[
https://issues.apache.org/jira/browse/MESOS-7522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16226466#comment-16226466
]
Martin Bydzovsky commented on MESOS-7522:
-----------------------------------------
+1 for this. Specifying creds for pulling image as `credential
principal+secret` in mesos containerizer is a no-go for AWS ECR. They issue you
a token (running `aws ecr get-login`) which is valid for something like 12
hours and then you need to obtain a new token.. Or is there a workaround for
this?
> Mesos containerizer to support docker credential helpers for private docker
> registries
> --------------------------------------------------------------------------------------
>
> Key: MESOS-7522
> URL: https://issues.apache.org/jira/browse/MESOS-7522
> Project: Mesos
> Issue Type: Wish
> Components: containerization
> Reporter: Mao Geng
> Assignee: Mao Geng
> Labels: mesos-containerizer
>
> In Pinterest, we use Amazon ECR as our docker registry and use
> https://github.com/awslabs/amazon-ecr-credential-helper to let docker engine
> to get auth token automatically.
> It works well with docker containerizer, as long as I have the
> .docker/config.json configured "credStores" and --docker_config configured
> for mesos-agent.
> However, this doesn't work for mesos containerizer. Meanwhile we want to use
> mesos containerizer's GPU support, so we have to run a separate docker
> registry on http and without auth, purely for mesos containerizer.
> I think it will be good if mesos containerizer can support
> https://github.com/docker/docker-credential-helpers by default, so that it
> will address a pain point for the users who are using crendential helpers
> with private registries on ECR, GCR, quay, dockerhub etc.
> This might be related to MESOS-7088
> CC [~jieyu] [~gilbert]
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
