Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert ECR-outside-AWS default behaviour #2070

Open
squaremo opened this issue May 22, 2019 · 0 comments

Comments

@squaremo
Copy link
Member

@squaremo squaremo commented May 22, 2019

Before #1863, if you were using ECR from outside AWS, you would see a warning in the log (from the region detection), then it would proceed as for regular images -- that is, attempt to get credentials from imagePullSecrets etc.

After #1863, if fluxd cannot detect an AWS region and is not told one explicitly, it will ignore all images from ECR.

This change in behaviour comes from the separation of region detection and image inclusion/exclusion (filtering). Before, if a region wasn't detected, no image filtering took place. After, image filtering is done whether or not a region is detected or supplied. This gives rise to the question of what to do if a region is neither detected nor supplied -- and the somewhat arbitrary decision was to treat that as excluding all regions, rather than including all regions.

Thus: the surprising situation in which a working cluster stopped scanning ECR images, when upgraded from flux 1.10 to 1.12, without any config changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.