“最新"是怎么来的?标签在 ECS 任务定义和从 ECR 拉取的容器实例中工作? [英] How does "latest" tag work in an ECS task definition and container instances pulling from ECR?
问题描述
我在 ECR 任务定义中使用 latest 标签时遇到问题,其中 image 参数的值类似于 XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/reponame/web:latest.
I'm having problems using latest tag in an ECR task definition, where image parameter has value like XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/reponame/web:latest.
一旦在容器实例(注册到集群的 EC2 实例)上运行新的服务实例(任务),我希望此任务定义从 ECR 中提取带有 latest 标记的映像.
I'm expecting this task definition to pull an image with latest tag from ECR once a new service instance (task) is run on the container instance (an EC2 instance registered to the cluster).
但是在我的情况下,当我远程连接到容器实例并列出 docker 镜像时,我可以看到它没有从 ECR 中提取最新版本的镜像.
However in my case when I connect to the container instance remotely and list docker images, I can see that it has not pulled the latest release image from ECR.
最新标签在当前标签后面有两个发布版本,因为我更新了任务定义以使用显式定义版本标签的latest标签实例,即:v1.05.
The latest tag there is two release versions behind the current one, from since I updated the task definition to use latest tag instance of explicitly defining the version tag i.e. :v1.05.
我在这个集群上只有一个容器实例.
I have just one container instance on this cluster.
在我的过程中可能有一些怪癖,但这个问题主要是关于这个 latest 在这种情况下应该如何表现?
It's possible there is some quirk in my process, but this question is mainly about how this latest should behave in this kind scenario?
我的docker镜像构建和标记、ECR推送、ECS任务定义更新、ECS服务更新流程:
My docker image build and tagging, ECR push, ECS task definition update, and ECS service update process:
# Build the image with multiple tags
docker build -t reponame/web:latest -t reponame/web:v1.05 .
# Tag the image with the ECR repo URI
docker tag ${imageId} XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/reponame/web
# Push both tags separately
docker push XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/reponame/web:v1.05
docker push XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/reponame/web:latest
# Run only if the definition file's contents has been updated
aws ecs register-task-definition --cli-input-json file://web-task-definition.json
# Update the service with force-new-deployment
aws ecs update-service
--cluster my-cluster-name
--service web
--task-definition web
--force-new-deployment
带有任务定义文件:
{
"family": "web",
"containerDefinitions": [
{
"name": "web",
"image": "XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/reponame/web:latest",
"essential": true,
"memory": 768,
"memoryReservation": 512,
"cpu": 768,
"portMappings": [
{
"containerPort": 5000,
"hostPort": 80
}
],
"entryPoint": [
"yarn", "start"
],
"environment": [
{
"name": "HOST",
"value": "0.0.0.0"
},
{
"name": "NUXT_HOST",
"value": "0.0.0.0"
},
{
"name": "NUXT_PORT",
"value": "5000"
},
{
"name": "NODE_ENV",
"value": "production"
},
{
"name": "API_URL",
"value": "/api"
}
]
}
]
}
推荐答案
结果问题出在我的脚本上.使用了一个不同的变量,该变量的旧值仍然存储在我的终端会话中.
Turned out the problem was with my scripts. Was using a different variable that had an old value still stored with my terminal session.
我已经验证通过在任务定义的图像源 url 中使用 latest 标签确实有一个新启动的服务实例来从 ECR 中提取带有 latest 标签的图像.
I've validated that by using latest tag in the task definition's image source url does have a newly started service instance to pull in the image with latest tag from ECR.
无需注册任务定义的新修订版.
Without needing to register a new revision of the task definition.
作为旁注,处理 latest 标签时需要小心.在这种情况下它似乎可行,但在许多其他情况下它很容易出错:Ref1, Ref2
As a sidenote, one needs to be careful with handling the latest tag. In this scenario it seems to work out, but in many other cases it would be error prone: Ref1, Ref2
这篇关于“最新"是怎么来的?标签在 ECS 任务定义和从 ECR 拉取的容器实例中工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
