You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Version checker is deployed on EKS with IAM role attached to service account with read only access to ECR.
Getting AccessDeniedException for image 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/aws-ebs-csi-driver
As per document https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html Read only access to ecr is already given.
time="2024-03-20T09:55:03Z" level=error msg="error syncing 'ebs-csi-node-dvwxj/kube-system': failed to sync pod ebs-csi-node-dvwxj/kube-system:
failed to check container image \"ebs-plugin\": failed to get tags from remote registry for \"602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/aws-ebs-csi-driver\":
failed to describe images: AccessDeniedException: User: arn:aws:sts::xxxxxxx:assumed-role/version-checker-role/1710928471956841718 is not authorized
to perform: ecr:DescribeImages on resource: arn:aws:ecr:us-east-1:602401143452:repository/eks/aws-ebs-csi-driver because no resource-based policy allows
the ecr:DescribeImages action\n\tstatus code: 400, request id: 4698a080-c6ec-4869-b17e-d67b0aaedfc4,failed to check container image \"node-driver-registrar\":
failed to get tags from remote registry for \"602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/csi-node-driver-registrar\": failed to describe images:
AccessDeniedException: User: arn:aws:sts::xxxxxxxx:assumed-role/version-checker-role/1710928471956841718 is not authorized to perform: ecr:DescribeImages
on resource: arn:aws:ecr:us-east-1:602401143452:repository/eks/csi-node-driver-registrar because no resource-based policy allows the ecr:DescribeImages
action\n\tstatus code: 400, request id: d619d42a-360e-4e44-b027-d64ddc84db43,failed to check container image \"liveness-probe\": failed to get tags from remote
registry for \"602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/livenessprobe\": failed to describe images: AccessDeniedException: User: arn:aws:sts::xxxxxxx:assumed-role/version-checker-role/1710928471956841718
is not authorized to perform: ecr:DescribeImages on resource: arn:aws:ecr:us-east-1:602401143452:repository/eks/livenessprobe because no resource-based policy allows the ecr:DescribeImages action\n\tstatus code:
400, request id: 090fc9fb-4b95-40ec-9d2a-bd31323beb52, requeuing" module=controller
The text was updated successfully, but these errors were encountered:
Version checker is deployed on EKS with IAM role attached to service account with read only access to ECR.
Getting AccessDeniedException for image 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/aws-ebs-csi-driver
As per document https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html Read only access to ecr is already given.
The text was updated successfully, but these errors were encountered: