Unable to Access Private Registry in Knative

5/3/2019

I am trying to push an example application to Knative however I am running into the following error message:

Revision "..." failed with message: Unable to fetch image "...": unsupported status code 401; body: Not Authorized

Knative is setup properly on EC2 and I've already created a service account and secret to pull from ECR. What am I missing? I'm not sure why Knative can't access my private AWS repository even though K8s (not Knative) is able to.

Secret:

apiVersion: v1
kind: Secret
metadata:
  name: registry-push-secret
  annotations:
    build.knative.dev/docker-0: https://....
type: kubernetes.io/basic-auth
stringData:
  username: token
  password: <token_value>

Knative Secret:

kubectl create secret docker-registry secret-name --docker-server=https://... --docker-username=token --docker-password=<token_value>

Service Account:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: test-sa
secrets:
  - name: registry-push-secret
imagePullSecrets:
  - name: secret-name

Knative Config:

apiVersion: serving.knative.dev/v1alpha1 
kind: Service
metadata:
  name: test 
  namespace: default
spec:
  runLatest:
    configuration:
      revisionTemplate:
        spec:
          serviceAccountName: test-sa
          container:
            image: ... 
            imagePullPolicy: Always
            env:
              - name: TARGET 
                value: "..."
-- Baily
knative
knative-serving
kubernetes

1 Answer

1/2/2020

For anyone that stumbles into this, it was eventually resolved in the Github Issue: https://github.com/knative/serving/issues/1996

-- Baily
Source: StackOverflow