Allow a task definition to reference auth/credentials #28
Comments
|
I think the new implementation is a great start. I would also mention that task-level auth info can be viewed as an override of agent-level auth. So if one is set in the task definition, agent will use the auth provided. If not, then it will use one of the global auth credentials. If this is done, I believe it may capture a large portion of the use cases for private registry access. |
|
+1 on this so we don't need to bake credentials into the instances... Any progress? |
|
http://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html Just ran into this tonight. The docs make it seem like authentication is supported. However our attempts at putting the config.json on the disk to allow ecs-agent to access our private docker hub were not fruitful. |
|
I wrote a walkthrough of how I did it: https://mdln.net/articles/ecs-walkthrough.html |
|
The [Task Execution Role] |
As suggested by @asans (#4 (comment) on issue 4, option 2)
Right now Docker auth can be configured at the container-instance level and affects all tasks launched on that instance.
It would make sense for auth information to be referenced along with the image it pertains to as part of a task definition. For security and ease of update, it would also make sense if this information could be given as an S3 resource reference.
The text was updated successfully, but these errors were encountered: