Skip to content

fix: bump deps for k8schain to fix ecr-login #14008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
terrytangyuan merged 1 commit into from
Feb 4, 2025
Merged

fix: bump deps for k8schain to fix ecr-login #14008

terrytangyuan merged 1 commit into from
Feb 4, 2025

Conversation

@Joibel
Copy link
Member

@Joibel Joibel commented Dec 16, 2024

Speculatively fixes #13947

Motivation

Users of magically logged into ECR appears to have broken in 3.6. It's unclear if this is IRSA that's broken at this stage.

Modifications

Bump everything used by container_registry_index.go

go get  github.com/google/go-containerregistry/pkg/authn/k8schain 
go get github.com/awslabs/amazon-ecr-credential-helper/ecr-login
go get  github.com/google/go-containerregistry/pkg/v1/remote
go get  github.com/google/go-containerregistry/pkg/name
go mod tidy

Verification

Untested. This won't be merged unless someone verifies that it helps.

If you are interested in testing this please build your own image using make workflow-controller-image. I can build one for you, but you shouldn't take random images from a stranger on the internet really.

@Joibel Joibel mentioned this pull request Dec 16, 2024
Closed
4 tasks
tooptoop4
tooptoop4 suggested changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@tooptoop4 tooptoop4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need https://github.com/tektoncd/pipeline/pull/7921/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R143

@Joibel
Copy link
Member Author

Joibel commented Dec 23, 2024

need https://github.com/tektoncd/pipeline/pull/7921/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R143

@tooptoop4 Have you verified this? We're not apparently pulling in github.com/aws/aws-sdk-go-v2 below 1.23.0.

@tooptoop4
Copy link
Contributor

tooptoop4 commented Dec 23, 2024

https://github.com/google/go-containerregistry/blob/main/pkg/authn/k8schain/go.mod#L31

@lens0021
Copy link

lens0021 commented Jan 10, 2025
edited
Loading

If you are interested in testing this please build your own image using make workflow-controller-image.

I've tried this, built an image and deployed it. I added the following values as I am using the helm chart.

  controller:
    image:
      registry: [MY_REGISTIRY]
      repository: [REPOSITORY]
      tag: argo-workflows-3.6.2-gh-14008

After doing that, the workflows which has a private image served by AWS ECR (400721425664.dkr.ecr.ap-northeast-2.amazonaws.com/platform-service) succeed to run, though on 3.6.2.

@Joibel Is there another thing I can do to help this will be merged?

@Joibel Joibel marked this pull request as ready for review January 27, 2025 09:21
@Joibel
fix: bump deps for k8schain to fix ecr-login
64c8eaf 
Signed-off-by: Alan Clucas <alan@clucas.org>
terrytangyuan
terrytangyuan approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@terrytangyuan terrytangyuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@terrytangyuan terrytangyuan merged commit 63b9e90 into argoproj:main Feb 4, 2025
31 checks passed
@Joibel
Copy link
Member Author

Joibel commented Feb 5, 2025

/cherry-pick release-3.6

Joibel added a commit that referenced this pull request Feb 10, 2025
@Joibel
fix: bump deps for k8schain to fix ecr-login (#14008)
208a603 
Signed-off-by: Alan Clucas <alan@clucas.org>
(cherry picked from commit 63b9e90)
@Joibel Joibel mentioned this pull request Feb 10, 2025
Merged
Joibel added a commit that referenced this pull request Feb 10, 2025
@Joibel
fix: bump deps for k8schain to fix ecr-login (#14008)
31d1b2e 
Signed-off-by: Alan Clucas <alan@clucas.org>
(cherry picked from commit 63b9e90)
@Joibel
Copy link
Member Author

Joibel commented Feb 11, 2025

I failed to backport this (it fails to automatically backport and I forgot the manual version). It's in progress and will be in the next 3.6 release, which I'll try to do sooner rather than later.

Joibel added a commit that referenced this pull request Feb 11, 2025
@Joibel
fix: bump deps for k8schain to fix ecr-login (#14008) (release-3.6 ch…
a3b9373 
…erry-pick) (#14174)
stefan01 pushed a commit to stefan01/argo-workflows that referenced this pull request Feb 14, 2025
@Joibel @stefan01
fix: bump deps for k8schain to fix ecr-login (argoproj#14008)
a16ec6e 
Signed-off-by: Alan Clucas <alan@clucas.org>
@emeier
Copy link

emeier commented Feb 14, 2025

@Joibel thanks for this fix! we're doing some cluster migrations and this is currently blocking us, don't want to go back to 3.5 so eagerly awaiting the release.

kim-codefresh added a commit to codefresh-io/argo-workflows that referenced this pull request May 20, 2025
@kim-codefresh @Joibel
@gcp-cherry-pick-bot @tico24 @rogpeppe @MasonM @vnzongzna @dependabot @rohankmr414 @nixphix @jumpe1 @ryancurrah @Adrien-D @blkperl @isubasinghe @jswxstw
feat: sync release 3.6 to upstream 3.6.7 for small changes and vulner…
74e1203 
…abilities fixes (Cr 28355) (#358)

* fix: bump deps for k8schain to fix ecr-login (argoproj#14008) (release-3.6 cherry-pick) (argoproj#14174)

* fix(ci): python sdk release process (release-3.6) (argoproj#14183)

Signed-off-by: Alan Clucas <alan@clucas.org>

* docs: clarify qps/burst on controller (cherry-pick argoproj#14190) (argoproj#14192)

Signed-off-by: Tim Collins <tim@thecollins.team>
Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com>

* fix(api/jsonschema): use unchanging JSON Schema version (cherry-pick argoproj#14092) (argoproj#14256)

Signed-off-by: Roger Peppe <rogpeppe@gmail.com>
Co-authored-by: Roger Peppe <rogpeppe@gmail.com>

* fix(api/jsonschema): use working `$id` (cherry-pick argoproj#14257) (argoproj#14258)

Signed-off-by: Roger Peppe <rogpeppe@gmail.com>
Co-authored-by: Roger Peppe <rogpeppe@gmail.com>

* docs: autogenerate tested k8s versions and centralize config (argoproj#14176) (release-3.6) (argoproj#14262)

Signed-off-by: Mason Malone <651224+MasonM@users.noreply.github.com>
Signed-off-by: Alan Clucas <alan@clucas.org>
Co-authored-by: Mason Malone <651224+MasonM@users.noreply.github.com>

* chore(deps): bump minio-go to newer version (argoproj#14185) (release-3.6) (argoproj#14261)

Co-authored-by: Vaibhav Kaushik <vaibhavkaushik@salesforce.com>

* fix: split pod controller from workflow controller (argoproj#14129) (release-3.6) (argoproj#14263)

* chore(deps): fix snyk (argoproj#14264) (release-3.6) (argoproj#14268)

* chore: revert to correct k8s versions

Accidental bump from argoproj#14176 cherry-pick

Signed-off-by: Alan Clucas <alan@clucas.org>

* chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 in the go_modules group (cherry-pick argoproj#14231) (argoproj#14269)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: wait for workflow informer to sync before pod informer (cherry-pick argoproj#14248) (argoproj#14266)

Signed-off-by: Rohan K <rohankmr414@gmail.com>
Co-authored-by: Rohan K <rohankmr414@gmail.com>

* fix(cli): remove red from log colour selection. Fixes argoproj#6740 (cherry-pick argoproj#14215) (argoproj#14278)

Signed-off-by: Prabakaran Kumaresshan <4676330+nixphix@users.noreply.github.com>
Co-authored-by: Prabakaran Kumaresshan <4676330+nixphix@users.noreply.github.com>

* fix: correct semaphore configmap keys for multiple semaphores (argoproj#14184) (release-3.6) (argoproj#14281)

* fix: don't print help for non-validation errors. Fixes argoproj#14234 (cherry-pick argoproj#14249) (argoproj#14283)

Signed-off-by: Koichi Shimada <jumpe1programming@gmail.com>
Signed-off-by: Mason Malone <651224+MasonM@users.noreply.github.com>
Co-authored-by: koichi <51446844+jumpe1@users.noreply.github.com>
Co-authored-by: Mason Malone <651224+MasonM@users.noreply.github.com>

* docs: fix kubernetes versions (release-3.6) (argoproj#14273)

Signed-off-by: Alan Clucas <alan@clucas.org>

* fix(workflow/sync): use RWMutex to prevent concurrent map access (cherry-pick argoproj#14321) (argoproj#14322)

Signed-off-by: Ryan Currah <ryan@currah.ca>
Co-authored-by: Ryan Currah <ryan@currah.ca>

* chore(lint): update golangci-lint to 2.1.1 (argoproj#14390) (cherry-pick release-3.6) (argoproj#14417)

* chore: bump golang 1.23->1.24 (argoproj#14385) (cherry-pick release-3.6) (argoproj#14418)

* fix: gracefully handle invalid CronWorkflows and simplify logic.  (cherry-pick argoproj#14197) (argoproj#14419)

Signed-off-by: Mason Malone <651224+MasonM@users.noreply.github.com>

* fix: prevent dfs sorter infinite recursion on cycle. Fixes argoproj#13395 (cherry-pick argoproj#14391) (argoproj#14420)

Signed-off-by: Adrien Delannoy <a.delannoyfr@gmail.com>
Co-authored-by: Adrien Delannoy <a.delannoyfr@gmail.com>

* chore(deps): bump github.com/expr-lang/expr from 1.16.9 to 1.17.0 (argoproj#14307) (release-3.6) (argoproj#14421)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)!: update k8s and argo-events (release-3.6) (argoproj#14424)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: william.vanhevelingen <william.vanhevelingen@acquia.com>
Signed-off-by: Mason Malone <651224+MasonM@users.noreply.github.com>
Signed-off-by: William Van Hevelingen <william.vanhevelingen@acquia.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: William Van Hevelingen <William.VanHevelingen@acquia.com>
Co-authored-by: Mason Malone <651224+MasonM@users.noreply.github.com>

* fix: correct retry logic (argoproj#13734) (release-3.6) (argoproj#14428)

Signed-off-by: isubasinghe <isitha@pipekit.io>
Signed-off-by: Alan Clucas <alan@clucas.org>
Co-authored-by: Isitha Subasinghe <isitha@pipekit.io>

* fix: manual retries exit handler cleanup. Fixes argoproj#14180 (argoproj#14181) (release-3.6) (argoproj#14429)

Signed-off-by: isubasinghe <isitha@pipekit.io>
Signed-off-by: Alan Clucas <alan@clucas.org>
Co-authored-by: Isitha Subasinghe <isitha@pipekit.io>

* fix: correct manual retry logic. Fixes argoproj#14124 (argoproj#14328) (release-3.6) (argoproj#14430)

Signed-off-by: oninowang <oninowang@tencent.com>
Signed-off-by: Alan Clucas <alan@clucas.org>
Co-authored-by: jswxstw <jswxstw@gmail.com>

* fix: disable ALPN in argo-server as a workaround (argoproj#14433)

Signed-off-by: Alan Clucas <alan@clucas.org>

* result of codegen

Signed-off-by: Kim <kim.aharfi@codefresh.io>

* fix:lint

Signed-off-by: Kim <kim.aharfi@codefresh.io>

---------

Signed-off-by: Alan Clucas <alan@clucas.org>
Signed-off-by: Tim Collins <tim@thecollins.team>
Signed-off-by: Roger Peppe <rogpeppe@gmail.com>
Signed-off-by: Mason Malone <651224+MasonM@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Rohan K <rohankmr414@gmail.com>
Signed-off-by: Prabakaran Kumaresshan <4676330+nixphix@users.noreply.github.com>
Signed-off-by: Koichi Shimada <jumpe1programming@gmail.com>
Signed-off-by: Ryan Currah <ryan@currah.ca>
Signed-off-by: Adrien Delannoy <a.delannoyfr@gmail.com>
Signed-off-by: william.vanhevelingen <william.vanhevelingen@acquia.com>
Signed-off-by: William Van Hevelingen <william.vanhevelingen@acquia.com>
Signed-off-by: isubasinghe <isitha@pipekit.io>
Signed-off-by: oninowang <oninowang@tencent.com>
Signed-off-by: Kim <kim.aharfi@codefresh.io>
Co-authored-by: Alan Clucas <alan@clucas.org>
Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Co-authored-by: Tim Collins <45351296+tico24@users.noreply.github.com>
Co-authored-by: Roger Peppe <rogpeppe@gmail.com>
Co-authored-by: Mason Malone <651224+MasonM@users.noreply.github.com>
Co-authored-by: Vaibhav Kaushik <vaibhavkaushik@salesforce.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rohan K <rohankmr414@gmail.com>
Co-authored-by: Prabakaran Kumaresshan <4676330+nixphix@users.noreply.github.com>
Co-authored-by: koichi <51446844+jumpe1@users.noreply.github.com>
Co-authored-by: Ryan Currah <ryan@currah.ca>
Co-authored-by: Adrien Delannoy <a.delannoyfr@gmail.com>
Co-authored-by: William Van Hevelingen <William.VanHevelingen@acquia.com>
Co-authored-by: Isitha Subasinghe <isitha@pipekit.io>
Co-authored-by: jswxstw <jswxstw@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@terrytangyuan terrytangyuan terrytangyuan approved these changes

+1 more reviewer

@tooptoop4 tooptoop4 tooptoop4 requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

401 Unauthorized when looking for entrypoint/cmd of an image hosted on a private AWS ECR with v3.6.0

5 participants

@Joibel @tooptoop4 @lens0021 @emeier @terrytangyuan