Open isereb opened 3 years ago
An intersting thing to notice, is that those images can be pulled using docker pull envoyproxy/envoy:v1.11.2
and this error won't appear anymore
Hi @isereb, sorry for the slow reply. I suspect this is just a matter of not having configured the sidecar image to point at the image in your private ECR. This can currently be done in one of two ways:
1) set meta.connect.sidecar_image
in the nomad client config docs
${NOMAD_envoy_version}
interpolation is only available starting with Nomad 1.0)
2) set the sidecar_image
in the connect sidecar_task config docsI do not want to put those images on the ECR. I want Nomad to be able to pull both: ECR images and docker.io images at the same time. I think this StackOverFlow question will shed more light.
Nomad version
Output from
nomad version
Nomad v0.12.7 (6147cb578794cb2d0c35d68fe1791728a09bb081)Operating system and Environment details
CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"
Issue
I have my Nomad running on an on-prem machine and using ECR as a container registry. For a long time, I was setting up credentials helper so it would pull the images from the ECR. Once that was done, everything worked for a while. Until I realized, that once the image of envoyproxy/envoy was gone, sidecar for any service wouldn't start with an error:
Failed to find docker auth for repo "envoyproxy/envoy": docker-credential-ecr-login with input "envoyproxy/envoy" failed with stderr: exit status 1
. Clearly, for some reason, it tries to authenticate against docker.io with ecr-login cred helper.Reproduction steps
nomad.hcl
config.json
Job file (if appropriate)
Nomad Client/Server logs (if appropriate)
Nothing that would be related to this issue...