Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect documentation around docker auth #20630

Closed
geekodour opened this issue May 17, 2024 · 4 comments
Closed

Incorrect documentation around docker auth #20630

geekodour opened this issue May 17, 2024 · 4 comments
Labels
type/bug
Projects
Nomad - Community Issues Triage

Comments

@geekodour
Copy link

https://developer.hashicorp.com/nomad/docs/v1.6.x/drivers/docker#authentication
mentions the following

plugin "docker" {
  config {
    auth {
      helper = "ecr-login"
    }
  }
}

while as per

nomad/drivers/docker/config.go

Lines 60 to 63 in a3b1810

if v, ok := opts["docker.auth.helper"]; ok {
authConf["helper"] = v
}
conf["auth"] = authConf

it should be

plugin "docker" {
    auth {
      helper = "ecr-login"
    }
}
@geekodour geekodour reopened this May 17, 2024
@geekodour
Copy link
Author

geekodour commented May 17, 2024
edited

In nixos config, it would go file

      plugin = {
        docker."auth.helper" = "ecr-login";
      };

Update: The above did not actually work, what worked in nixos+nomad for specifying plugin options is the following:

# ecr support for docker
# 1. IAM role to be assumed by ec2 instance
# 2. Needs docker-credential-ecr-login to be installed on the machine
# echo "<acc>.dkr.ecr.<region>.amazonaws.com/<repo>" | docker-credential-ecr-login get
# NOTE: If other public images start failing, we'd need to use "auth_soft_fail"

      plugin = [{
        docker = [{
            config = [{
              auth = [{
                # NOTE: We're not specifying the config directly, so no
                #       additional handling of docker config is required
                # NOTE: If we needed to use config, we'd do it something like:
                #       config = "/etc/docker/config.json";
                helper = "ecr-login";
              }];
            }];
        }];
      }];

@tgross tgross added this to Needs Triage in Nomad - Community Issues Triage via automation May 20, 2024
@pkazmierczak
Copy link
Contributor

Hi @geekodour, thanks for filing an issue! I'm afraid the documentation is correct, though, plugin configuration must live within a config block. Have a look at the configSpec structure to better understand how plugin config is parsed.

Nomad - Community Issues Triage automation moved this from Needs Triage to Done May 21, 2024
@geekodour
Copy link
Author

@pkazmierczak yes you're right, I've updated my previous comment to reflect the same. Apologies for the confusion!

@geekodour
Copy link
Author

@tgross ^ updated the comment with appropriate config that worked. Think it's an issue already being tracked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
Nomad - Community Issues Triage
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pkazmierczak @geekodour