我正在尝试执行Cloud Foundry CLI命令:cf push并让它从我们的aws ecr存储库中提取docker镜像。我一直收到此错误消息:
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized
我已经通过带有访问密钥ID和秘密访问密钥的aws configure命令登录到aws,并且我从'aws ecr get-login'命令获得了ecr登录。
我可以使用docker拉图像:
docker pull 1234567.dkr.ecr.us-east-1.amazonaws.com/repo/example:17.5.0-SNAPSHOT
所以我知道我有有效的证书。但是,这是尝试cf push命令时的错误:
CF_DOCKER_PASSWORD=mypassword cf push example --docker-image 1234567.dkr.ecr.us-east-1.amazonaws.com/repo/example:17.5.0-SNAPSHOT --docker-username myusername
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
....<snip>
Staging process started ...
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized Going to retry attempt: 1
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized Going to retry attempt: 2
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized Going to retry attempt: 3
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized
Staging process failed: Exit trace for group:
builder exited with error: failed to fetch metadata from [repo/example] with tag [17.5.0-SNAPSHOT] and insecure registries [] due to unauthorized: access to the requested resource is not authorized
Exit status 2
Staging Failed: Exited with status 2
Destroying container
Successfully destroyed container
...<snip>
我已经尝试了我的aws登录名和密码,我也尝试了访问密钥ID和秘密访问密钥。两者都返回相同的错误。
关于如何将aws ecr与cf push集成的任何想法?
您可能遇到了Cloud Controller中的错误。你可以在这里看到这个故事。
https://www.pivotaltracker.com/n/projects/966314/stories/159373079
AWS ECR凭证很长,可能会在CCDB中被截断。然后,当他们习惯于获取你的图像时,他们会因为错误而失败。
我写这篇文章时似乎没有解决方法,但我很快就会期待。然后,您只需将CF环境升级到包含此修复程序的版本。您可以查看完成后将更新的故事。
更新 - 截至此更新,cf-deployment中提供了一个修复程序。