Giters

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

Home Page:https://aws.amazon.com/cdk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ecr: Cannot upload docker image via DockerImageAsset (cdk default ecr enabled tag immutable attribute)

ivorycirrus opened this issue · comments

commented

Describe the bug

Docker image upload fail.
Container image is created by DockerImageAsset.

new DockerImageAsset(this, 'SchemaMigrator', {
        directory: schemaMigratorPath,
        platform: Platform.LINUX_AMD64
})

Cdk default ecr repository (cdk-hnb659fds-container-assets-${account}-${region}) enabled tag immutable.

When Tag Immutable disabled manually, the cdk code deployed successfully.

Expected Behavior

DockerImageAsset can upload docker image to ecr.

Current Behavior

Error messages shows

${project-name}:  fail: docker push ${account}.dkr.ecr.ap-northeast-2.amazonaws.com/cdk-hnb659fds-container-assets-${account}-ap-northeast-2:ae4bc5dc2133bccd9dc0504403cac704028226e8e2b01e8a48b33d18f4fcfb29 exited with error code 1: Post "https://${account}.dkr.ecr.ap-northeast-2.amazonaws.com/v2/cdk-hnb659fds-container-assets-${account}-ap-northeast-2/blobs/uploads/": net/http: TLS handshake timeout

Reproduction Steps

1/ Empty AWS account
2/ Cdk bootstrap
3/ Deploy container image using DockerImageAsset

Possible Solution

Disable tag immutable to ecr repo (cdk-hnb659fds-container-assets-${account}-${region})

Additional Information/Context

No response

CDK CLI Version

2.146.0 (build b368c78)

Framework Version

No response

Node.js Version

v20.14.0

OS

macOS Sonoma 14.5

Language

TypeScript

Language Version

No response

Other information

No response

commented

@ivorycirrus Good afternoon. Somehow, I'm unable to reproduce the issue using CDK version 2.146.0 (build b368c78).

  • Bootstrapped fresh CDK environment using cdk bootstrap aws://<<account-id>>/us-east-2. 
     ⏳  Bootstrapping environment aws://<<account-id-REDACTED>>/us-east-2...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution
-policies' to customize.
CDKToolkit: creating CloudFormation changeset...
✅  Environment aws://<<account-id-REDACTED>>/us-east-2 bootstrapped.
  • Developed the below CDK stack: 
    import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { DockerImageAsset, Platform } from 'aws-cdk-lib/aws-ecr-assets';
import path = require('path');

export class Issue30591Stack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    new DockerImageAsset(this, 'SchemaMigrator', {
      directory: path.join(__dirname, 'my-image'),
      platform: Platform.LINUX_AMD64
    });
  }
}
    lib/my-image/Dockerfile 
    FROM public.ecr.aws/amazonlinux/amazonlinux:2.0.20240610.1-arm64v8

RUN echo "Hello World"
  • Deployed the stack using cdk deploy: 
    ✨  Synthesis time: 4.92s

Issue30591Stack:  start: Building f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  success: Built f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  start: Building b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
Issue30591Stack:  start: Publishing f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  success: Published f2db6b690e15446832dd3784958188e7f3e7baa69459b409fa745d8ed3376f1f:current_account-current_region
Issue30591Stack:  success: Built b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
Issue30591Stack:  start: Publishing b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
The push refers to repository [<<account-id-REDACTED>>.dkr.ecr.us-east-2.amazonaws.com/cdk-hnb659fds-container-assets-139480602983-us-east-2]
662a07bcdbf3: Preparing
893d21607a43: Preparing
662a07bcdbf3: Pushed
893d21607a43: Pushed
b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31: digest: sha256:059cfe49b4190c3d6bb2cddd926dff9fb72e113589e7b39f4728e12e8a18a44b size: 734
Issue30591Stack:  success: Published b93ab3d74482b7903e4b5615df7001c5de2492ef35e3ceab9102adee74f79f31:current_account-current_region
Issue30591Stack: deploying... [1/1]
Issue30591Stack: creating CloudFormation changeset...

 ✅  Issue30591Stack

✨  Deployment time: 13.44s

Stack ARN:
arn:aws:cloudformation:us-east-2:<<account-id-REDACTED>>:stack/Issue30591Stack/06363970-2f54-11ef-8414-028c04b9981f

✨  Total time: 18.35s

Kindly note that the default credentials profile configured on my system has Administrative access.

Could you please confirm:

  • Docker version on your system
  • Did you modify tag immutability or any resource in CDK bootstrapped environment manually? (in my case it is Enabled for fresh bootstrapped environment)

Thanks,
Ashish

commented

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.