jx: nodes have insufficient iam rights to deploy docker container via skaffold on AWS

Summary

After a successful deployment of a spring boot application on jenkins-x via

jx create spring -d web -d actuator

the jenkins step encounters following error during the master build at the step Shell Script -- export VERSION=`cat VERSION` && skaffold build -f skaffold.yaml -- :

time="2018-07-10T11:31:24Z" level=fatal msg="build step: pushing [604370441254.dkr.ecr.us-east-1.amazonaws.com/sekmarco/demo:0.0.1]: denied: User: arn:aws:sts::604370441254:assumed-role/nodes.aws1.cluster.k8s.local/i-01255404cb302b204 is not authorized to perform: ecr:InitiateLayerUpload on resource: arn:aws:ecr:us-east-1:604370441254:repository/sekmarco/demo"

Steps to reproduce the behavior

After a successful

kops create cluster --name aws1.cluster.k8s.local --node-count 3 --authorization RBAC --zones us-east-1a,us-east-1b --yes

preparation of the cluster along jenkins-x documentation

installation of jenkins-x via jenkins install --provider aws and deployment of a spring boot demo via jx create spring -d web -d actuator without any error. The jenkins job will fail.

Jx version

jx 1.3.76 jenkins x platform 0.0.1722 kubernetes cluster v1.9.6 kubectl v1.11.0 git git version 2.15.2 (Apple Git-101.1)

Kubernetes cluster provider / Version

AWS

Operating system / Environment

Expected behavior

The nodes should have the necessary IAM privileges for skaffold:

"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"

and the jenkins job succeeds

Actual behavior

The nodes have insufficient IAM privilege and fail.