Compose: docker-compose doesn't seem to use credStore config
Summary
I am using the AWS ECR credential helper to manage logging in to my ECR Docker repositories. I have specified the ecr credential helper as a credHelper with my repo hostname. docker pull 12345.../my-app:latest for the image hosted there works, but docker-compose pull doesn't.
$ docker pull 123456789012.dkr.ecr.ap-southeast-2.amazonaws.com/my-app:latest
latest: Pulling from my-app
Digest: sha256:382a8c98d7a881643fc18003030e57d58a534f4d14e6343448bab0c354ade19b
Status: Image is up to date for 123456789012.dkr.ecr.ap-southeast-2.amazonaws.com/my-app:latest
$ docker-compose pull
Pulling rethink-proxy (123456789012.dkr.ecr.ap-southeast-2.amazonaws.com/my-app:latest)...
ERROR: repository 123456789012.dkr.ecr.ap-southeast-2.amazonaws.com/my-app:latest not found: does not exist or no pull access
Workaround
If I change credsStore from osxkeychain to ecr-login, then docker-compose pull works as expected. This is not a great option though, as it means I can't use the osxkeychain to store credentials for other repositories.
Details
Platform: macOS 10.12.5
Docker: Docker version 17.06.0-ce-rc5, build b7e4173
Docker-Compose: docker-compose version 1.14.0, build c7bdf9e
Installed via Docker for Mac CE
docker-compose.yml
version: '3'
services:
my-app:
image: "123456789012.dkr.ecr.ap-southeast-2.amazonaws.com/my-app:latest"
~/.docker/config.json
{
"credsStore" : "osxkeychain",
"credHelpers" : {
"123456789012.dkr.ecr.ap-southeast-2.amazonaws.com" : "ecr-login"
}
}
Related
This looks similar to https://github.com/docker/compose/issues/4924, but I'm running the version that fixed that bug.
danielcompton
All 5 comments
Same issue as #4885
shin-
on 22 Jun 2017
credHelpers support would be really great! Currently using credsStore as a workaround (thankfully we only need to auth against the one registry), but it's a bit of a sledgehammer 馃敤
Had raised a ticket here: https://github.com/awslabs/amazon-ecr-credential-helper/issues/41, but as @danielcompton pointed out, this might be more of a docker-compose issue.
d3v1an7
on 27 Jun 2017
This will be fixed in the upcoming 1.15 release.
shin-
on 7 Jul 2017
@shin- Still have this problem.
Details:
Ubuntu 16.04.4 LTS
Docker Compose version 1.19.0, build 9e633ef
Docker version 18.02.0-ce, build fc4de44
~/.docker/config.json
{
"credsStore": "ecr-login"
}
docker pull my-app:latest works fine, but docker-compose pull got this error:
RROR: Get https://xxxx.dkr.ecr.us-east-2.amazonaws.com/v2/xxxxxxx: no basic auth credentials
nauxliu
on 2 Mar 2018
@NauxLiu Can confirm. I had to switch from:
{
"credHelpers" : {
"123456789012.dkr.ecr.ap-southeast-2.amazonaws.com" : "ecr-login"
}
}
to:
{
"auths" : {
"123456789012.dkr.ecr.ap-southeast-2.amazonaws.com" : {
}
},
"credsStore" : "osxkeychain",
"credHelpers" : {
"123456789012.dkr.ecr.ap-southeast-2.amazonaws.com" : "ecr-login"
}
}
Which makes me a bit sad.
Empty auth was a workaround from a while back, but bizarrely, "credsStore" : "osxkeychain" is now also required, even though we don't use the keychain at all (that I know of?).
d3v1an7
on 28 May 2018
Related issues
dimsav
路
3Comments
giggio
路
3Comments
HackerWilson
路
3Comments
29e7e280-0d1c-4bba-98fe-f7cd3ca7500a
路
3Comments
maltefiala
路
3Comments
Most helpful comment
@shin- Still have this problem.
Details:
~/.docker/config.jsondocker pull my-app:latestworks fine, butdocker-compose pullgot this error: