Amazon-vpc-cni-k8s: Docker image AWS region is hard coded in YAML. Are we supposed to change it?

Created on 25 Oct 2019  路  7Comments  路  Source: aws/amazon-vpc-cni-k8s

Currently the docker image in the release YAML has an AWS region hard coded in 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.3.

The AWS documentation of updating the CNI tells us to just kubectl apply -f xx this file without any modifications.

Therefore, an ECR issue in the us-west-2 region would affect all our clusters in all regions. Right?

This is in contrast to the AWS documentation for kube-proxy and coredns that states:

update the coredns deployment to use your cluster's Region

config documentation

Most helpful comment

You are right. Honestly I'd prefer to split the config up even more, to keep the custom env settings from being resetted on an update. Updating the documentation would be a good first step though.

All 7 comments

You are right. Honestly I'd prefer to split the config up even more, to keep the custom env settings from being resetted on an update. Updating the documentation would be a good first step though.

This would also solve the problem: https://github.com/aws/containers-roadmap/issues/140

@mogren It seems that currently the referenced images exist in all ECR regions.

You didn't clearly confirm yet: Is it is safe to assume that we can replace "us-west-2" with any region the EKS cluster is located in?

AWS docs still not updated.

set -e

$( aws ecr get-login --no-include-email --region ap-southeast-1 --registry-ids 602401143452 )
$( aws ecr get-login --no-include-email --region eu-west-1      --registry-ids 602401143452 )
$( aws ecr get-login --no-include-email --region us-east-1      --registry-ids 602401143452 )
$( aws ecr get-login --no-include-email --region us-west-2      --registry-ids 602401143452 )

docker pull 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon-k8s-cni:v1.5.3
docker pull 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon-k8s-cni:v1.5.5

docker pull 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon-k8s-cni:v1.5.3
docker pull 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon-k8s-cni:v1.5.5

docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.3
docker pull 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.5

docker pull 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon-k8s-cni:v1.5.3
docker pull 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon-k8s-cni:v1.5.5

@heidemn Yes, they should be available in all EKS regions. Also, I'd suggest using v1.5.5 馃槃

馃憤 Great...
What about a retro cluster with v1.5.0? 馃槃

Well, we don't copy old images out to newly opened regions, but they should all be available in us-west-2.

Also, this only goes for regular releases, not the -rcX tagged release candidates. They are only available in us-west-2.

Hi,

Region can be configurable with helm based install and if Cx hasn't provided the region it will be default to us-west. Please ref to - https://github.com/aws/eks-charts/tree/master/stable/aws-vpc-cni and https://github.com/aws/eks-charts/blob/master/stable/aws-vpc-cni/values.yaml#L12. We will update the readme on using helm install. Closing this issue for now.

Was this page helpful?
0 / 5 - 0 ratings