#release-engineering (2019-03)

jenkins_ci All things CI/CD. Specific emphasis on Codefresh and CodeBuild with CodePipeline.

CI/CD Discussions

Archive: https://archive.sweetops.com/release-engineering/

2019-03-27

oscarsullivan_old avatar
oscarsullivan_old

@Erik Osterman (Cloud Posse) I’ve got Codefresh pushing to ECR (and apparently codefreshe’s own registry too). How does one go about now pulling that ECR image?

Have tried: aws-vault exec acme-mgmt-iac aws ecr get-login aws-vault exec acme-mgmt-iac docker pull [xxxx.dkr.ecr.eu-west-2.amazonaws.com/acme/foo:develop](http://xxxx\.dkr\.ecr\.eu\-west\-2\.amazonaws\.com/acme/foo:develop)

But both have their errors

oscarsullivan_old avatar
oscarsullivan_old

I can see a quick workaround actually by having a default credentials so I can avoid aws-vault

oscarsullivan_old avatar
oscarsullivan_old

Well that workaround worked. But would be to find out the answer.

oscarsullivan_old avatar
oscarsullivan_old

Likewise how to avoid:

REPOSITORY                                                   TAG                        IMAGE ID            CREATED             SIZE
[xxx.dkr.ecr.eu-west-2.amazonaws.com/acme/pod](http://xxx\.dkr\.ecr\.eu\-west\-2\.amazonaws\.com/acme/pod)   develop                    xxx        41 minutes ago      498MB

so I can just run docker run acme/pod:develop instead of docker run [xxx.dkr.ecr.eu-west-2.amazonaws.com/acme/pod:develop](http://xxx\.dkr\.ecr\.eu\-west\-2\.amazonaws\.com/acme/pod:develop)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Using the AWS CLI with Amazon ECR - Amazon ECR

The following steps help you install the AWS Command Line Interface and then log in to Amazon ECR. From there, you can create an image repository, push an image to that repository, and perform other common scenarios in Amazon ECR.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

docker needs a registry to pull an image (DockerHub by default), so docker run acme/pod:develop will not work with ECR

Tim Malone avatar
Tim Malone

…unless you hack your DNS to make [hub.docker.com> (or whatever domain it connects to when pulling) return your ECR endpoint instead </i](http://hub.docker.com)

keen avatar

meh, I seem to recall some ssl explosions doing that.

:--1:1
oscarsullivan_old avatar
oscarsullivan_old

Ooo Tim I kind of fancy doing that but I just know I’ll need the standard hub.docker.com at some point ;)

1
oscarsullivan_old avatar
oscarsullivan_old

Going to use variant instead

    keyboard_arrow_up