man*_*oza 2 amazon-ecr kubernetes-helm
我有一个舵图,我想推送到 ECR,但我一直点击 401 Unauthorized。
$ helm chart list
REF NAME VERSION DIGEST SIZE CREATED
myecr.us-east-2.amazonaws.com/hello-world hello-world 1.0.0+1 6c7c951 135.3 KiB 23 hours
$ helm chart push myecr.us-east-2.amazonaws.com/hello-world:1.0.0
The push refers to repository [1myecr.us-east-2.amazonaws.com/helloworld]
ref: myecr.us-east-2.amazonaws.com/hello-world:1.0.0
digest: 6c7c9512d309b04816afd17dcdaaa64d0492550d8e290155973ddab125815da7
size: 135.3 KiB
name: hello-world
version: 1.0.0+1
Error: unexpected response: 401 Unauthorized
我还尝试使用 helm 对 ECR 进行身份验证,helm registry login myecr.us-east-2.amazonaws.com但我从中获得的凭据aws sts get-caller-identity不起作用。
$ aws sts get-caller-identity
{
"UserId": "<USERID>",
"Account": "<Account>",
"Arn": "arn:aws:iam::<Account>:user/foo"
}
$ helm registry login myecr.us-east-2.amazonaws.com
Username: <USERID>
Password:
Error: login attempt to https://myecr.us-east-2.amazonaws.com/v2/ failed with status: 401 Unauthorized
我的掌舵版本是 v3.0.2。helm 不支持 ECR 作为图表的注册表吗?
我找到了答案,所以我正在回答我自己的问题。
要使用 ECR 对 helm 进行身份验证,请运行:
TOKEN=`aws ecr get-login --region ${REGION} --registry-ids ${ACCOUNT} | cut -d' ' -f6`
helm registry login myecr.us-east-2.amazonaws.com
Username: AWS
Password: $TOKEN
以上将使用 ECR 对 helm 进行身份验证,但是,看起来 ECR 不支持 ORAS(OCI Registry As Storage)。换句话说,您还不能将掌舵图推向它。
$ helm chart push myecr.us-east-2.amazonaws.com/hello-world:1.0.0
The push refers to repository [myecr.us-east-2.amazonaws.com/hello-world]
ref: myecr.us-east-2.amazonaws.com/hello-world:2.0.0
digest: 6c7c9512d309b04816afd17dcdaaa64d0492550d8e290155973ddab125815da7
size: 135.3 KiB
name: hello-world
version: 1.0.0+1
Error: failed commit on ref "manifest-sha256:262e1e34f4762606ec011c776944636c003969a2cfb289776fa0f7c26883f7ad": unexpected status: 405 Method Not Allowed
该问题在此处跟踪:https : //github.com/aws/containers-roadmap/issues/308
更新: ECR 对 helm chart 的支持是实时的https://docs.aws.amazon.com/AmazonECR/latest/userguide/push-oci-artifact.html