Avoid the error "You have reached your pull rate limit" during docker pull on AWS CodeBuild using AWS ECR

at first

This article is the 18th day article of Fusic Advent Calendar 2020.

Contents to introduce

--I suggest a way to avoid the gills that appear when docker pulls too much on AWS Codebuild --I think it's easy to read if you have experience with AWS CodeBuild and ECR.

Conclusion

Try pulling against ECR on AWS Codebuild, if not, pull from Docker Hub and push to ECR

--You have reached your pull rate limit is due to the stricter limit on the number of docker pulls. ** I noticed that if you change the pull destination to ECR, you do not have to worry about the number of times limit ** -Is there an image in ECR? → If not, pull from Docker Hub → Change the tag of the image pulled from Docker Hub to the tag name you plan to use in ECR → Push the image to ECR if you can change it to the tag name you plan to use in ECR --Pull from Docker Hub only the first time ――From the second time, there is an image in ECR, so you do not have to pull from Docker Hub

I will start introducing

First is the error screen

toomanyrequests_edit.png

Codebuild buildspec.yaml

The pre_build phase and the build phase are the parts I want to talk about.

version: 0.2

phases:
  install:
    runtime-versions:
      ruby: 2.7

  #Variable definition used for login to ECR, push and pull to ECR
  pre_build:
    commands:
      - $(aws ecr get-login --no-include-email --region ${AWS_DEFAULT_REGION})
      - AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)
      - ECR_REPOSITORY_NAME=nomorelimit
      - WEB_URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${ECR_REPOSITORY_NAME}

  #Docker image I want for ECR (ECR_RUBY_If there is no URI), pull from Docker Hub and push to ECR
  build:
    commands:
      - ECR_RUBY_URI=$WEB_URI:ruby-2.7.1-slim
      - DOCKER_RUBY_URI=ruby:2.7.1-slim
      - docker pull $ECR_RUBY_URI || (docker pull $DOCKER_RUBY_URI && docker tag $DOCKER_RUBY_URI $ECR_RUBY_URI && docker push $ECR_RUBY_URI && true)

pre_build phase detailed explanation

--First line: The part to log in to ECR --2nd and 3rd lines: Obtained to combine the repository URI of the ECR that has already been created as a character string. --Line 4: This is a variable that is completed by combining the already created ECR repository URIs with character strings.

build phase detailed explanation

--1st line: Set the URI including the tag name of the docker image used in ECR to ECR_RUBY_URI. --2nd line: Set the URI containing the original tag name of the docker image to be pulled from Docker Hub to DOCKER_RUBY_URI. --Third line: -Try pull from ECRdocker pull $ECR_RUBY_URI || … -If it doesn't work, pull it from Docker Hub || (docker pull $DOCKER_RUBY_URI …) --If the pull is successful from Docker Hub, change the docker image to the tag name $ ECR_RUBY_URI that was planned to be reused in ECR(… && docker tag $ DOCKER_RUBY_URI $ ECR_RUBY_URI…) --Push the tag name $ ECR_RUBY_URI that you plan to reuse in ECR to ECR(… && docker push $ ECR_RUBY_URI && true)

Utilization for Dockerfile (bonus)

You can use the ECR URI dynamically in the Dockerfile FROM. You'll be using docker's ARG to pass the ECR_RUBY_URI mentioned above.

--Commands to be executed on CodeBuild docker build --build-arg ECR_RUBY_URI = $ ECR_RUBY_URI --file file is/is/path/Dockerfile .

--Contents of Dockerfile to be linked with CodeBuild

ARG ECR_RUBY_URI

FROM $ECR_RUBY_URI
# FROM ruby:2.7.1-slim

…

Recommended Posts

Avoid the error "You have reached your pull rate limit" during docker pull on AWS CodeBuild using AWS ECR
Now that you have deployed AWS with Rails On Docker, let's organize the contents.
Check the rate limit application status of docker pull
Register your own Docker image with ECR using AWS CLI
Run the AWS CLI on Docker