You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Martin Bydzovsky (JIRA)" <ji...@apache.org> on 2017/10/31 08:49:00 UTC

[jira] [Commented] (MESOS-7522) Mesos containerizer to support docker credential helpers for private docker registries

    [ https://issues.apache.org/jira/browse/MESOS-7522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16226466#comment-16226466 ] 

Martin Bydzovsky commented on MESOS-7522:
-----------------------------------------

+1 for this. Specifying creds for pulling image as `credential principal+secret` in mesos containerizer is a no-go for AWS ECR. They issue you a token (running `aws ecr get-login`) which is valid for something like 12 hours and then you need to obtain a new token.. Or is there a workaround for this?

> Mesos containerizer to support docker credential helpers for private docker registries
> --------------------------------------------------------------------------------------
>
>                 Key: MESOS-7522
>                 URL: https://issues.apache.org/jira/browse/MESOS-7522
>             Project: Mesos
>          Issue Type: Wish
>          Components: containerization
>            Reporter: Mao Geng
>            Assignee: Mao Geng
>              Labels: mesos-containerizer
>
> In Pinterest, we use Amazon ECR as our docker registry and use https://github.com/awslabs/amazon-ecr-credential-helper to let docker engine to get auth token automatically. 
> It works well with docker containerizer, as long as I have the .docker/config.json configured "credStores" and --docker_config configured for mesos-agent. 
> However, this doesn't work for mesos containerizer. Meanwhile we want to use mesos containerizer's GPU support, so we have to run a separate docker registry on http and without auth, purely for mesos containerizer. 
> I think it will be good if mesos containerizer can support https://github.com/docker/docker-credential-helpers by default, so that it will address a pain point for the users who are using crendential helpers with private registries on ECR, GCR, quay, dockerhub etc. 
> This might be related to MESOS-7088
> CC [~jieyu] [~gilbert]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)