How to update docker registry secret?

Question

How to update docker registry secret?

MikhailKravets opened this issue a year ago · 2 comments

Hello! I've found the next problem with the docker secrets.

Problem Description

I've updated my AWS ECR registry password. Now I recreate yatai-regcred secret in yatai namespace

kubectl create secret docker-registry yatai-regcred 
  --docker-server=${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com \
  --docker-username=AWS \
  --docker-password=$(aws ecr get-login-password) \
  --namespace=yatai

Then I go to Yatai Dashboard and create new Deployment. Somehow it resets yatai-regcred to the previous state with the old password.

Dashboard deployment prints the following error

[2023-05-29 13:44:54] [BentoDeployment] [g] [ReconcileError] Failed to reconcile BentoDeployment: BentoRequest yatai/iris-2--h-5-bxdyx-6-bgnmsaib is not available: check image xxx.dkr.ecr.eu-north-1.amazonaws.com/yatai-bentos:yatai.iris2.h5bxdyx6bgnmsaib exists: create docker registry client for https://xxx.dkr.ecr.eu-north-1.amazonaws.com: Get "https://xxx.dkr.ecr.eu-north-1.amazonaws.com/v2/": http: non-successful response (status=403 body="{\"errors\":[{\"code\":\"DENIED\",\"message\":\"Your authorization token has expired. Reauthenticate and try again.\"}]}\n")

I've also updated docker password in yatai-image-builder-env secret from yatai-image-builder.

Reinstallation of yatai-deployment and yatai-image-builder helps but it's not an answer :)

Answer 1 · 2023-05-29T15:19:57.000Z

If you use the ECR as a container registry, you can only use it in this way:

Do not use the password as it has expired.

https://docs.bentoml.org/projects/yatai/en/latest/installation/yatai_image_builder.html#prepare-container-registry

Answer 2 · 2023-05-29T17:14:46.000Z

Thanks for the answer @yetone. Is it possible to use AWS ECR outside of Amazon EKS then?