Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use "Amazon EKS Amazon ECR private repositories" instead of public.ecr.aws for EKS ADOT Addon #541

Open
joachimdegroot opened this issue Jul 5, 2023 · 7 comments
Open

Use "Amazon EKS Amazon ECR private repositories" instead of public.ecr.aws for EKS ADOT Addon #541

joachimdegroot opened this issue Jul 5, 2023 · 7 comments
Labels
ECR images ADOT Public ECR container images requests, issues EKS EKS related issues enhancement New feature or request

Comments

@joachimdegroot
Copy link

Hello everyone,

When installing the EKS ADOT Addon the images used are hosted on "public.ecr.aws".
Would it be possible to change this to use "Amazon EKS Amazon ECR private repositories"?
See this page: https://docs.aws.amazon.com/eks/latest/userguide/add-ons-images.html

This has a couple of benefits:

  1. Standardises with other EKS Addons
  2. Enables the EKS ADOT Addon to be used in clusters without internet access/restricted environments
  3. Enables the use of the ECR VPC Endpoint

We will also share this request with our AWS Enterprise support team.

If you have any questions I would be glad to discuss!

Thank you in advance!

Joachim
@mhausenblas
Copy link
Member

Heya @joachimdegroot, ADOT PM here. Thanks for raising this feature request and this is certainly something worth exploring, not on our immediate roadmap, though.

@mhausenblas mhausenblas added enhancement New feature or request EKS EKS related issues ECR images ADOT Public ECR container images requests, issues labels Jul 5, 2023
@dukeluke16
Copy link

As a work-around to using a private ECR, we had to

kubectl get deploy opentelemetry-operator -n $NAMESPACE -o yaml | \
sed 's|public.ecr.aws/aws-observability|{{company-private-ecr}}/aws-mirror/adot|g' | \
kubectl apply -f -

It's klunky but works until the feature is supported natively by AWS.

@psivananda
Copy link

As a work-around to using a private ECR, we had to

kubectl get deploy opentelemetry-operator -n $NAMESPACE -o yaml | \
sed 's|public.ecr.aws/aws-observability|{{company-private-ecr}}/aws-mirror/adot|g' | \
kubectl apply -f -

It's klunky but works until the feature is supported natively by AWS.

this works after addon is installed, in our case we are using CDK to create addon, and it failed as we don't have access to public ecr and CDK rollback everything so kubectl patch doesn't work for me

@mhausenblas
Copy link
Member

See also aws/containers-roadmap#2139

@cloudbackenddev
Copy link

Any updates on this one. How do we get the addon enabled if you are using a IAC to setup your infrastructure. Can you prioritise this? Most enterprise apps as deployed in private network where there is no direct access to public images. How is open telemetry collector supposed to work in that environment?

@mhausenblas
Copy link
Member

Thanks for your feedback @cloudbackenddev and yes, this is on our short-term roadmap.

@C3212625
Copy link

Please help to update here is there any latest update in this. I am as well stuck with same situation my cluster is completely private .,Don't have access to Internet. After Add-on Deployment it is failing with public repo access error.

@mhausenblas mhausenblas mentioned this issue Jan 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ECR images ADOT Public ECR container images requests, issues EKS EKS related issues enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mhausenblas @psivananda @C3212625 @dukeluke16 @joachimdegroot @cloudbackenddev