version-checker throws "failed to describe images" error when version-checker and ECR repository are in different region #146
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue
version-checker application runs as part of EKS cluster in eu-central-1 region. The ECR repository that it tries to get the tags from located in a seperate AWS account in us-west-2 region. With this setup, following error is seen in the version-checker logs:
time="2024-01-09T17:54:56Z" level=error msg="error syncing 'argus-publisher-387p426c44-n5pwl/lz': failed to sync pod argus-publisher-387p426c44-n5pwl/lz: failed to check container image \"argus-metrics\": failed to get tags from remote registry for \"1484434948134dkr.ecr.us-west-2.amazonaws.com/custom/argus-metrics\": failed to describe images: AccessDeniedException: User: arn:aws:sts::607038281239:assumed-role/de2-fra5-zpa-eks-version-checker/1704822283073328680 is not authorized to perform: ecr:DescribeImages on resource: arn:aws:ecr:eu-central-1:1484434948134dkr:repository/custom/argus-metrics because no resource-based policy allows the ecr:DescribeImages action\n\tstatus code: 400, request id: a28df8d3-b5cf-482b-ba79-3c318296b203, requeuing" module=controllerAs seen in the above error the ECR arn is incorrectly refrenced as
arn:aws:ecr:eu-central-1:1484434948134dkr:repository/custom/argus-metricsinstead ofarn:aws:ecr:us-west-2:1484434948134dkr:repository/custom/argus-metricsRef: https://github.com/jetstack/version-checker/blob/main/pkg/client/ecr/ecr.go#L42-L49
The text was updated successfully, but these errors were encountered: