-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EOF on AWS ECR API POST to check push permissions #1935
Comments
Kaniko v1.7.0 had some auth bugs, and was reverted so that Can you either try this with v1.6.0, or even better, try a recent commit-tagged build to help us check whether this is still a bug at head, in advance of an upcoming v1.8.0 release (#1871) |
Tried out
|
I am able to reproduce with Docker, I think it might be an AWS ECR issue, still digging ... |
@imjasonh found my problem, it was AWS IAM permissions issues, my pipeline was using the EC2 instance IAM role instead of credentials in environment variables Reading the Docker Daemon logs and AWS ECR credential helper logs in Related to awslabs/amazon-ecr-credential-helper#183 |
Running into the same issue: #1455 (comment) does this mean that there currently is no way to get this working with IRSA? |
For me, what make it work is this: |
This was my issue as well, you cannot push |
Actual behavior
Pushing a tag different than
latest
fails on AWS ECR and works fine GitLab container registry (using a singledestination
arg)Expected behavior
You can push Docker images to AWS ECR (and GitLab container registry)
To Reproduce
Using GitLab to build a Docker image with Kaniko
v1.7.0-debug
following this guide https://docs.gitlab.com/ee/ci/docker/using_kaniko.htmlUsing docker image sha256:f39fe1b68ae07abd6ce979135e84ae10495c961b5d90863c14295a16c3dd91b7 for gcr.io/kaniko-project/executor:v1.7.0-debug with digest gcr.io/kaniko-project/executor@sha256:88dacc7ea3f5c04709eae96776693c717869405364b19d6e78850fe54c63c6a2 ...
Error:
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com/<path_to_repo>": Post "https://<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com/v2/tezos-ci/blobs/uploads/": EOF
Docker JSON configuration for GitLab container registry and Amazon ECR:
Kaniko command:
Simple Dockerfile:
--cache
flagNot sure if it is similar to #1792 or even #1209
The text was updated successfully, but these errors were encountered: