-
Notifications
You must be signed in to change notification settings - Fork 640
-
Notifications
You must be signed in to change notification settings - Fork 640
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker push failing from ECS Fargate with proper Task roles #1233
Comments
@yadavnikhil is this working for you? Also, I'm not sure if the URI escaping in https://github.com/fabric8io/docker-maven-plugin/blob/master/src/main/java/io/fabric8/maven/docker/util/AuthConfigFactory.java#L347 is necessary? Anyway, since this is a "relatively recent" addition I wonder if this is working for you? |
@sebastiankirsch Yes, this changes are working fine for us. |
@yadavnikhil I'll create a PR that handles both cases then. |
Description
AuthConfig: no credentials found when running ECS container with Fargate type deployment.
Issue:
[DEBUG] DOCKER> No user and password set for ECR, checking EC2 instance role
[WARNING] DOCKER> Error while retrieving EC2 instance credentials: Connect to 169.254.169.254:80 [/169.254.169.254] failed: Invalid argument (connect failed)
[DEBUG] DOCKER> AuthConfig: no credentials found
Issue is when running ECS in Fargate, instance meta-data endpoint (169.254.169.254) is not accessible from within the container.
AWS has different metadata endpoint for containers running in ECS: https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-metadata-endpoint-fargate.html
Endpoint to get the credentials for TaskRoleARN assigned to ECS task will be:
Ex. http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
Existing plugin only checks instance endpoint & fails to get credentials when run in an ECS container for getting proper credentials.
Can this support be added so it can check additional URL when getting credentials when it is not able to connect to 169.254.169.254?
Info
mvn -v
) : 3.6.0Docker version : ECS Fargate
If it's a bug, how to reproduce : run docker:push to ECR registry from ECS container running with Fargate and has Task IAM Role assigned with ECR access.
If it's a feature request, what is your use case : Able to authenticate to ECR from ECS container running in Fargate from Task IAM Role.
Sample project : [GitHub Clone URL]
The text was updated successfully, but these errors were encountered: