使用 docker compose 在 Amazon ECS 上部署应用程序 [英] Deploy Applications on Amazon ECS Using docker compose
问题描述
我正在尝试将具有多个服务的 docker 容器部署到 ECS.我一直在关注这篇看起来很棒的文章:https://aws.amazon.com/blogs/containers/deploy-applications-on-amazon-ecs-using-docker-compose/
I'm trying to deploy a docker container with multiple services to ECS. I've been following this article which looks great: https://aws.amazon.com/blogs/containers/deploy-applications-on-amazon-ecs-using-docker-compose/
我可以让我的容器在本地运行,并且我可以使用 AWS CLI 连接到 ECS 上下文;但是在我运行时文章的基本示例中
I can get my container to run locally, and I can connect to the ECS context using the AWS CLI; however in the basic example from the article when I run
docker compose up
为了将映像部署到 ECS,出现错误:
In order to deploy the image to ECS, I get the error:
pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
似乎无法对此做出正面或反面.我的 docker 使用
Can't seem to make heads or tails of this. My docker is logged in to ECS using
aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
我的 aws CLI 上的默认 IAM 用户具有 AmazonECS_FullAccess 以及ecs:ListAccountSettings";和cloudformation:ListStackResources"
The default IAM user on my aws CLI has AmazonECS_FullAccess as well as "ecs:ListAccountSettings" and "cloudformation:ListStackResources"
我在这里阅读:pull访问被拒绝的存储库不存在或可能需要 docker 登录 mikemaccana 的回答是,在 2020 年 11 月之后,您的 YAML 文件中可能需要进行身份验证,以允许 AWS 从 hub.docker.io 中提取(例如,为 aws 提供您的 Docker hub 用户名和密码),但我无法在我的 yaml 文件中使用身份验证"语法.这是我在本地运行 tomcat 和 mariadb 的 YAML 文件:
I read here: pull access denied repository does not exist or may require docker login mikemaccana 's answer that after Nov 2020 authentication may be required in your YAML file to allow AWS to pull from hub.docker.io (e.g. give aws your Docker hub username and password) but I can't get the 'auth' syntax to work in my yaml file. This is my YAML file that runs tomcat and mariadb locally:
version: "2"
services:
database:
build:
context: ./tba-database
image: tba-database
# set default mysql root password, change as needed
environment:
MYSQL_ROOT_PASSWORD: password
# Expose port 3306 to host. Not for the application but
# handy to inspect the database from the host machine.
ports:
- "3306:3306"
restart: always
webserver:
build:
context: ./tba-webserver
image: tba-webserver
# mount point for application in tomcat
volumes:
- ./target/testPROJ:/usr/local/tomcat/webapps/ROOT
links:
- database:tba-database
# open ports for tomcat and remote debugging
ports:
- "8080:8080"
- "8000:8000"
restart: always
推荐答案
此博客的作者(感谢您的友好评论!).我在构建方面玩得不多,但我怀疑这里发生的事情是,当您运行 docker compose up 时,我们忽略了 build 阶段,只利用 docker compose up代码>图像字段.接下来发生的是,部署在 ECS/Fargate 上的容器尝试拉取镜像 tba-database(这是部署似乎抱怨的地方,因为它不存在).在 ecs 上下文中使用 docker compose up 之前,您需要额外的步骤将图像推送到 GH 或 ECR.
Author of the blog here (thanks for the kind comment!). I haven't played much with the build side of things but I suspect what's happening here is that when you run docker compose up we ignore the build phase and only leverage the image field. What happens next is that the containers being deployed on ECS/Fargate tries to pull the image tba-database (which is where the deploying seems to be complaining because it doesn't exist). You need extra steps to push your image to either GH or ECR before you could bring it life using docker compose up when in the ecs context.
您可能还需要更改撰写版本(2"很旧).
You also probably need to change the compose version ("2" is very old).
这篇关于使用 docker compose 在 Amazon ECS 上部署应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
