无法部署来自 AWS 私有注册表的 docker 个图像
cannot deploy docker image form AWS private registry
我正在尝试从 AWS Elastic Container Registry 中托管的 docker 图像推送应用程序,并且在尝试推送时从 cloudfoundry API 收到 500 个错误代码。我是做错了什么,还是目前 API 有问题?感谢任何帮助。
使用的推送命令(替换真实路由、应用程序和图像名称):
cf push dockerized-app --docker-image 300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest --docker-username AWS --hostname my-dockerized-app -i 1 -m 1024M -k 1024M
cf-cli 版本:
cf version 6.34.1+bbdf81482.2018-01-17
这是我得到的标准日志输出:
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Pushing app dockerized-app to org ORG / space SPACE as someone@somewhere.ch...
Getting app info...
Creating app with these attributes...
+ name: dockerized-app
+ docker image: 300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest
+ docker username: AWS
+ disk quota: 1G
+ instances: 1
+ memory: 1G
routes:
+ my-dockerized-app.scapp.io
Creating app dockerized-app...
Unexpected Response
Response code: 500
CC code: 0
CC error code:
Request ID: f0789965-19b1-4178-5cce-e42ff671a99b::6eb55c40-70de-4011-ad30-ee60aab54d82
Description: {
"error_code": "UnknownError",
"description": "An unknown error occurred.",
"code": 10001
}
FAILED
这是设置了 -v 标志的相关日志输出
Creating app with these attributes...
+ name: dockerized-app
+ docker image: 300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest
+ docker username: AWS
+ disk quota: 1G
+ instances: 1
+ memory: 1G
routes:
+ my-dockerized-app.scapp.io
Creating app dockerized-app...
REQUEST: [2018-02-27T18:39:28+01:00]
POST /v2/apps HTTP/1.1
Host: api.lyra-836.appcloud.swisscom.com
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: cf/6.34.1+bbdf81482.2018-01-17 (go1.9.2; amd64 darwin)
{
"disk_quota": 1024,
"docker_credentials": {
"password": "[PRIVATE DATA HIDDEN]",
"username": "AWS"
},
"docker_image": "300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest",
"instances": 1,
"memory": 1024,
"name": "dockerized-app",
"space_guid": "07cead83-7db5-477e-83ca-f7bbee10e557"
}
RESPONSE: [2018-02-27T18:39:28+01:00]
HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 99
Content-Type: application/json;charset=utf-8
Date: Tue, 27 Feb 2018 17:39:28 GMT
Expires: 0
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: 6c6acb3a-4ead-4f88-5d2c-e7d7f846b2af::0e919224-e372-46f1-8d70-19bf30f85145
X-Xss-Protection: 1; mode=block
{
"code": 10001,
"description": "An unknown error occurred.",
"error_code": "UnknownError"
}
Unexpected Response
Response code: 500
CC code: 0
CC error code:
Request ID: 6c6acb3a-4ead-4f88-5d2c-e7d7f846b2af::0e919224-e372-46f1-8d70-19bf30f85145
Description: {
"error_code": "UnknownError",
"description": "An unknown error occurred.",
"code": 10001
}
在我看来 docker 注册表用户名和密码可以很好地获取(是的,它们可以工作)。
我不确定您的提供商现在 运行 是哪个版本的 Cloud Foundry,但是支持私有 docker 注册中心(即使用 HTTPS 和基本身份验证的注册中心)需要相当新的版本云铸造厂。
它绝对适用于 API 版本 2.103 及更高版本,因为这就是我们现在 运行 在 Meshcloud 的情况,我们有客户成功使用私有注册中心 ;-)
$ cf api
api endpoint: https://api.cf.eu-de-netde.msh.host
api version: 2.103.0
免责声明:我是 Meshcloud 的 co-founder。
从操作员的角度来看,您似乎正在通过使用 Amazon Elastic Container Registry 签名令牌(大约 2000 个字符)来达到 CloudFoundry 的 1000 个字符的密码限制:
/var/vcap/sys/log/cloud_controller_ng/cloud_controller_ng.log.5.gz:
{"timestamp":1526311559.8367982,"message":"Request failed: 500:
{\"error_code\"=>\"UnknownError\", \"description\"=>\"An unknown
error occurred.\", \"code\"=>10001, \"test_mode_info\"=>
{\"description\"=>\"docker_password can be up to 1,000 characters\",
...
我们向 CC 团队提交了问题:https://github.com/cloudfoundry/cloud_controller_ng/issues/1141
我正在尝试从 AWS Elastic Container Registry 中托管的 docker 图像推送应用程序,并且在尝试推送时从 cloudfoundry API 收到 500 个错误代码。我是做错了什么,还是目前 API 有问题?感谢任何帮助。
使用的推送命令(替换真实路由、应用程序和图像名称):
cf push dockerized-app --docker-image 300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest --docker-username AWS --hostname my-dockerized-app -i 1 -m 1024M -k 1024M
cf-cli 版本:
cf version 6.34.1+bbdf81482.2018-01-17
这是我得到的标准日志输出:
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Pushing app dockerized-app to org ORG / space SPACE as someone@somewhere.ch...
Getting app info...
Creating app with these attributes...
+ name: dockerized-app
+ docker image: 300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest
+ docker username: AWS
+ disk quota: 1G
+ instances: 1
+ memory: 1G
routes:
+ my-dockerized-app.scapp.io
Creating app dockerized-app...
Unexpected Response
Response code: 500
CC code: 0
CC error code:
Request ID: f0789965-19b1-4178-5cce-e42ff671a99b::6eb55c40-70de-4011-ad30-ee60aab54d82
Description: {
"error_code": "UnknownError",
"description": "An unknown error occurred.",
"code": 10001
}
FAILED
这是设置了 -v 标志的相关日志输出
Creating app with these attributes...
+ name: dockerized-app
+ docker image: 300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest
+ docker username: AWS
+ disk quota: 1G
+ instances: 1
+ memory: 1G
routes:
+ my-dockerized-app.scapp.io
Creating app dockerized-app...
REQUEST: [2018-02-27T18:39:28+01:00]
POST /v2/apps HTTP/1.1
Host: api.lyra-836.appcloud.swisscom.com
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/json
User-Agent: cf/6.34.1+bbdf81482.2018-01-17 (go1.9.2; amd64 darwin)
{
"disk_quota": 1024,
"docker_credentials": {
"password": "[PRIVATE DATA HIDDEN]",
"username": "AWS"
},
"docker_image": "300401118676.dkr.ecr.eu-central-1.amazonaws.com/my/image:latest",
"instances": 1,
"memory": 1024,
"name": "dockerized-app",
"space_guid": "07cead83-7db5-477e-83ca-f7bbee10e557"
}
RESPONSE: [2018-02-27T18:39:28+01:00]
HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 99
Content-Type: application/json;charset=utf-8
Date: Tue, 27 Feb 2018 17:39:28 GMT
Expires: 0
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: 6c6acb3a-4ead-4f88-5d2c-e7d7f846b2af::0e919224-e372-46f1-8d70-19bf30f85145
X-Xss-Protection: 1; mode=block
{
"code": 10001,
"description": "An unknown error occurred.",
"error_code": "UnknownError"
}
Unexpected Response
Response code: 500
CC code: 0
CC error code:
Request ID: 6c6acb3a-4ead-4f88-5d2c-e7d7f846b2af::0e919224-e372-46f1-8d70-19bf30f85145
Description: {
"error_code": "UnknownError",
"description": "An unknown error occurred.",
"code": 10001
}
在我看来 docker 注册表用户名和密码可以很好地获取(是的,它们可以工作)。
我不确定您的提供商现在 运行 是哪个版本的 Cloud Foundry,但是支持私有 docker 注册中心(即使用 HTTPS 和基本身份验证的注册中心)需要相当新的版本云铸造厂。
它绝对适用于 API 版本 2.103 及更高版本,因为这就是我们现在 运行 在 Meshcloud 的情况,我们有客户成功使用私有注册中心 ;-)
$ cf api
api endpoint: https://api.cf.eu-de-netde.msh.host
api version: 2.103.0
免责声明:我是 Meshcloud 的 co-founder。
从操作员的角度来看,您似乎正在通过使用 Amazon Elastic Container Registry 签名令牌(大约 2000 个字符)来达到 CloudFoundry 的 1000 个字符的密码限制:
/var/vcap/sys/log/cloud_controller_ng/cloud_controller_ng.log.5.gz:
{"timestamp":1526311559.8367982,"message":"Request failed: 500:
{\"error_code\"=>\"UnknownError\", \"description\"=>\"An unknown
error occurred.\", \"code\"=>10001, \"test_mode_info\"=>
{\"description\"=>\"docker_password can be up to 1,000 characters\",
...
我们向 CC 团队提交了问题:https://github.com/cloudfoundry/cloud_controller_ng/issues/1141