Cannot deploy from AWS ECR if repository name has forward slash #1625
Description
Description
I deployed a web service using the template to pull from a Docker registry, AWS ECR in this case. I've granted full ECR access to the IAM user used by Porter but I get a 401 Unauthorized error when pulling the image (account ID and image name obfuscated):
Normal Pulling Pulling image "1234.dkr.ecr.eu-central-1.amazonaws.com/lenn4rd/image:latest"
Warning Failed Failed to pull image "1234.dkr.ecr.eu-central-1.amazonaws.com/lenn4rd/image:latest": rpc error: code = Unknown desc = failed to pull and unpack image "1234.dkr.ecr.eu-central-1.amazonaws.com/lenn4rd/image:latest": failed to resolve reference "1234.dkr.ecr.eu-central-1.amazonaws.com/lenn4rd/image:latest": pulling from host 1234.dkr.ecr.eu-central-1.amazonaws.com failed with status code [manifests latest]: 401 Unauthorized
Warning Failed Error: ErrImagePull
Normal BackOff Back-off pulling image "1234.dkr.ecr.eu-central-1.amazonaws.com/lenn4rd/image:latest"
Warning Failed Error: ImagePullBackOff
Note the ECR repository has a forward slash in its name which is an allowed character in AWS but seems to break the image pull in Porter, as discovered after I posted to the Discord #help channel.
I can docker push and docker pull using the same Porter credentials to login to ECR.
Location
- Browser
- CLI
- API
Steps to reproduce
- Create an AWS ECR repository with a forward slash in its name
- Create and deploy a web service in Porter using an image from this registry
- Deployment fails with
Error: ErrImagePullandError: ImagePullBackOffand doesn't recover
Additional Details
IAM credentials and policies are valid and permissive enough so the Unauthorized error message is misleading.