Error getting credentials when using EKS and ECR


Trying to follow the β€œGetting Started” documentation and getting the error you see below:

➜  demo-project git:(feature/zach-soa-and-demos) βœ— garden deploy                                              
Deploy πŸš€ 

🌍  Running in namespace default.demo

βœ” providers                 β†’ Getting status... β†’ Cached
   β„Ή Run with --force-refresh to force a refresh of provider statuses.
βœ” graph                     β†’ Resolving 2 modules... β†’ Done
  backend                   β†’ Getting build status for v-f1b41d000f...
  frontend                  β†’ Getting build status for v-c68c44dced...
-> Deploying garden-util service in demo-project-default namespace (was outdated) β†’ Done!
β„Ή garden-util               β†’ Resources ready

Failed building backend. Here is the output:
Unable to query registry for image status: time="2022-09-22T19:29:08Z" level=fatal msg="Error parsing image name \"docker://\": getting username and 
password: 1 error occurred:
\t* credentials not found in native keychain

Some cluster detail:

  • EKS 1.23
  • ECR for images

The connection is working, I’m seeing the garden-util deployment started. Garden is using Kaniko for the build-mode. I’ve configure the secret for β€˜ecr-config’ like the documentation said. However, I need to be able to use a service account with an AWS role instead of providing ECR credentials, but I don’t see where I can declare a service account to use. So if anyone knows how to do that instead that would awesome.



Are you looking to do something like this? If not, can you please share the commands you’ve run so far?


If you’re looking for IRSA authentication, we currently don’t support it for in-cluster building, but we do have a ticket open for it here [FEATURE]: Allow custom annotations for image builders so that IRSA can be used Β· Issue #2931 Β· garden-io/garden Β· GitHub