Rancher 2.x image pull from Amazon ECR

Hi all

We’re planning on taking our first steps with Rancher, integrating into AWS through (likely) EC2

Whilst we’re now familiar with how to create the Rancher host, create a multi-node cluster, we’re currently stuck on understanding how we’d be able to pull images from an AWS ECR repo

Are there any sources of information as to how we’d achieve this?

I’m guessing you are already familiar with the authentication process for ECR and how you can automate that using the ECR credentials helper ?

In Rancher 1.6.x that approach is supported within Rancher itself and the helper appears in the catalogue. TBH it has always worked, but been a bit difficult to reason about because it stored the token in the Rancher database and whilst it’s straight forwards to configure it to periodically refresh that token within its 12 hour expiry window, there are some circumstances where failures in another service cause that refresh to not happen, leaving you unable to launch containers unless the nodes are already seeded with your target image. Confusion sometimes arises because if you login onto a node directly your pull will likely work fine (assuming you have configured with a suitable IAM role). You also have to configure your registry in Rancher (I guess you’ve done that also).

We haven’t migrated to v2 yet so I can’t speak authoritatively about that (sorry), but it will be a pre-req before we do, and I’m pretty confident it won’t be a problem. If you can’t see anything in the v2 catalog have a word with your Rancher support contact.