Unauthorized 401 for ImageRepository resources for ECR
Closed this issue · 2 comments
Getting the following logs on my image reflector controller pod (omitted account id and repository name).
scan failed: GET https://XXXXXXXX.dkr.ecr.us-east-2.amazonaws.com/v2/XXXXXXXX/tags/list?n=1000: unexpected status code 401 Unauthorized: Not Authorized\n","controller":"imagerepository","controllerGroup":"image.toolkit.fluxcd.io","controllerKind":"ImageRepository","ImageRepository":{"name":"XXXXXXX","namespace":"flux-system"},"namespace":"flux-system","name":"XXXXXXXXX","reconcileID":"cf8bc88c-2ec1-4a4a-bfa0-e8dbb0d48174","error":"ReadOperationFailed"}
scan failed: GET unexpected status code 401 Unauthorized: Not Authorized
When inspecting the ImageRepositories that are throwing unauthorized errors, I can see that the latests tags are being picked up 'successful scan: found 3 tags' with the correct tags being listed, so I am unsure why the image reflector controller is throwing errors.
I am currently running flux v0.41.2 in AWS EKS kubernetes version 1.24.
I am using IRSA for authentication with the ImageRepository resource provider set to aws.
Help would be greatly appreciated 🙏
Hey @dhf22 ,
It could be that log was an old one, probably when IRSA hadn't been set up properly but it was eventually resolved since the image repo reports a ready status. Do you see newer logs in the image reflector controller saying the scan was successful?
(Additionally, you can also upgrade to the latest version of flux if you are still seeing any issues)
Hi @somtochiama ,
Really strange, I had a brief period of getting scan was successful in the logs, as well as logging in to AWS ECR for xxx.dkr.ecr but it goes back to reconciler error not authorized / scan failed.
Functionally I think the images are being pulled correctly so I will try to upgrade to the latests flux and see if that helps.