Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Before #1863, if you were using ECR from outside AWS, you would see a warning in the log (from the region detection), then it would proceed as for regular images -- that is, attempt to get credentials from imagePullSecrets etc.
After #1863, if fluxd cannot detect an AWS region and is not told one explicitly, it will ignore all images from ECR.
This change in behaviour comes from the separation of region detection and image inclusion/exclusion (filtering). Before, if a region wasn't detected, no image filtering took place. After, image filtering is done whether or not a region is detected or supplied. This gives rise to the question of what to do if a region is neither detected nor supplied -- and the somewhat arbitrary decision was to treat that as excluding all regions, rather than including all regions.
Thus: the surprising situation in which a working cluster stopped scanning ECR images, when upgraded from flux 1.10 to 1.12, without any config changes.