I am using the gitlab deployment script to deply to my ecs cluster.
include:
the build and deploy works but the task fails when loading (error below)
Status reason CannotPullContainerError: Error response from daemon: Get https://registry.gitlab.com/v2/jagunr/adkins-trak-web/master/manifests/4aa622faf54334308cbfc0b94f57ea51f2a5d1c2: denied: access forbidden
How do I give AWS access to my gitlab docker image repo?
Hi!
First, I suggest you to host your Docker images on AWS ECR with a VPC endpoint: in this way you don’t have to pay ingress traffic on the NAT Gateway if you launch your service in a private subnet.
If you want to use Gitlab, you need to set the repositoryCredentials parameters in your task: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
Is there a reference to modify the gitlab-ci.yml that does the following
- Push the image to ECR
I suggest to use kaniko, so something like this:
buildDockerImage:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [ "" ]
stage: build
variables:
REGISTRY: your aws registry
only:
- master
cache:
policy: push
script:
- echo "{\"credsStore\":\"ecr-login\"}" > /kaniko/.docker/config.json
- /kaniko/executor --cache=true --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $REGISTRY:$CI_COMMIT_SHORT_SHA --destination $REGISTRY:latest
- Create Task definition (FARGATE) if it does not exist
I suggest moving this away from the code deploy, this should be part of your infrastructure (with code as infrastructure, possibly)
- Set the task definition container path
- Restart service with new task definition
Something like this should do the job:
deployECS:
stage: deploy
image: python:3.8
only:
- master
before_script:
- pip install ecs-deploy
needs:
- buildDockerImage
variables:
GIT_STRATEGY: none
GIT_SUBMODULE_STRATEGY: none
script:
- ecs deploy your_cluster your_service -t $CI_COMMIT_SHORT_SHA --timeout 600