-id.dkr.ecr.eu-west-1.amazonaws.com:5000, but to no avail. Using that in the tag also does not work at all locally.
Any pointers?
Upvotes: 3
Views: 2758
Answers (2)
Reputation: 2031
This is working now, although I couldn't really tell you what was the source of "not working" and "working". My current configuration:
- name: ecr-repository
type: docker-image
source:
repository: ((account_id)).dkr.ecr.eu-west-1.amazonaws.com/myapp
aws_access_key_id: ((aws_access_key_id))
aws_secret_access_key: ((aws_secret_access_key))
It's basically the same as I started with. Either I screwed up with credentials or some other context, or I was unlucky with my timing (with regards to the Docker resource image) as Phillip suggested.
Upvotes: 1
Reputation: 1548
Two things pop out:
- The concourse docker image resource has been through many changes, with some versions not working with ECR. The version of
docker-imagebundled with your concourse may be out of date. You can reference the latest version by declaring a custom resource type:
resource_types:
# Override the built-in docker-image to get a recent version
- name: latest-docker-image
type: docker-image
source:
repository: concourse/docker-image-resource
tag: latest
resources:
- name: my-docker-resource
type: latest-docker-image
- The port is required, and it's usually 443. Try:
- name: my-docker-resource
type: docker-image
source:
repository: account-id.dkr.ecr.eu-west-1.amazonaws.com:443/my-repo
tag: d196e5688d
aws_access_key_id: ((docker-aws-access-key-id))
aws_secrey_access_key: ((docker-aws-secret-access-key))
Upvotes: 1
Related Questions
- Building and pushing a docker image for a springboot application on ECR using concourse
- Concourse Tutorial : create resource config: base resource type not found: docker-image
- Running Docker on Docker in concourse
- Concourse cannot reach Docker registry
- How to use a local docker image as resource in concourse-docker
- Concourse CI: leverage docker image cache
- Concourse result keeps loading
- Concourse docker web component fails to run
- Use Concourse's docker resource to fetch containers to be used in a docker compose
- Reach one concourse task's container from another one