Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I push helm charts to Amazon ECR

Tags:

kubernetes-helm

amazon-ecr

I have a helm chart that I want to push to ECR but I keep hitting 401 Unauthorized.

$ helm chart list
REF                                         NAME                    VERSION     DIGEST  SIZE        CREATED 
myecr.us-east-2.amazonaws.com/hello-world   hello-world             1.0.0+1     6c7c951 135.3 KiB   23 hours

$ helm chart push myecr.us-east-2.amazonaws.com/hello-world:1.0.0
The push refers to repository [1myecr.us-east-2.amazonaws.com/helloworld]
ref:     myecr.us-east-2.amazonaws.com/hello-world:1.0.0
digest:  6c7c9512d309b04816afd17dcdaaa64d0492550d8e290155973ddab125815da7
size:    135.3 KiB
name:    hello-world
version: 1.0.0+1
Error: unexpected response: 401 Unauthorized

I also tried authenticating the ECR with helm with helm registry login myecr.us-east-2.amazonaws.com but the credentials that I got from aws sts get-caller-identity does not work.

$ aws sts get-caller-identity
{
    "UserId": "<USERID>",
    "Account": "<Account>",
    "Arn": "arn:aws:iam::<Account>:user/foo"
}

$ helm registry login myecr.us-east-2.amazonaws.com
Username: <USERID>
Password: 
Error: login attempt to https://myecr.us-east-2.amazonaws.com/v2/ failed with status: 401 Unauthorized

My helm version is v3.0.2. Does helm not support ECR as a registry for charts?

like image 676
mandopaloooza Avatar asked Oct 24 '25 15:10

mandopaloooza

1 Answers

I found the answer so I'm answering my own question.

To authenticate helm with ECR, run:

TOKEN=`aws ecr get-login --region ${REGION} --registry-ids ${ACCOUNT} | cut -d' ' -f6`

helm registry login myecr.us-east-2.amazonaws.com
Username: AWS
Password: $TOKEN

The above will authenticate helm with ECR, however, looks like ECR doesn't support ORAS (OCI Registry As Storage). In other words, you cannot push helm charts to it just yet.

$ helm chart push myecr.us-east-2.amazonaws.com/hello-world:1.0.0
The push refers to repository [myecr.us-east-2.amazonaws.com/hello-world]
ref:     myecr.us-east-2.amazonaws.com/hello-world:2.0.0
digest:  6c7c9512d309b04816afd17dcdaaa64d0492550d8e290155973ddab125815da7
size:    135.3 KiB
name:    hello-world
version: 1.0.0+1
Error: failed commit on ref "manifest-sha256:262e1e34f4762606ec011c776944636c003969a2cfb289776fa0f7c26883f7ad": unexpected status: 405 Method Not Allowed

The issue is tracked here: https://github.com/aws/containers-roadmap/issues/308

Update: ECR support for helm chart is live https://docs.aws.amazon.com/AmazonECR/latest/userguide/push-oci-artifact.html

like image 166
mandopaloooza Avatar answered Oct 26 '25 18:10

mandopaloooza
Sign in to Comment

Related questions

How to pass multiple docker images through values.yml to template.yml in Helm
ingress-nginx not working when using ingressClassName instead of kubernetes.io/ingress.class in annotations
Unpack a Go map value in a Helm template
helm reference secret in deployment yaml
Kubernetes Helm: not a valid chart repository

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!