AWS Fargate -CannotPullContainerError (500)? [英] AWS Fargate - CannotPullContainerError (500)?

问题描述

我使用 AWS ECS 来托管我的服务.当我尝试使用 fargate 定义任务时，我遇到了以下问题.

I'm using AWS ECS to host my services. When I try to define task with fargate, I'm getting this below problem.

CannotPullContainerError:API 错误 (500):获取 https://xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/v2/:net/http:请求在等待连接时被取消(等待标头时超出 Client.Timeout)

CannotPullContainerError: API error (500): Get https://xxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

此外，我还授予了在 IAM 用户中访问 ECR 的完全权限.请帮我解决这个问题.

Further I gave full permissions to access ECR in the IAM user as well. Please help me to sort out this problem.

推荐答案

看这里:https://github.com/aws/amazon-ecs-agent/issues/1128

特别是 samuelkarp

您在下面看到的错误通常是由于缺乏互联网访问拉图像.图像拉取发生在网络上任务使用的接口，因此共享安全组和路由规则.

The error you are seeing below is commonly due to lack of internet access to pull the image. The image pull occurs over the network interface used by the Task, and as such shares security group and routing rules.

请检查以下配置:

如果您在没有公共 IP 的情况下启动任务，请确保子网上的路由表有0.0.0.0/0"去一个 NAT 网关或NAT 实例以确保访问 Internet.如果你的路由表有一个互联网网关，这就像一个防火墙，防止建立联系.如果您要使用公共启动任务IP，确保子网上的路由表有0.0.0.0/0"到互联网网关，以确保您能够使用公共 IP成功用于入口流量.验证您的安全组规则任务允许出站访问.这里的默认值通常是 All流量到 0.0.0.0/0.如果这些网络更改都不适用于如果他们没有解决您的问题，请告诉我们，以便我们可以进一步协助.

If you are launching a task without a public IP, make sure that the route table on the subnet has "0.0.0.0/0" going to a NAT Gateway or NAT instance to ensure access to the internet. If your route table has an internet gateway, this is acting like a firewall and preventing the connection from being made. If you are launching a task with a public IP, make sure that the route table on the subnet has "0.0.0.0/0" going to an internet gateway to ensure you will be able to use the public IP successfully for ingress traffic. Verify your security group rules for the Task allows for outbound access. The default here is typically All Traffic to 0.0.0.0/0. If neither of those networking changes apply to you or if they do not fix your problem, please let us know so we can further assist.

这篇关于AWS Fargate -CannotPullContainerError (500)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！