I'm trying my best to connect my ECS instance to a private registry in gitlab. I've uploaded a .dockercfg file to a bucket in the same region as main EB environment and referenced it as described in the docs:
{
"AWSEBDockerrunVersion": 2,
"authentication": {
"bucket": "xxxx",
"key": ".dockercfg"
},
"volumes": [
{
"name": "redis",
"host": {
"sourcePath": "/var/app/volumes/redis"
}
}
],
"containerDefinitions": [
{
"name": "core",
"image": "registry.gitlab.com/newsletter3/newsletter:latest",
"hostname": "core",
"essential": true,
"portMappings": [
{
"hostPort": 80,
"containerPort": 8012
}
],
"links": ["redis"],
"memory": 600
},
{
"name": "redis",
"image": "redis:6.2-alpine",
"hostname": "redis",
"essential": true,
"memory": 300,
"portMappings": [
{
"hostPort": 6379,
"containerPort": 6379
}
],
"mountPoints": [
{
"sourceVolume": "redis",
"containerPath": "/cache",
"readOnly": false
}
]
}
]
}
I've created my .docker cfg file by creating a new deploy token and encoding it with base64.
echo “AWS:GYqZmZxxxxxxxxxx” | tr -d “\n” | base64
And the resulting file looks like this:
{
"registry.gitlab.com": {
"auth": "xxxxNWQK"
}
}
I've also tried a second format with an encloding "auths" object (the way docker stores config.json
).
No matter what I try, I keep seeing errors like this:
level=error time=2022-05-10T20:56:28Z msg="DockerGoClient: failed to
pull image registry.gitlab.com/xxxx/xxxx:
[CannotPullContainerError] Error response from daemon: Head
"https://registry.gitlab.com/v2/xxx/xxxx/manifests/latest":
unauthorized: HTTP Basic: Access denied" module=docker_client.go
I also searched the docs for any reference of elastic beanstalk downloading my authentication file from the s3 bucket but was not able to find any reference.
I'm not sure if the docs are outdated and the "authentication" option does not exist anymore.