Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: bump deps for k8schain to fix ecr-login #14008

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Joibel
Copy link
Member

@Joibel Joibel commented Dec 16, 2024

Speculatively fixes #13947

Motivation

Users of magically logged into ECR appears to have broken in 3.6. It's unclear if this is IRSA that's broken at this stage.

Modifications

Bump everything used by container_registry_index.go

go get  github.com/google/go-containerregistry/pkg/authn/k8schain 
go get github.com/awslabs/amazon-ecr-credential-helper/ecr-login
go get  github.com/google/go-containerregistry/pkg/v1/remote
go get  github.com/google/go-containerregistry/pkg/name
go mod tidy

Verification

Untested. This won't be merged unless someone verifies that it helps.

If you are interested in testing this please build your own image using make workflow-controller-image. I can build one for you, but you shouldn't take random images from a stranger on the internet really.

Copy link
Contributor

@tooptoop4 tooptoop4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Joibel
Copy link
Member Author

Joibel commented Dec 23, 2024

need https://github.com/tektoncd/pipeline/pull/7921/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R143

@tooptoop4 Have you verified this? We're not apparently pulling in github.com/aws/aws-sdk-go-v2 below 1.23.0.

@tooptoop4
Copy link
Contributor

@lens0021
Copy link

lens0021 commented Jan 10, 2025

If you are interested in testing this please build your own image using make workflow-controller-image.

I've tried this, built an image and deployed it. I added the following values as I am using the helm chart.

  controller:
    image:
      registry: [MY_REGISTIRY]
      repository: [REPOSITORY]
      tag: argo-workflows-3.6.2-gh-14008

After doing that, the workflows which has a private image served by AWS ECR (400721425664.dkr.ecr.ap-northeast-2.amazonaws.com/platform-service) succeed to run, though on 3.6.2.

@Joibel Is there another thing I can do to help this will be merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

401 Unauthorized when looking for entrypoint/cmd of an image hosted on a private AWS ECR with v3.6.0
3 participants