问题描述
我要求在容器构建期间从AWS S3下载文件,但是我没有向构建过程提供AWS凭证但没有在Dockerfile中实际对其进行硬编码的情况下未能成功.我收到错误消息:
尽管先前已执行:
此外,我无法为此目的使用--build-arg.
我的问题:是否可以在构建时拥有这些凭据而无需在Dockerfile中对其进行硬编码?
感谢您的关注.
使用--build-arg
标志是正确的方法,但是必须使用ARG
指令而不是ENV
指令来指定它们在您的Dockerfile中.
这是我与AWS凭证一起使用的示例Dockerfile
.它以aws凭证作为构建参数,包括AWS_REGION
构建参数的默认参数.然后,它执行基本的aws操作,在这种情况下,登录到ecr.
FROM <base-image>:latest # an image I have that has `aws` installed
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_REGION=us-west-2
RUN aws ecr get-login --no-include-email | bash
CMD ["npm", "start"]
然后使用以下命令构建映像:
docker build -t testing --build-arg AWS_ACCESS_KEY_ID=<Your ID Here> \
--build-arg AWS_SECRET_ACCESS_KEY=<Your Key Here> .
希望这会有所帮助.
I require files to be downloaded from AWS S3 during container build, however I've been unsuccessful to provide the AWS credentials to the build process without actually hardcoding them in the Dockerfile. I get the error:
despite previously having executed:
Moreover, I was not able to use --build-arg for this purpose.
My question: is it possible to have these credentials in build time without hardcoding them in the Dockerfile and if so how?
Thank you for your attention.
Using the --build-arg
flag is the correct way to do it, however you must use the ARG
directive, not the ENV
directive to specify them in your Dockerfile.
Here is an example Dockerfile
that I have used with AWS credentials. It takes in the aws credentials as build arguments, including a default argument for the AWS_REGION
build argument. It then performs a basic aws action, in this case logging into ecr.
FROM <base-image>:latest # an image I have that has `aws` installed
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_REGION=us-west-2
RUN aws ecr get-login --no-include-email | bash
CMD ["npm", "start"]
You then build the image with the following command:
docker build -t testing --build-arg AWS_ACCESS_KEY_ID=<Your ID Here> \
--build-arg AWS_SECRET_ACCESS_KEY=<Your Key Here> .
Hope this helps.
这篇关于Dockerfile中的AWS凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!