Harness CI - Build and Push to ECR - EOF error

gleise.teixeira · October 19, 2022, 2:45pm

Hi,

I’m using the Delegate in an EKS cluster, and the AWS Connector is configured using IRSA.

The pipeline is pulling the images from private repositories from ECR, but when I try to push the application image using the “Build and Push to ECR,” I get the following error:

+ /kaniko/executor --dockerfile=/harness/docker/Dockerfile --context=dir:///harness/ --destination=<aws-account-id>.dkr.ecr.sa-east-1.amazonaws.com/hermod:latest --snapshotMode=redo --digest-file=/kaniko/digest-file
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: checking push permission for "<aws-account-id>.dkr.ecr.sa-east-1.amazonaws.com/hermod:latest": Post "https://<aws-account-id>.dkr.ecr.sa-east-1.amazonaws.com/v2/hermod/blobs/uploads/": EOF
exit status 1

I tested the role configured on the service account, and I was able to push an image to the repository. So I don’t think it is a matter of permission.

Looking at the logs, I’ve found the following error message:

commands: "/kaniko/kaniko-ecr"
error: "failed to read artifact file: /addon/tmp/.plugin/artifact: open /addon/tmp/.plugin/artifact: no such file or directory"
errorVerbose: "open /addon/tmp/.plugin/artifact: no such file or directory\\nfailed to read artifact file: /addon/tmp/.plugin/artifact\\ngithub.com/harness/harness-core/product/ci/addon/artifact.ParseArtifactFromFile\\n\\tproduct/ci/addon/artifact/artifact.go:73\\ngithub.com/harness/harness-core/product/ci/addon/artifact.GetArtifactProtoFromFile\\n\\tproduct/ci/addon/artifact/artifact.go:57\\ngithub.com/harness/harness-core/product/ci/addon/tasks.(*pluginTask).execute\\n\\tproduct/ci/addon/tasks/plugin.go:188\\ngithub.com/harness/harness-core/product/ci/addon/tasks.(*pluginTask).Run\\n\\tproduct/ci/addon/tasks/plugin.go:111\\ngithub.com/harness/harness-core/product/ci/addon/grpc.(*handler).ExecuteStep\\n\\tproduct/ci/addon/grpc/handler.go:91\\ngithub.com/harness/harness-core/product/ci/addon/proto._Addon_ExecuteStep_Handler\\n\\tbazel-out/k8-fastbuild/bin/product/ci/addon/proto/ciaddonpb_go_proto_/github.com/harness/harness-core/product/ci/addon/proto/addon.pb.go:490\\ngoogle.golang.org/grpc.(*Server).processUnaryRPC\\n\\texternal/org_golang_google_grpc/server.go:1282\\ngoogle.golang.org/grpc.(*Server).handleStream\\n\\texternal/org_golang_google_grpc/server.go:1616\\ngoogle.golang.org/grpc.(*Server).serveStreams.func1.2\\n\\texternal/org_golang_google_grpc/server.go:921\\nruntime.goexit\\n\\tsrc/runtime/asm_amd64.s:1571\"

Does someone knows what is happening and how to debug the Kaniko container?

gleise.teixeira · October 21, 2022, 6:10pm

I’ve found the solution.
I had to configure the service account in the advanced infrastructure configuration:

          infrastructure:
            type: KubernetesDirect
            spec:
              connectorRef: test-connector
              namespace: harness-delegate-ng
              serviceAccountName: **harness-delegate-sa**
              automountServiceAccountToken: true
              nodeSelector: {}
              os: Linux

And another thing I had to do was create a Run step before the “Build and Push to ECR” step to run the command:

aws ecr get-login-password --region <aws_region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com

Now the pipeline is working.

Krishika_Singh · October 26, 2022, 8:37am

hey @gleise.teixeira , that’s great! Do let us know if there are any other issues you are facing?Thanks

dhruvvjyoti · October 27, 2022, 8:52am

Hey @gleise.teixeira
Can you share the screenshot of the pipeline you created?