Hey all,
We have the docker image stored on a pri...
# ask-communityj
Joseph Loss
07/13/2021, 5:50 PMHey all,
We have the docker image stored on a private AWS ECR. This seems to stop working after 12 hours of starting the agent, because the authorization token expires and would somehow need to be re-authenticated with aws ecr docker login command in the command line. Otherwise, the docker agent can't pull the latest image on flow run. I've tried passing in the environment variable "PREFECT__CONTEXT__SECRETS__AWS_CREDENTIALS"_ on starting the agent, but that still doesn't seem to solve the issue. Any ideas on how to solve this?
NOTE: AWS Authorization Tokens can't be changed from the 12 hour expiration. So If anyone has a way that they solved this for the prefect docker agent, that would be very helpful
b
Ben Muller
07/13/2021, 7:35 PMDo you have the agent running as a service on ecs @Joseph Loss?
Ben Muller
07/13/2021, 7:35 PMI am running my agent in ecs as a service with the image on ecr and haven't encountered this issue.
Ben Muller
07/13/2021, 7:38 PMI think what you mean is that the flows aren't able to be pulled from ecr when you instantiate a flow run? If that's the case I would recommend looking at your ecr repo priveliges and make sure your execution role from the agent is allowed to pull the image of the task you're trying to run
j
Joseph Loss
07/13/2021, 7:59 PMno the docker agent is not on ecs, it's running on our on-premise servers. We're only storing the images on ECR, everything is run on our own VMs. I'm close using this but it's still giving issues:
https://github.com/awslabs/amazon-ecr-credential-helper
b
Ben Muller
07/13/2021, 8:12 PMAhh ok, right. Hmm not sure about that then
4 Views