[Autoscaler] Pulling drone-runner-docker from AWS ECR

Hi, I am trying to use the autoscaler with DRONE_AGENT_IMAGE=11111111111.dkr.ecr.us-east-2.amazonaws.com/drone-runner-docker:1.6 so that it pulls the drone-runner-docker image from our AWS ECR registry.

However I am getting no basic auth credentials error in the autoscaler logs.

I am using a custom cloud-init file that logs in to AWS ECR on boot (it successfully creates a /root/.docker/config.json file).

FWIW I also have the following flags in the autoscaler configuration:
But as far as I understand this is irrelevant for this problem - that is used to allow pipelines to pull from ECR for step images (which for me has always worked anyways).

I have gone through How to prevent DockerHub pull rate limit errors but that doesn’t address launching runners with the autoscaler.

Has anybody managed to get that working? What could I be missing?

edit: if my setup is correct, just guessing…could there be a sort of race condition where the autoscaler attempts to pull DRONE_AGENT_IMAGE before the target host logs in to ECR and then it gives up and doesn’t retry?

I discard this possibility, I have verified and the .docker/config.json file on the host is created way before Autoscaler attempts to pull the image.

And when the Autoscaler logs output "error":"Error response from daemon: Get my-drone-runner-docker: no basic auth credentials", I do a docker pull my-drone-runner-docker on the target host and I can pull the image without problems. :thinking:


Can you please clarify on how you’re trying to authenticate to your ECR here, is it via the drone registry plugin? GitHub - drone/drone-registry-plugin: Registry extension for backward compatibility with 0.8 global registry credentials.

The following thread might also be helpful:

Hi @csgit! I’m not using the drone-registry-plugin; the hosts launched by the Autoscaler authenticate during start up vía good old aws ecr get-login ....