What I am trying to accomplish:
I have a k8s cluster running remotely on aws cloud. I am trying to test a helm chart deploy that I wrote for an internal app. In order to auth with ECR, I am following this k8s documentation:
Following the above docs, I set a secret which I confirmed exists in the proper namespace on the cluster:
frontend % kubectl get secret regcred -n auth -o jsonpath='{.data.*}' | base64 -d
{"auths":{"https://**.dkr.ecr.us-east-2.amazonaws.com":{"username":"AWS","password":"***"}}}%
When I deploy with helm I get :
kubelet Error: ImagePullBackOff
When describing the pod, the details of the error message are:
Failed to pull image "**.dkr.ecr.us-east-2.amazonaws.com/ndap/login": rpc error: code = Unknown desc = failed to pull and unpack image "**.dkr.ecr.us-east-2.amazonaws.com/ndap/login:latest": failed to resolve reference "**.dkr.ecr.us-east-2.amazonaws.com/ndap/login:latest": pulling from host **.dkr.ecr.us-east-2.amazonaws.com failed with status code [manifests latest]: 403 Forbidden
So my question is: Why isn’t Kubernetes able to authenticate with ECR using the secret and successfully pull the image when running the helm command? Is the 403 possibly caused by another permissions issue? Is there anything wrong with my process here? Thank you for your time.
For reference, my deployment YAML file in the helm chart:
apiVersion: apps/v1
kind: Deployment
metadata:
name: login
labels:
app: login
spec:
replicas: 1
selector:
matchLabels:
app: login
template:
metadata:
labels:
app: login
anti-affinity: soft
logging.all: "True"
role.compute: "True"
telemetry.all: "True"
spec:
containers:
- name: "web"
image: {{ .Values.image.repository }}
imagePullPolicy: "Always"
ports:
- name: "web"
containerPort: 80
imagePullSecrets:
- name: regcred
Cluster information:
Kubernetes version:v1.25.2
Cloud being used: AWS