Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gitlab CI & Kaniko build error getting credentials from ECR #270

Open
jordan85 opened this issue Mar 23, 2021 · 4 comments
Open

Gitlab CI & Kaniko build error getting credentials from ECR #270

jordan85 opened this issue Mar 23, 2021 · 4 comments

Comments

@jordan85
Copy link

jordan85 commented Mar 23, 2021
edited
Loading

Hello everybody,

I try to push to ECR my CI building with Kaniko but I have the following problem :
Screen error :

E0323 20:23:21.609447      22 aws_credentials.go:100] error getting credentials from ECR for myaccount.dkr.ecr.eu-west-3.amazonaws.com NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors
error pushing image: failed to push to destination myaccount.dkr.ecr.eu-west-3.amazonaws.com/myproject:7eddba53af75: HEAD https://myaccount.dkr.ecr.eu-west-3.amazonaws.com/v2/myproject/blobs/sha256:9fdae33d52319a11cb86523712e48cf1f4682fb0239a: unsupported status code 401

~/.ecr/log/ecr-login.log :

time="2021-03-23T20:22:54Z" level=debug msg="Could not fetch credentials for cache prefix, disabling cache" error="NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"
time="2021-03-23T20:22:54Z" level=debug msg="Retrieving credentials" region=eu-west-3 registry=myaccount serverURL=myaccount.dkr.ecr.eu-west-3.amazonaws.com
time="2021-03-23T20:22:54Z" level=debug msg="Calling ECR.GetAuthorizationToken" registry=myaccount
time="2021-03-23T20:23:15Z" level=error msg="Error retrieving credentials" error="ecr: Failed to get authorization token: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

In my build environment my ~/.aws/credentials is ok and /kaniko/.docker/config.json is also ok ; during ci deployment I check file integrity with :

run cat ~/.aws/credentials
run cat /kaniko/.docker/config.json

I have the impression that my credentials are not consumed.

With the same account API AWS I can push docker image from my laptop, permissions in IAM are not a problem.

Do you have an idea?

Thanks and have a good day,
Jordan
@jordan85 jordan85 mentioned this issue Mar 24, 2021
Closed
@invhariharan77
Copy link

@jordan85 I'm getting the same issue as you have reported.. did you manage to fix this or know what could be causing this?.

@ineentho
Copy link

If you are using multiple stages in your Dockerfile, Kaniko will remove your /root/.aws directory between each stage by default.

Adding --ignore-path=/root/.aws to the executor command will persist the .aws directory between stages.

@masonhuemmer
Copy link

Appending docker login helped me resolve my issue.

printf "%s" "${DOCKER_PASSWORD}" | docker login -u ${DOCKER_USERNAME} --password-stdin ${DOCKER_REGISTRY}

@yb-yu
Copy link

yb-yu commented May 3, 2023

If you are using multiple stages in your Dockerfile, Kaniko will remove your /root/.aws directory between each stage by default.

Adding --ignore-path=/root/.aws to the executor command will persist the .aws directory between stages.

@ineentho

It works for me! I failed to push my multi-stage build image to ECR repository.

I'm using IRSA, so I ignored the path where WEB_IDENTITY_TOKEN placed and It worked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ineentho @yb-yu @jordan85 @invhariharan77 @masonhuemmer