https://prefect.io logo
Title
o

Oleksandr Lobunets

06/18/2020, 10:38 PM
Hi everyone! I'm trying to configure Fargate Agent and cannot find how to pass credentials to private docker registry 😕 Any hints? Thanks
To be precise, boto3 expects secret managers ARN in
containerDefinitions['repositoryCredentials']['credentialsParameter']
location, which I cannot find how to pass to the agent either via environment variables or via CLI arguments
z

Zachary Hughes

06/18/2020, 11:48 PM
Hi @Oleksandr Lobunets! Full disclosure that I'm not an avid consumer of Fargate, but I think this will do the trick for you: AWS suggests passing credentials for private repos like so:
"containerDefinitions": [
    {
        "image": "private-repo/private-image",
        "repositoryCredentials": {
            "credentialsParameter": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name"
        }
    }
]
I think what you'll want to do is define those
repositoryCredentials
as part of your FargateTaskEnvironment's
containerDefinitions
field, using the link below as an example. Does that sound like it might work for you? https://docs.prefect.io/orchestration/execution/fargate_task_environment.html#fargate-task-environment-w-resources
o

Oleksandr Lobunets

06/19/2020, 5:36 AM
@Zachary Hughes didn't try the programmatic approach yet. I tried to pass this configuration from environment directly to agent (in docker compose). Here's an example:
my-agent:
my-agent:
    image: prefecthq/prefect:${PREFECT_VERSION}
    depends_on:
      - apollo
    environment:
      - PREFECT__BACKEND=server
      - PREFECT__SERVER__HOST=<http://x.x.x.x>
      - PREFECT__LOGGING__LEVEL=DEBUG
      - PREFECT__FLOWS__CHECKPOINTING=true
      - AWS_ACCESS_KEY_ID=...
      - AWS_SECRET_ACCESS_KEY=...
      - REGION_NAME=eu-central-1
      - containerDefinitions_logConfiguration={"logDriver":"awslogs","options":{"awslogs-group":"npn/prefect","awslogs-region":"eu-central-1","awslogs-stream-prefix":"flow-runs"}}
    restart: always
    command: >
      prefect agent start fargate
        --name my-test-agent
        --show-flow-logs
        -l fargate
        -v
        cpu=256
        memory=512
       executionRoleArn=arn:aws:iam::********:role/ecsTaskExecutionRole
        cluster=npn-ecs1
        networkConfiguration="{'awsvpcConfiguration': {'assignPublicIp': 'DISABLED', 'subnets': ['subnet-*******'], 'securityGroups': ['sg-*******']}}"
z

Zachary Hughes

06/19/2020, 1:26 PM
Looks like Josh has picked this up on the Github side, but let us know if you have any other questions!
o

Oleksandr Lobunets

06/19/2020, 3:30 PM
@Zachary Hughes yep! that has worked out! thanks
🎉 1