使用 docker-java 从 Amazon ECR 中提取图像
Pulling image from Amazon ECR using docker-java
我在使用 docker-java 客户端从 Amazon ECR 拉取图像时遇到问题。 ECR注册中心登录认证成功,但无法从仓库中拉取特定镜像。奇怪的是,使用 bash 登录 ECR 并使用 docker 拉取图像有效。
我正在使用 java-docker 库 (https://github.com/docker-java/docker-java/) 的 3.0 版本。任何有关如何调试或解决此问题的帮助都会很有用。
// ECR client
AmazonECRClient ecrClient = new AmazonECRClient(awsCredentialsProvider);
GetAuthorizationTokenRequest getAuthTokenRequest = new GetAuthorizationTokenRequest();
List<String> registryIds = new ArrayList<String>();
registryIds.add("accountid");
getAuthTokenRequest.setRegistryIds(registryIds);
// Get Authorization Token
GetAuthorizationTokenResult getAuthTokenResult = ecrClient.getAuthorizationToken(getAuthTokenRequest);
AuthorizationData authData = getAuthTokenResult.getAuthorizationData().get(0);
String userPassword = StringUtils.newStringUtf8(Base64.decodeBase64(authData.getAuthorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":")+1);
DockerClientConfigBuilder config = new DockerClientConfigBuilder();
config.withDockerHost("unix:///var/run/docker.sock");
config.withDockerTlsVerify(false);
config.withRegistryUsername(user);
config.withRegistryPassword(password);
config.withRegistryUrl(authData.getProxyEndpoint());
config.build();
DockerCmdExecFactory dockerCmdExecFactory = new DockerCmdExecFactoryImpl();
//Docker client
DockerClient dockerClient = DockerClientBuilder.getInstance(config)
.withDockerCmdExecFactory(dockerCmdExecFactory)
.build();
// Response
AuthResponse response = dockerClient.authCmd().exec();
System.out.println(response.getStatus());
// Pull image
PullImageCmd pullImageCmd = dockerClient.pullImageCmd(respositoryname);
pullImageCmd
.exec(new PullImageResultCallback())
.awaitSuccess();
标准输出是:
Login Succeeded
Exception in thread "main" com.github.dockerjava.api.exception.DockerClientException: Could not pull image: unauthorized: authentication required
您需要将客户端的AuthConfig传递到pull命令中。
PullImageCmd pullImageCmd = dockerClient
.pullImageCmd(respositoryname)
.withAuthConfig(dockerClient.authConfig());
对我来说,问题是,authData.getEndpointProxy() 返回了 URL 和 "https://",但是拉取图像 cmd 只能在没有该前缀的情况下工作,所以我不得不删除它。
我在使用 docker-java 客户端从 Amazon ECR 拉取图像时遇到问题。 ECR注册中心登录认证成功,但无法从仓库中拉取特定镜像。奇怪的是,使用 bash 登录 ECR 并使用 docker 拉取图像有效。
我正在使用 java-docker 库 (https://github.com/docker-java/docker-java/) 的 3.0 版本。任何有关如何调试或解决此问题的帮助都会很有用。
// ECR client
AmazonECRClient ecrClient = new AmazonECRClient(awsCredentialsProvider);
GetAuthorizationTokenRequest getAuthTokenRequest = new GetAuthorizationTokenRequest();
List<String> registryIds = new ArrayList<String>();
registryIds.add("accountid");
getAuthTokenRequest.setRegistryIds(registryIds);
// Get Authorization Token
GetAuthorizationTokenResult getAuthTokenResult = ecrClient.getAuthorizationToken(getAuthTokenRequest);
AuthorizationData authData = getAuthTokenResult.getAuthorizationData().get(0);
String userPassword = StringUtils.newStringUtf8(Base64.decodeBase64(authData.getAuthorizationToken()));
String user = userPassword.substring(0, userPassword.indexOf(":"));
String password = userPassword.substring(userPassword.indexOf(":")+1);
DockerClientConfigBuilder config = new DockerClientConfigBuilder();
config.withDockerHost("unix:///var/run/docker.sock");
config.withDockerTlsVerify(false);
config.withRegistryUsername(user);
config.withRegistryPassword(password);
config.withRegistryUrl(authData.getProxyEndpoint());
config.build();
DockerCmdExecFactory dockerCmdExecFactory = new DockerCmdExecFactoryImpl();
//Docker client
DockerClient dockerClient = DockerClientBuilder.getInstance(config)
.withDockerCmdExecFactory(dockerCmdExecFactory)
.build();
// Response
AuthResponse response = dockerClient.authCmd().exec();
System.out.println(response.getStatus());
// Pull image
PullImageCmd pullImageCmd = dockerClient.pullImageCmd(respositoryname);
pullImageCmd
.exec(new PullImageResultCallback())
.awaitSuccess();
标准输出是:
Login Succeeded
Exception in thread "main" com.github.dockerjava.api.exception.DockerClientException: Could not pull image: unauthorized: authentication required
您需要将客户端的AuthConfig传递到pull命令中。
PullImageCmd pullImageCmd = dockerClient
.pullImageCmd(respositoryname)
.withAuthConfig(dockerClient.authConfig());
对我来说,问题是,authData.getEndpointProxy() 返回了 URL 和 "https://",但是拉取图像 cmd 只能在没有该前缀的情况下工作,所以我不得不删除它。