We use a Docker registry inside our AWS VPC that is not accessible externally. We want to be able to launch tasks in ECS from this registry, however we see that the service is only ever at a PENDING state because the Docker daemon isn't able to access the registry.
I have found a sort of workaround by changing the launch configuration's user data but it doesn't feel like I'm doing this the best way:
#!/bin/bash
echo ECS_CLUSTER=MY_CLUSTER_NAME >> /etc/ecs/ecs.config
echo OPTIONS=--insecure-registry=insecure.registry.hostname:5000 > /etc/sysconfig/docker
service docker restart
docker start ecs-agent
This works perfectly, and I can see my task is running as expected. I just don't think this is necessarily the best way to do it.
AWS pointed me towards this article which discusses authenticating with private registries, but I'm not looking to authenticate, just to have Docker ignore the fact that I'm using an insecure (ie not HTTPS) registry.
Does anyone have a better solution?
Thanks
Aucun commentaire:
Enregistrer un commentaire