ChristofferNissen / helmper

Import Helm Charts to OCI registries, optionally with vulnerability patching
https://christoffernissen.github.io/helmper/
Apache License 2.0
229 stars 9 forks source link

ECR not working #16

Open tommy-dk opened 6 months ago

tommy-dk commented 6 months ago

When using an Amazon Container Registry (ECR) it doesn't work and helmper exits with the following error:

{"time":"2024-05-14T11:48:28.747110569Z","level":"ERROR","msg":"unexpected status from HEAD request to https://number.dkr.ecr.eu-north-1.amazonaws.com/v2/charts/openebs/blobs/sha256:0139e8a13fb95b14f23f49cf437c3027f749b7e1e0d451f66e041c92ea45586c: 403 Forbidden"}

I suspect it's connected with this bug report: https://github.com/helm/helm/issues/12491 which was reverted here though: https://github.com/helm/helm/pull/12527

There's no problem when I try helmper towards an Azure Container Registry (ACR).

ChristofferNissen commented 6 months ago

Hey Tommy,

Interesting. Helmper is using v3.14.2 and the fix should have been released as part of the v3.13.2 release, so the current version should already contain the fix as far as i am aware.

As you are running this on Mac if i remember correctly, maybe the system keychain is interfering by getting the credentials instead of the config.json file. Can you confirm that you get the entry for ECR when you do login with Helm and Docker?

See the answer from Oliver Salzburg in this thread https://stackoverflow.com/questions/34689445/cant-push-image-to-amazon-ecr-fails-with-no-basic-auth-credentials

tommy-dk commented 6 months ago

Hey,

Because of the complications of using ECR as a helm chart repository, I've reverted and are now using ACR which works well.

ChristofferNissen commented 6 months ago

Good, I will test and reproduce the issue on my end when time permits then :)

https://docs.localstack.cloud/user-guide/aws/ecr/

ChristofferNissen commented 4 months ago

Update; Looks like Helmper is working with ECR once logged in with helm registry login that the problem is that ECR does not automatically create repositories for images on first push

Issue from ECR https://github.com/aws/containers-roadmap/issues/853

Mon-143 commented 1 month ago

i am getting below error while pushing to OCI registry. Issue seems to be in directory structure. for eg: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.32.0 -> this works but when the directory structure changes: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.11.0-eks-1-30-8 --> fails

Error:

{"time":"2024-10-08T05:51:03.840155299Z","level":"INFO","msg":"Image not available. will be excluded from import...","image":""}
{"time":"2024-10-08T05:51:04.782997215Z","level":"INFO","msg":"Image not available. will be excluded from import...","image":"public.ecr.aws/eks-distro/kubernetes-csi:v8.0.1-eks-1-30-8"}
{"time":"2024-10-08T05:51:04.785323639Z","level":"INFO","msg":"Image not available. will be excluded from import...","image":"public.ecr.aws/eks-distro/kubernetes-csi:v2.11.0-eks-1-30-8"}