Custom Entrypoints
For some images, AWS containers use a custom entrypoint script. If you want to use your own entrypoint, you can override the entrypoint as follows.
Update the command parameter in your pod file. Replace the
args parameters with your custom entrypoint script.
--- apiVersion: v1 kind: Pod metadata: name:pytorch-multi-model-server-densenetspec: restartPolicy: OnFailure containers: - name:pytorch-multi-model-server-densenetimage:763104351884.dkr.ecr.us-east-1.amazonaws.com/pytorch-inference:1.2.0-cpu-py36-ubuntu16.04command: - "/bin/sh" - "-c" args: -/usr/local/bin/multi-model-server---start---mms-config /home/model-server/config.properties---models densenet="https://dlc-samples.s3.amazonaws.com/pytorch/multi-model-server/densenet/densenet.mar"
command is the Kubernetes field name for entrypoint.
Refer to this
table of Kubernetes field names
If the EKS cluster has expired IAM permissions to access the ECR repository holding the image, or you are using kubectl from a different user than the one that created the cluster, you will receive the following error.
error: unable to recognize "job.yaml": Unauthorized
To address this issue, you need to refresh the IAM tokens. Run the following script.
set -ex AWS_ACCOUNT=${AWS_ACCOUNT} AWS_REGION=us-east-1 DOCKER_REGISTRY_SERVER=https://${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com DOCKER_USER=AWS DOCKER_PASSWORD=`aws ecr get-login --region ${AWS_REGION} --registry-ids ${AWS_ACCOUNT} | cut -d' ' -f6` kubectl delete secret aws-registry || true kubectl create secret docker-registry aws-registry \ --docker-server=$DOCKER_REGISTRY_SERVER \ --docker-username=$DOCKER_USER \ --docker-password=$DOCKER_PASSWORD kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"aws-registry"}]}'
Append the following under spec in your pod file.
imagePullSecrets: - name: aws-registry
