Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bump deps for k8schain to fix ecr-login #14008

Merged
merged 1 commit into from
Feb 4, 2025
Merged

fix: bump deps for k8schain to fix ecr-login #14008

merged 1 commit into from
Feb 4, 2025

Conversation

Joibel
Copy link
Member

@Joibel Joibel commented Dec 16, 2024

Speculatively fixes #13947

Motivation

Users of magically logged into ECR appears to have broken in 3.6. It's unclear if this is IRSA that's broken at this stage.

Modifications

Bump everything used by container_registry_index.go

go get  github.com/google/go-containerregistry/pkg/authn/k8schain 
go get github.com/awslabs/amazon-ecr-credential-helper/ecr-login
go get  github.com/google/go-containerregistry/pkg/v1/remote
go get  github.com/google/go-containerregistry/pkg/name
go mod tidy

Verification

Untested. This won't be merged unless someone verifies that it helps.

If you are interested in testing this please build your own image using make workflow-controller-image. I can build one for you, but you shouldn't take random images from a stranger on the internet really.

@Joibel Joibel mentioned this pull request Dec 16, 2024
Closed
4 tasks
tooptoop4
tooptoop4 suggested changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@tooptoop4 tooptoop4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need https://github.com/tektoncd/pipeline/pull/7921/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R143

@Joibel
Copy link
Member Author

Joibel commented Dec 23, 2024

need https://github.com/tektoncd/pipeline/pull/7921/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R143

@tooptoop4 Have you verified this? We're not apparently pulling in github.com/aws/aws-sdk-go-v2 below 1.23.0.

@tooptoop4
Copy link
Contributor

https://github.com/google/go-containerregistry/blob/main/pkg/authn/k8schain/go.mod#L31

@lens0021
Copy link

lens0021 commented Jan 10, 2025
edited
Loading

If you are interested in testing this please build your own image using make workflow-controller-image.

I've tried this, built an image and deployed it. I added the following values as I am using the helm chart.

  controller:
    image:
      registry: [MY_REGISTIRY]
      repository: [REPOSITORY]
      tag: argo-workflows-3.6.2-gh-14008

After doing that, the workflows which has a private image served by AWS ECR (400721425664.dkr.ecr.ap-northeast-2.amazonaws.com/platform-service) succeed to run, though on 3.6.2.

@Joibel Is there another thing I can do to help this will be merged?

@Joibel Joibel marked this pull request as ready for review January 27, 2025 09:21
@Joibel
fix: bump deps for k8schain to fix ecr-login
64c8eaf 
Signed-off-by: Alan Clucas <alan@clucas.org>
terrytangyuan
terrytangyuan approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@terrytangyuan terrytangyuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@terrytangyuan terrytangyuan merged commit 63b9e90 into argoproj:main Feb 4, 2025
31 checks passed
@Joibel
Copy link
Member Author

Joibel commented Feb 5, 2025

/cherry-pick release-3.6

Joibel added a commit that referenced this pull request Feb 10, 2025
@Joibel
fix: bump deps for k8schain to fix ecr-login (#14008)
208a603 
Signed-off-by: Alan Clucas <alan@clucas.org>
(cherry picked from commit 63b9e90)
@Joibel Joibel mentioned this pull request Feb 10, 2025
Merged
Joibel added a commit that referenced this pull request Feb 10, 2025
@Joibel
fix: bump deps for k8schain to fix ecr-login (#14008)
31d1b2e 
Signed-off-by: Alan Clucas <alan@clucas.org>
(cherry picked from commit 63b9e90)
@Joibel
Copy link
Member Author

Joibel commented Feb 11, 2025

I failed to backport this (it fails to automatically backport and I forgot the manual version). It's in progress and will be in the next 3.6 release, which I'll try to do sooner rather than later.

Joibel added a commit that referenced this pull request Feb 11, 2025
@Joibel
fix: bump deps for k8schain to fix ecr-login (#14008) (release-3.6 ch…
a3b9373 
…erry-pick) (#14174)
stefan01 pushed a commit to stefan01/argo-workflows that referenced this pull request Feb 14, 2025
@Joibel @stefan01
fix: bump deps for k8schain to fix ecr-login (argoproj#14008)
a16ec6e 
Signed-off-by: Alan Clucas <alan@clucas.org>
@emeier
Copy link

emeier commented Feb 14, 2025

@Joibel thanks for this fix! we're doing some cluster migrations and this is currently blocking us, don't want to go back to 3.5 so eagerly awaiting the release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tooptoop4 tooptoop4 tooptoop4 requested changes

@terrytangyuan terrytangyuan terrytangyuan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

401 Unauthorized when looking for entrypoint/cmd of an image hosted on a private AWS ECR with v3.6.0
5 participants
@Joibel @tooptoop4 @lens0021 @emeier @terrytangyuan