Closed mig5 closed 14 minutes ago
I am seeing the same thing.
I'm now wondering if https://github.com/aws/amazon-ecs-agent/pull/4256 fixes this issue. It might be nice for AWS engineers to engage with us in the issue to confirm.
EDIT: seems to not be fixed after all, nevermind.
This should now be fixed. Please reopen if you still experience the issue, thanks
Summary
On latest ECS optimized AMI
ami-0b07faf56462d5ae8
(eu-west-2), docker images seem to be pulled without their 'tag', yet their sha256 matches that of the docker image tag in question.Description
Example: I have an ECS service/task definition that pulls
ory/hydra
, specifically the v2.2.0 tag. Yet on a new EC2 autoscale instance built from the above AMI, the docker images show<none>
for the tag:If I run a command that launches a one-off container task using
ory/hydra:v2.2.0
:Yet that digest is the same as the one that was already downloaded and used for an ECS container. So it's the same image, and now 'v2.2.0' is shown as the tag when I run
docker images --digests | grep hydra
The container that is running an instance of the '' tagged image, shows this in
docker inspect
:That sha256 is not the digest of the v2.2.0 image but the image id itself..
Also, the reverse happens. For example, here is the running ecs-agent docker container:
It's showing
:latest
as the tag, great.But if I inspect
docker images --digests
:Why is the digest 'none' when the tag is shown? It's the exact reverse of the other issue (no tag = digest shown)
I reproduce this not just for 3rd party docker hub images but those I've published to private ECR.
So basically, it seems to be using the exact correct image - the actual digest aligns with the expected tag, even if there is no tag being shown. But it's a bit unnerving to see no tag.
Is it maybe a Docker bug? Is it expected, somehow, and just new to me?
Expected Behavior
If my service/task definition says to pull v2.2.0, I expect docker to show that tag for the image in the output of
docker images --digests
, and I expect the 'Image' attribute ofdocker inspect
to show the matching sha256 of the image digest.Observed Behavior
As above
Environment Details