The AWS Elastic Container Registry at region eu-west-1 does not support downloading packages on the Octopus Server

cwh · 26 August 2020 09:24

Hi, i’m trying to deploy to a Kubernetes cluster using the “Deploy raw Kubernetes YAML” step but my deployment is failing on “The AWS Elastic Container Registry at region eu-west-1 does not support downloading packages on the Octopus Server.”

I’m using YAML Source from “File inside a package” that is located on Amazon ECR. I can search for packages from the feed, so that seems to be working.

I can also deploy to the cluster if I simply copy the YAML to Octopus using the “Source code” option.

Any ideas? I’m running Octopus v2019.13.7

ServerTasks-109009.log.txt (3.7 KB)

paul.calvert · 26 August 2020 09:57

Hi @cwh,

Thanks for getting in touch!

My initial thought would be that perhaps the AWS credentials haven’t got the necessary permissions to pull the package onto the Octopus Server.
Are you able to test this outside of Octopus and perform a download of that package using the same credentials and the AWS CLI?

Regards,
Paul

cwh · 26 August 2020 12:52

Hi, thanks for the reply. I can now see the package details on the release page after I gave the user in AWS permissions to ecr:* but the same error still occurs.

I can pull the image down locally with the user I am using in Octopus.

But is it the package feed or the Kubernetes user that is pulling the image/package? It is only the package feed user that has access to ECR at the moment.

Kubernetes user:

Package feed user:

paul.calvert · 26 August 2020 12:56

It should be the package feed user that is being used for the download, but it may be worth increasing the kubernetes user permissions and testing that. It could be that there is a bug here and Octopus is grabbing the wrong account.

cwh · 26 August 2020 13:12

I tried giving the EKS user access to ecr:*, but it did not solve the problem. Same issue

Can I provide any additional information? I’m a bit lost as to why it’s not working.

paul.calvert · 26 August 2020 14:26

I’m going to reach out to our engineers to get some more input on this.

I’ve been having issues attempting to replicate this most of the day and just discovered that we actually have a bug with the ECR external feed in 2020.3.1 that was tripping me up.
So, unrelated, but don’t update your Octopus Server until you see a fix go out for: https://github.com/OctopusDeploy/Issues/issues/6495

paul.calvert · 27 August 2020 05:44

I’ve had a chat with the engineers and we believe that this
feature coming in 2020.4.0 may be what you need.
The current configuration you’re using is expecting a zip or nupkg that contains a YAML file that octopus can extract.

When using the ECR feed octopus expects to find docker images so it doesn’t attempt to download it, hence the error message.

The new feature will allow you to reference the image without needing to download it.

cwh · 27 August 2020 06:13

When using the ECR feed octopus expects to find docker images so it doesn’t attempt to download it, hence the error message.

I guess it doesn’t support Docker images because it cant run the image and extract the yaml file?

So in theory if I reference a Nuget package feed instead of a ECR feed, it should work?

What I want is to not have the yaml file as part of Octopus but as part of my repository so it’s all in one place.

paul.calvert · 27 August 2020 06:27

That’s correct, if the YAML file is inside a nupkg and accessed via a nuget feed then this should work.

cwh · 27 August 2020 07:07

Great, i’ll do that then. Thanks for the help.

system · 27 September 2020 07:07

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.