#Dagger Buildkit Auth Failure - In EKS/ECR

Dagger version: devel: def6a53bd

How to get the rror

1. I have a buildkit daemon running.
2. I have exported the experimental dagger host var to point to a remote buildkit host over tcp (in k8s). tcp://dagger-buildkitd.jenkins.svc.cluster.local
3. I spin up an ephemeral jenkins agent container, and call my cli to do a dagger build. This agent does not have docker installed
4. Womp womp: fail. ECR error 401 Unauthorized

Some interesting things to note:

1. No auth error when running via a jenkins ec2 node with docker installed.
2. No auth error when running from local.
   (Both of these running against remote buildkit)

Since buildkit is running rootless, and not using the EKS node's docker daemon authorization, I dont think it can inherit permissions. The same goes for my dagger client, so I dont think it can fwd any auth.

I'm trying to avoid any kind of docker socket mounting or docker in docker type situations.

I always seem to run into some silly auth issues 🤦 hopefully someone can help me out. Not sure how I can explicitly pass docker auth in this case

small update: setting explicit aws keys via env vars on the buildkit daemon did not resolve.

👋 the way the SDK credentials work is that they try to find the ~/.docker/config.json file and read the registry credentials from there. If you can put that file where your dagger pipelines are running, they will read it and use the appropriate credentials when pulling

do I need the AWS ECR helper on the client or remote buildkit host