Open ale900522 opened 9 months ago
Hi, can you provide more information about your setup so that we can reproduce this issue? Some configurations and information like which git provider, as this is an authorization failure, which could be related to the git repository access token or ssh key that is configured for image update to use.
Also, you can pass --log-level=trace
to the container arguments in image-automation-controller deployment to enable trace logs and see if the logs contain any more information about the failure.
Just making a guess, if you have used the same git repository secret with a GitRepository object (source-controller) and it was able to pull the source but the same secret isn't working with image-automation, it may be that the secret lacks write permission to the repository.
Yes this my complete config:
image repository:
image repositories its fine image policy its fine image update its error authorization failed
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: api-repo
namespace: flux-system
spec:
exclusionList:
- ^.*\.sig$
image: registry.gitlab.com/api-repo
interval: 5m0s
provider: generic
secretRef:
name: regcred
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: api-repo-policy
namespace: flux-system
spec:
imageRepositoryRef:
name: api-repo
policy:
semver:
range: '>=0.0.1'
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: api-repo-gitlab
namespace: flux-system
spec:
git:
checkout:
ref:
branch: main
commit:
author:
email: admin@example.com
name: admin
messageTemplate: |-
{{ range .Updated.Images -}}
[demo] Automated image update **{{ $.AutomationObject }}** to **{{ .Identifier }}**
{{ end -}}
Automation name: {{ .AutomationObject }}
Files:
{{ range $filename, $_ := .Updated.Files -}}
- {{ $filename }}
{{ end -}}
Objects:
{{ range $resource, $_ := .Updated.Objects -}}
- {{ $resource.Kind }} {{ $resource.Name }}
{{ end -}}
Images:
{{ range .Updated.Images -}}
- {{.}}
{{ end -}}
interval: 1m0s
sourceRef:
kind: GitRepository
name: api-repo-gitlab #this GitRepositorie exit in flux-system namespace
namespace: flux-system
update:
strategy: Setters
As mentioned above, this seems to be a git authentication error. Please check what I guessed above
Just making a guess, if you have used the same git repository secret with a GitRepository object (source-controller) and it was able to pull the source but the same secret isn't working with image-automation, it may be that the secret lacks write permission to the repository.
Without details about the GitRepository and how it authenticates, can't say much. Please check if the git authentication mechanism has write access. Also please check the logs for any relevant information when this failure happens.
image repository result:
Normal Succeeded 33m image-reflector-controller successful scan: found 3 tags
Normal Succeeded 3m10s (x6 over 28m) image-reflector-controller no new tags found, next scan in 5m0s
image policy result:Normal Succeeded 97s (x21 over 36m) image-reflector-controller Latest image tag for registry.gitlab.com/repo/image:0.0.2' resolved to 0.0.2
But image update the result is:Warning error 64s (x11 over 13m) image-automation-controller authorization failed