我正在尝试执行Cloud Foundry CLI命令:cf push并让它从我们的aws ecr存储库中提取docker镜像。我不断收到此错误消息:
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized
我已经通过带有访问密钥ID和秘密访问密钥的aws configure命令登录了aws,并且我从'aws ecr get-login'命令获得了ecr登录。
我可以使用docker来拉图像:
docker pull 1234567.dkr.ecr.us-east-1.amazonaws.com/repo/example:17.5.0-SNAPSHOT
所以我知道我有有效的证件。但是,这是尝试cf push命令时的错误:
CF_DOCKER_PASSWORD=mypassword cf push example --docker-image 1234567.dkr.ecr.us-east-1.amazonaws.com/repo/example:17.5.0-SNAPSHOT --docker-username myusername
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
....<snip>
Staging process started ...
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized Going to retry attempt: 1
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized Going to retry attempt: 2
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized Going to retry attempt: 3
Failed getting docker image by tag: unauthorized: access to the requested resource is not authorized
Staging process failed: Exit trace for group:
builder exited with error: failed to fetch metadata from [repo/example] with tag [17.5.0-SNAPSHOT] and insecure registries [] due to unauthorized: access to the requested resource is not authorized
Exit status 2
Staging Failed: Exited with status 2
Destroying container
Successfully destroyed container
...<snip>
我已经尝试了我的aws登录名和密码,我也尝试了访问密钥ID和秘密访问密钥。两者都返回相同的错误。
关于如何将aws ecr与cf push集成的任何想法?
答案 0 :(得分:0)
您可能会遇到Cloud Controller中的错误。你可以在这里看到这个故事。
https://www.pivotaltracker.com/n/projects/966314/stories/159373079
AWS ECR凭证相当长,可以在CCDB中被截断。然后,当它们用于获取您的图像时,它们将失败,因为它们是不正确的。
在撰写本文时,似乎没有解决方法,但我希望尽快解决。然后,您只需要将CF环境升级到包含此修复程序的版本。您可以查看故事,故事将在完成后进行更新。
更新-从此更新开始,cf-deployment中提供了一个修复程序。